Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d7e4c256-6075-430c-83b0-4442ba50aeaa.roa
File:                     d7e4c256-6075-430c-83b0-4442ba50aeaa.roa (raw, json)
Hash identifier:          YAnS5V69ePE6RgrlZNfoPwvZYceuKCadaTYX++IdRpo=
Subject key identifier:   B8:20:95:C2:AE:E6:5E:0F:34:85:84:45:33:A8:9F:6E:82:7A:12:28
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5C5444B84C9E114DB261250BF9DE5C8AD5F31708
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d7e4c256-6075-430c-83b0-4442ba50aeaa.roa
Signing time:             Mon 20 Oct 2025 05:41:36 +0000
ROA not before:           Mon 20 Oct 2025 05:41:36 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.157.72.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:54:44:b8:4c:9e:11:4d:b2:61:25:0b:f9:de:5c:8a:d5:f3:17:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 05:41:36 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=73e23967252f7335c5c243d039f2438cf679957c794c405148febabd8eeb9bba, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:9b:d9:64:00:fe:23:b9:c8:63:ad:28:42:94:
                    15:92:37:3d:e7:dc:7d:85:bd:79:b7:48:a0:ac:1b:
                    00:b3:02:21:e6:04:83:36:ce:40:7d:37:7f:98:47:
                    aa:63:64:02:20:aa:65:5a:2a:68:81:24:65:74:38:
                    44:ac:72:37:e7:74:63:82:b6:8e:b5:b6:69:04:80:
                    5a:83:af:51:c7:7e:c6:fc:8d:ae:55:d0:e3:f6:68:
                    99:ab:66:1a:94:f1:08:11:b4:af:4f:5a:cd:b9:a8:
                    ad:47:f6:0b:50:f4:d2:47:81:9a:b3:b0:20:5f:82:
                    f5:40:32:4a:c5:02:c0:28:fb:5c:13:bc:c0:17:10:
                    32:a6:5a:63:cc:6b:f4:10:b1:b4:4c:c0:b1:16:c4:
                    ad:0e:75:7f:78:9d:8c:e4:b6:de:44:5e:9e:19:81:
                    20:43:c5:38:7c:11:ef:82:6c:96:32:80:52:ee:08:
                    a1:a0:66:41:4b:36:3f:3a:63:02:01:6b:23:54:b1:
                    2c:f4:20:fd:c5:cb:d3:02:47:6b:8c:da:39:5d:c8:
                    38:3d:c0:67:82:e3:44:e3:3d:bd:c6:4c:5c:90:60:
                    27:e1:2b:4a:84:dc:02:0e:66:58:b9:08:c5:76:cb:
                    18:67:78:1c:db:86:2a:92:bf:80:05:01:fc:26:79:
                    73:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:20:95:C2:AE:E6:5E:0F:34:85:84:45:33:A8:9F:6E:82:7A:12:28
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d7e4c256-6075-430c-83b0-4442ba50aeaa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.157.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         90:76:02:e3:3b:fc:04:74:f5:ed:f5:5a:cb:27:00:bb:d5:03:
         c3:57:bc:e9:6d:f3:1b:d9:fe:ec:c9:67:2e:14:51:f2:b9:3f:
         23:58:0f:ad:4d:3d:a8:c5:6c:ee:12:e8:54:7a:8f:68:80:8e:
         23:b8:6e:35:65:67:c1:c6:bc:f6:27:bc:da:9c:e7:2c:45:03:
         cf:ec:cf:29:58:c2:f9:5b:da:32:18:32:0b:63:fa:df:67:4e:
         99:62:66:6f:b0:f3:61:7d:3b:5b:49:de:52:da:27:d6:24:90:
         4b:03:b1:5e:b7:d8:19:6e:cc:06:c8:9b:46:58:41:76:32:e9:
         06:0c:41:cd:8e:38:29:0c:cd:e9:23:ad:ad:c9:25:31:38:2a:
         5d:1e:55:3f:a4:e2:c9:82:da:3d:57:4b:38:ce:e6:19:67:9e:
         d0:71:91:91:15:56:82:3b:c8:ef:66:8e:38:6f:e6:97:ed:d5:
         84:b5:2c:d4:d7:2b:14:8d:cc:0f:1b:31:b0:b9:33:ca:72:20:
         28:6d:b6:67:bd:30:92:3a:ce:f1:59:36:3a:58:03:55:a5:51:
         69:ab:16:b1:c5:09:4b:ba:e0:02:74:c2:22:0f:dd:c1:6c:1f:
         23:e1:f0:5e:aa:5c:81:34:8b:22:a5:82:b8:e3:ff:e6:0d:df:
         b8:2d:83:ea
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXFREuEyeEU2yYSUL+d5citXzFwgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDU0MTM2WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A3M2UyMzk2NzI1MmY3MzM1YzVjMjQzZDAzOWYyNDM4Y2Y2
Nzk5NTdjNzk0YzQwNTE0OGZlYmFiZDhlZWI5YmJhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCSm9lkAP4juchjrShClBWSNz3n3H2FvXm3SKCsGwCzAiHm
BIM2zkB9N3+YR6pjZAIgqmVaKmiBJGV0OESscjfndGOCto61tmkEgFqDr1HHfsb8
ja5V0OP2aJmrZhqU8QgRtK9PWs25qK1H9gtQ9NJHgZqzsCBfgvVAMkrFAsAo+1wT
vMAXEDKmWmPMa/QQsbRMwLEWxK0OdX94nYzktt5EXp4ZgSBDxTh8Ee+CbJYygFLu
CKGgZkFLNj86YwIBayNUsSz0IP3Fy9MCR2uM2jldyDg9wGeC40TjPb3GTFyQYCfh
K0qE3AIOZli5CMV2yxhneBzbhiqSv4AFAfwmeXMVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUuCCVwq7mXg80hYRFM6ifboJ6EigwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q3ZTRjMjU2LTYwNzUtNDMwYy04M2IwLTQ0NDJiYTUwYWVhYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJsnUgwDQYJKoZIhvcNAQELBQADggEBAJB2AuM7/AR09e31WssnALvVA8NX
vOlt8xvZ/uzJZy4UUfK5PyNYD61NPajFbO4S6FR6j2iAjiO4bjVlZ8HGvPYnvNqc
5yxFA8/szylYwvlb2jIYMgtj+t9nTpliZm+w82F9O1tJ3lLaJ9YkkEsDsV632Blu
zAbIm0ZYQXYy6QYMQc2OOCkMzekjra3JJTE4Kl0eVT+k4smC2j1XSzjO5hlnntBx
kZEVVoI7yO9mjjhv5pft1YS1LNTXKxSNzA8bMbC5M8pyIChttme9MJI6zvFZNjpY
A1WlUWmrFrHFCUu64AJ0wiIP3cFsHyPh8F6qXIE0iyKlgrjj/+YN37gtg+o=
-----END CERTIFICATE-----