Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e8325685-2e98-401e-be91-f3cb10f86488.roa
File:                     e8325685-2e98-401e-be91-f3cb10f86488.roa (raw, json)
Hash identifier:          VBXKYrt2upPI70UscqYuMl2/dklFgF+405/wgsJQNxQ=
Subject key identifier:   F2:EB:81:C9:66:7C:48:6C:02:B4:82:C1:E3:B2:B8:A2:21:04:E7:00
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6390C50C60E3C599FDC4C2CE7B3C0AFCE8E016C6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e8325685-2e98-401e-be91-f3cb10f86488.roa
Signing time:             Mon 20 Oct 2025 04:42:09 +0000
ROA not before:           Mon 20 Oct 2025 04:42:09 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.156.20.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:90:c5:0c:60:e3:c5:99:fd:c4:c2:ce:7b:3c:0a:fc:e8:e0:16:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 04:42:09 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=cafbe877e48732133da326ddf8490709cf1f1b96de5f5dcf3b00ebfc815be274, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:e7:0d:86:94:8f:4d:d5:ad:39:ed:5b:ed:0e:
                    ca:32:74:c8:20:db:3e:b6:01:f1:bd:d2:fe:a6:5f:
                    5c:ba:56:eb:43:8a:d2:9b:2b:f7:31:2f:e8:5f:35:
                    24:99:36:c6:9f:f5:ae:27:dd:71:a5:52:a1:e1:d0:
                    37:ee:7f:fa:c3:84:c9:db:e0:7c:40:28:a7:35:bd:
                    80:87:62:38:dc:b8:7a:79:bf:24:e2:fe:d3:0a:0e:
                    3f:ef:0c:46:db:99:35:84:b2:95:20:f1:dc:54:a1:
                    42:cf:3a:9c:1d:8a:df:7d:c1:8a:1c:7b:5d:9c:26:
                    b3:fc:c5:d7:65:ec:79:0e:28:c1:d8:03:7d:90:6c:
                    03:84:26:3e:93:b0:cf:01:04:8a:4a:64:af:4d:f7:
                    10:c7:e3:20:d3:19:a9:a2:55:4e:65:c7:ed:7a:47:
                    19:34:48:48:c0:22:f9:95:2f:3b:9a:46:fb:14:58:
                    37:47:2f:82:d6:4c:13:9f:f4:b8:96:4c:77:fd:4b:
                    af:8e:b9:ec:e3:86:1d:8a:c6:59:3c:87:9d:5c:98:
                    1c:29:04:2e:cd:cd:94:00:36:3a:82:a7:d2:05:ae:
                    6a:d5:d5:91:92:d0:f5:37:34:e5:c8:f4:dd:b5:8e:
                    b9:95:50:fb:f7:02:b6:bc:24:f7:2b:e2:5e:86:b5:
                    aa:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:EB:81:C9:66:7C:48:6C:02:B4:82:C1:E3:B2:B8:A2:21:04:E7:00
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e8325685-2e98-401e-be91-f3cb10f86488.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.156.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:1f:84:04:16:7a:7c:84:af:00:29:dc:e0:6e:a0:ef:ae:b2:
         6e:ef:a3:2b:58:5e:3f:da:ab:80:a2:f8:f7:50:7f:6a:16:14:
         51:9b:36:12:fd:2f:6e:c9:56:8b:ba:15:72:d5:fc:bc:3a:e3:
         b2:32:ee:97:59:79:36:7a:f0:02:45:d4:ff:26:c1:64:aa:5a:
         47:b2:f8:15:30:92:ef:46:af:da:04:07:fd:8a:8f:84:9d:5d:
         03:bd:e0:ac:a5:32:54:37:42:7e:3c:0d:fd:38:27:ca:82:ed:
         f7:41:67:ab:06:59:79:29:53:78:fd:14:36:6d:5d:79:23:c3:
         70:72:28:96:21:0c:f4:89:7c:aa:a4:fe:d5:8e:6f:98:ad:a3:
         51:d6:a7:dc:e2:93:1a:48:09:ac:2e:10:50:77:e5:4c:6d:d7:
         2f:37:a4:50:f4:dc:4b:d1:d2:93:9f:3e:4d:95:ad:3f:80:d3:
         55:23:51:7c:9b:6c:ff:a7:c4:46:36:17:35:bf:f3:9e:40:1a:
         08:32:fb:6d:21:8e:5b:09:8e:12:72:08:7a:a2:05:1a:a1:a4:
         1b:da:3d:03:56:5b:fc:62:e9:27:35:db:f3:69:3a:37:6a:c3:
         6c:93:8a:32:e1:db:81:6a:79:23:af:27:e1:53:8b:4e:bf:81:
         b3:3d:a2:05
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUY5DFDGDjxZn9xMLOezwK/OjgFsYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDQ0MjA5WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BjYWZiZTg3N2U0ODczMjEzM2RhMzI2ZGRmODQ5MDcwOWNm
MWYxYjk2ZGU1ZjVkY2YzYjAwZWJmYzgxNWJlMjc0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDL5w2GlI9N1a057VvtDsoydMgg2z62AfG90v6mX1y6VutD
itKbK/cxL+hfNSSZNsaf9a4n3XGlUqHh0Dfuf/rDhMnb4HxAKKc1vYCHYjjcuHp5
vyTi/tMKDj/vDEbbmTWEspUg8dxUoULPOpwdit99wYoce12cJrP8xddl7HkOKMHY
A32QbAOEJj6TsM8BBIpKZK9N9xDH4yDTGamiVU5lx+16Rxk0SEjAIvmVLzuaRvsU
WDdHL4LWTBOf9LiWTHf9S6+Ouezjhh2Kxlk8h51cmBwpBC7NzZQANjqCp9IFrmrV
1ZGS0PU3NOXI9N21jrmVUPv3Ara8JPcr4l6GtaqlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU8uuByWZ8SGwCtILB47K4oiEE5wAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2U4MzI1Njg1LTJlOTgtNDAxZS1iZTkxLWYzY2IxMGY4NjQ4OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsnBQwDQYJKoZIhvcNAQELBQADggEBAHAfhAQWenyErwAp3OBuoO+usm7v
oytYXj/aq4Ci+PdQf2oWFFGbNhL9L27JVou6FXLV/Lw647Iy7pdZeTZ68AJF1P8m
wWSqWkey+BUwku9Gr9oEB/2Kj4SdXQO94KylMlQ3Qn48Df04J8qC7fdBZ6sGWXkp
U3j9FDZtXXkjw3ByKJYhDPSJfKqk/tWOb5ito1HWp9zikxpICawuEFB35Uxt1y83
pFD03EvR0pOfPk2VrT+A01UjUXybbP+nxEY2FzW/855AGggy+20hjlsJjhJyCHqi
BRqhpBvaPQNWW/xi6Sc12/NpOjdqw2yTijLh24FqeSOvJ+FTi06/gbM9ogU=
-----END CERTIFICATE-----