Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d6efbc19-6ff1-49ac-baee-fe285f331490.roa
File:                     d6efbc19-6ff1-49ac-baee-fe285f331490.roa (raw, json)
Hash identifier:          PnRcyDojwUUvlXfb+6lPwvfBAw8rdyMNyYSr6WB2xwk=
Subject key identifier:   6D:07:B3:40:5C:B8:FC:25:64:AD:1A:1C:04:74:49:64:DE:29:85:FE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0417AD71B51A48606DA2CE12E75B02EDA7C7C9AA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d6efbc19-6ff1-49ac-baee-fe285f331490.roa
Signing time:             Mon 20 Oct 2025 05:50:43 +0000
ROA not before:           Mon 20 Oct 2025 05:50:43 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.156.72.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:17:ad:71:b5:1a:48:60:6d:a2:ce:12:e7:5b:02:ed:a7:c7:c9:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 05:50:43 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=eb6100dfd2b52a7809fccc867229e3d27a316735dbe871f1dd49a693321004e3, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:9a:63:f5:39:12:3e:af:db:60:7b:bc:53:69:
                    86:c0:8d:42:a1:46:c8:56:1f:2c:b2:f1:79:6e:d5:
                    88:6d:d3:a2:c2:23:ec:9b:2a:29:5d:9d:e8:70:e7:
                    46:c9:6b:b8:a6:d5:5b:79:af:db:8f:51:5c:e2:e4:
                    43:65:b6:f1:bc:d4:e7:5e:41:69:07:dc:8c:96:56:
                    c0:b8:2e:a5:90:23:83:fe:ae:8e:12:c9:24:1b:ca:
                    98:db:22:c4:13:de:08:95:25:16:56:69:d4:06:38:
                    42:9c:9d:2b:0e:a4:a2:4b:aa:7e:2d:eb:f8:60:51:
                    cf:62:1d:c3:68:99:16:24:ee:70:3f:30:d8:81:8a:
                    ac:b9:fc:f3:cd:1d:88:ca:6e:8c:9b:90:31:4b:10:
                    a0:c4:20:e0:35:37:dd:c4:3f:07:b1:d7:06:ae:55:
                    93:5a:1d:9c:cd:eb:f7:bf:42:f7:12:e8:00:2c:af:
                    a5:09:f3:d7:12:16:c4:72:61:f6:cd:a7:67:b8:80:
                    36:2a:55:36:5a:88:df:c6:a0:56:44:d2:75:55:08:
                    95:25:75:38:7a:54:0d:05:f5:52:23:02:32:bc:68:
                    01:8f:33:15:93:d3:6b:7c:e3:ca:77:88:b5:2b:4e:
                    63:e5:99:38:13:d7:9b:6b:01:c1:47:2e:28:08:b9:
                    d3:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:07:B3:40:5C:B8:FC:25:64:AD:1A:1C:04:74:49:64:DE:29:85:FE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d6efbc19-6ff1-49ac-baee-fe285f331490.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.156.72.0/21

    Signature Algorithm: sha256WithRSAEncryption
         1f:fc:0d:d7:fc:df:3b:dd:21:64:dd:6d:61:78:cd:47:93:98:
         fd:60:38:33:8c:c4:bd:0b:cf:1f:68:92:f5:a3:25:db:8a:ce:
         2b:e9:0f:7b:8d:e6:58:d5:1a:a8:9f:44:61:70:d4:34:09:ca:
         cd:96:5a:68:1f:40:f9:30:2a:16:9a:05:fa:ca:d0:5d:ae:2a:
         0d:70:a1:25:fa:c6:5e:6e:cf:78:21:bd:80:27:7b:1a:76:1c:
         7e:18:e9:9b:6f:08:6d:21:f4:b5:a3:2c:27:c9:67:b7:c7:67:
         f8:09:c3:96:0c:db:27:65:1c:28:cc:02:66:21:7d:a1:b0:84:
         ca:96:bb:f5:1e:5a:2e:ac:c5:57:1d:16:d3:e5:16:06:29:78:
         4e:2d:79:91:bc:05:da:66:91:4f:07:63:f8:0c:16:5c:22:41:
         f4:f4:64:e8:56:cd:6e:41:39:58:fd:53:6e:00:7b:5c:2f:bb:
         2e:ae:59:01:52:e3:4e:b5:50:fe:a9:a0:37:49:46:22:97:bd:
         3b:95:29:a5:5e:b5:d2:de:cc:20:50:b9:65:62:5d:fc:6f:de:
         d3:70:5d:de:da:b4:48:db:af:b1:ee:7a:e7:50:29:fe:83:cf:
         52:5f:13:42:93:f2:91:30:60:78:c7:12:ed:28:13:11:fa:22:
         67:e9:87:fa
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBBetcbUaSGBtos4S51sC7afHyaowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDU1MDQzWhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BlYjYxMDBkZmQyYjUyYTc4MDlmY2NjODY3MjI5ZTNkMjdh
MzE2NzM1ZGJlODcxZjFkZDQ5YTY5MzMyMTAwNGUzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJmmP1ORI+r9tge7xTaYbAjUKhRshWHyyy8Xlu1Yht06LC
I+ybKildnehw50bJa7im1Vt5r9uPUVzi5ENltvG81OdeQWkH3IyWVsC4LqWQI4P+
ro4SySQbypjbIsQT3giVJRZWadQGOEKcnSsOpKJLqn4t6/hgUc9iHcNomRYk7nA/
MNiBiqy5/PPNHYjKboybkDFLEKDEIOA1N93EPwex1wauVZNaHZzN6/e/QvcS6AAs
r6UJ89cSFsRyYfbNp2e4gDYqVTZaiN/GoFZE0nVVCJUldTh6VA0F9VIjAjK8aAGP
MxWT02t848p3iLUrTmPlmTgT15trAcFHLigIudMDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUbQezQFy4/CVkrRocBHRJZN4phf4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q2ZWZiYzE5LTZmZjEtNDlhYy1iYWVlLWZlMjg1ZjMzMTQ5MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANsnEgwDQYJKoZIhvcNAQELBQADggEBAB/8Ddf83zvdIWTdbWF4zUeTmP1g
ODOMxL0Lzx9okvWjJduKzivpD3uN5ljVGqifRGFw1DQJys2WWmgfQPkwKhaaBfrK
0F2uKg1woSX6xl5uz3ghvYAnexp2HH4Y6ZtvCG0h9LWjLCfJZ7fHZ/gJw5YM2ydl
HCjMAmYhfaGwhMqWu/UeWi6sxVcdFtPlFgYpeE4teZG8BdpmkU8HY/gMFlwiQfT0
ZOhWzW5BOVj9U24Ae1wvuy6uWQFS4061UP6poDdJRiKXvTuVKaVetdLezCBQuWVi
Xfxv3tNwXd7atEjbr7HueudQKf6Dz1JfE0KT8pEwYHjHEu0oExH6Imfph/o=
-----END CERTIFICATE-----