Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e3b59947-d17d-4697-8e5b-0ddb2040ee83.roa
File:                     e3b59947-d17d-4697-8e5b-0ddb2040ee83.roa (raw, json)
Hash identifier:          neDT24mp0pSYUnmLIJXHXDuH33+ewo9pjcvF9UNvxmc=
Subject key identifier:   4D:6E:C8:D9:44:F2:88:20:0B:30:80:3F:30:31:15:91:E7:12:01:07
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       129C69682C1C7412444F23C879FBD0764551D8DD
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e3b59947-d17d-4697-8e5b-0ddb2040ee83.roa
Signing time:             Mon 20 Oct 2025 04:50:51 +0000
ROA not before:           Mon 20 Oct 2025 04:50:51 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.156.119.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:9c:69:68:2c:1c:74:12:44:4f:23:c8:79:fb:d0:76:45:51:d8:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 04:50:51 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=bd523b831e13b707676235cd47ff777ae31f3ba7550e97ae3cfd5d243cbf5fd5, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:72:78:83:5a:80:bf:77:57:8b:5d:f4:5d:3f:
                    bf:c3:37:31:74:01:b4:a7:2f:8a:44:c5:3d:e4:f6:
                    cf:2f:0b:d5:90:76:83:43:2b:da:d6:44:74:18:cf:
                    87:c7:80:9b:3f:bc:20:65:e7:8f:9b:99:42:5a:bc:
                    82:35:8c:fc:97:4f:6f:fb:27:29:e8:df:e2:ee:30:
                    6d:c4:52:61:00:69:af:ea:ea:87:22:11:6d:ba:2f:
                    29:d6:41:5d:86:a3:a0:71:8c:c5:94:b7:05:11:bf:
                    a3:ea:2e:f4:a1:2d:e0:55:bf:e1:4a:a1:e0:54:42:
                    ec:aa:50:64:09:71:1b:f3:41:0e:ba:f3:cd:97:c9:
                    4a:9c:94:4d:bc:e4:43:a0:2a:ba:21:2b:37:a1:89:
                    1e:6c:e6:87:c7:39:3d:56:8c:a4:76:ec:80:d5:3d:
                    08:a9:d0:1d:db:f3:2e:82:ec:6e:df:5d:59:a1:a1:
                    7d:c3:ec:f3:74:45:a0:67:a0:31:87:15:c4:b0:d1:
                    44:b2:5d:0c:1f:9c:69:16:45:bb:13:e8:04:84:1d:
                    7d:b2:75:0c:4f:27:fd:0c:21:b7:79:d5:c5:61:9e:
                    6d:aa:11:4e:51:b3:89:89:d6:4c:8b:98:f9:8f:31:
                    81:49:13:76:cf:8b:fc:61:c5:71:43:b4:b0:fb:9f:
                    fc:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:6E:C8:D9:44:F2:88:20:0B:30:80:3F:30:31:15:91:E7:12:01:07
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e3b59947-d17d-4697-8e5b-0ddb2040ee83.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.156.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:b8:30:ee:9c:21:24:fa:94:9a:f9:80:01:34:92:62:38:03:
         a9:3a:d9:ec:26:2c:69:98:86:30:ab:23:0c:f4:6b:a4:d2:58:
         c2:75:cd:6e:f0:a4:7f:ad:45:7e:51:b7:6f:77:e1:af:f1:b4:
         61:75:05:8e:44:3d:96:6e:cc:b9:bf:1c:94:f4:cd:11:b5:92:
         0a:1c:69:5a:84:53:47:12:c8:cd:36:44:4b:0b:b7:6b:84:05:
         c2:ed:34:b6:bf:8b:d2:77:f2:36:f6:cd:15:d3:bd:3a:d8:2f:
         64:d4:58:17:f3:2a:06:87:e1:a9:15:8f:7b:ec:33:b5:8f:1a:
         4e:10:52:fa:da:eb:64:f5:5e:b0:f8:db:42:07:d0:06:25:67:
         d5:d1:3f:36:8d:e5:7e:3c:13:c3:37:77:35:d0:cb:d1:aa:89:
         f1:2d:91:02:05:5b:f5:9c:7e:43:aa:eb:87:4e:fb:26:d0:5c:
         9f:2e:59:f4:37:af:7a:28:eb:13:fc:e1:e8:c2:9f:ad:be:a1:
         1f:0a:5f:15:76:89:be:de:32:87:ec:17:dc:a1:bd:68:59:0e:
         89:7d:21:a0:5d:a8:53:37:70:99:c7:6c:4f:f2:84:c2:da:26:
         6e:cf:01:dc:d2:5b:cf:bd:9a:8d:73:91:2d:bb:a4:89:a2:e6:
         1d:ce:93:c0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEpxpaCwcdBJETyPIefvQdkVR2N0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDQ1MDUxWhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BiZDUyM2I4MzFlMTNiNzA3Njc2MjM1Y2Q0N2ZmNzc3YWUz
MWYzYmE3NTUwZTk3YWUzY2ZkNWQyNDNjYmY1ZmQ1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvcniDWoC/d1eLXfRdP7/DNzF0AbSnL4pExT3k9s8vC9WQ
doNDK9rWRHQYz4fHgJs/vCBl54+bmUJavII1jPyXT2/7Jyno3+LuMG3EUmEAaa/q
6ociEW26LynWQV2Go6BxjMWUtwURv6PqLvShLeBVv+FKoeBUQuyqUGQJcRvzQQ66
882XyUqclE285EOgKrohKzehiR5s5ofHOT1WjKR27IDVPQip0B3b8y6C7G7fXVmh
oX3D7PN0RaBnoDGHFcSw0USyXQwfnGkWRbsT6ASEHX2ydQxPJ/0MIbd51cVhnm2q
EU5Rs4mJ1kyLmPmPMYFJE3bPi/xhxXFDtLD7n/ydAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTW7I2UTyiCALMIA/MDEVkecSAQcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2UzYjU5OTQ3LWQxN2QtNDY5Ny04ZTViLTBkZGIyMDQwZWU4My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsnHcwDQYJKoZIhvcNAQELBQADggEBAIa4MO6cIST6lJr5gAE0kmI4A6k6
2ewmLGmYhjCrIwz0a6TSWMJ1zW7wpH+tRX5Rt2934a/xtGF1BY5EPZZuzLm/HJT0
zRG1kgocaVqEU0cSyM02REsLt2uEBcLtNLa/i9J38jb2zRXTvTrYL2TUWBfzKgaH
4akVj3vsM7WPGk4QUvra62T1XrD420IH0AYlZ9XRPzaN5X48E8M3dzXQy9GqifEt
kQIFW/WcfkOq64dO+ybQXJ8uWfQ3r3oo6xP84ejCn62+oR8KXxV2ib7eMofsF9yh
vWhZDol9IaBdqFM3cJnHbE/yhMLaJm7PAdzSW8+9mo1zkS27pImi5h3Ok8A=
-----END CERTIFICATE-----