Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f18bec18-64a9-48b8-9240-1448783aaa5c.roa
File:                     f18bec18-64a9-48b8-9240-1448783aaa5c.roa (raw, json)
Hash identifier:          JJaXifdK2Pc3DCptNfguMDGXEBJpRdvlRUe1D8I1CBQ=
Subject key identifier:   F0:8B:DC:F5:EA:4A:00:AB:1C:5A:8D:AD:F6:DD:5E:3C:EF:F2:5D:34
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       302F8B2EB7A3ABB00816319B5FE899694D40730C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f18bec18-64a9-48b8-9240-1448783aaa5c.roa
Signing time:             Mon 20 Oct 2025 02:20:09 +0000
ROA not before:           Mon 20 Oct 2025 02:20:09 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.159.160.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:2f:8b:2e:b7:a3:ab:b0:08:16:31:9b:5f:e8:99:69:4d:40:73:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 02:20:09 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=a7d1ee0ba6c5d19f3f63efbea350ee55a6c678efb457f364a24f7aaa42df7b84, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:90:eb:09:99:6e:8e:4d:1a:48:38:06:fd:30:
                    91:97:b4:27:0d:f4:d0:b6:e6:1b:93:d5:58:cd:73:
                    33:04:a1:34:ae:08:f1:45:c1:ab:2a:9a:3a:f8:45:
                    f3:5d:de:3e:04:33:e2:cd:55:35:b9:ce:46:4d:9d:
                    ff:4b:2e:cd:fa:49:69:a2:fc:df:c9:0e:56:3e:a5:
                    96:52:03:a7:99:a6:79:4f:3f:49:d0:9a:7d:97:39:
                    4e:49:c4:45:af:0e:03:f5:e6:88:28:3f:0a:36:34:
                    0d:32:9c:86:eb:d7:d5:83:ec:22:22:b9:45:77:26:
                    9e:17:92:a9:fb:70:85:5a:10:6f:92:90:d1:b5:f9:
                    ee:d0:8a:a1:b3:7f:3f:07:43:5e:2e:ec:c8:af:a7:
                    e4:ab:63:94:1b:dc:e4:d1:24:f1:38:f8:90:06:6a:
                    f6:73:c7:50:37:26:d0:e9:34:43:74:f5:4f:1f:8e:
                    36:be:03:f7:6a:a2:3f:06:66:4b:7f:4a:90:10:44:
                    06:3d:9d:7a:a7:ee:00:b5:18:28:75:8a:15:42:b2:
                    c2:c3:64:9d:02:4e:bc:d4:a9:53:1a:92:7a:5e:bd:
                    a7:a6:92:85:cf:ef:e8:20:11:33:59:ca:8d:a8:9d:
                    c9:a2:06:da:86:2b:02:8f:3e:60:9a:a7:55:df:52:
                    d2:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:8B:DC:F5:EA:4A:00:AB:1C:5A:8D:AD:F6:DD:5E:3C:EF:F2:5D:34
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f18bec18-64a9-48b8-9240-1448783aaa5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.159.160.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b1:fd:87:96:9c:0f:ef:59:3d:12:8f:ac:0f:4b:d8:c9:4c:26:
         d6:6c:a5:73:88:a4:4d:bf:22:3d:cd:53:82:e3:9f:e9:4d:50:
         72:a5:02:9c:35:21:48:e9:7e:8f:83:82:09:cc:a0:50:3a:11:
         05:3c:6e:13:60:f2:76:b6:63:21:a7:56:83:1f:e5:4f:9a:ab:
         44:b3:d6:89:33:86:7f:c5:12:ca:5c:66:70:13:f6:4a:2d:1a:
         59:07:51:a1:ad:d2:f3:64:70:cf:0a:c4:b7:68:fc:15:d6:3e:
         7e:1e:13:9e:5f:8f:41:d2:a1:d0:66:88:dd:2d:8a:1c:ff:58:
         dd:25:bc:2b:50:9e:81:77:32:b0:9f:85:5c:45:37:4e:74:43:
         ab:08:59:01:21:1f:0c:7b:bd:b9:62:90:a1:8b:ea:8f:d2:c5:
         9b:8f:6a:e2:04:42:ab:e0:89:f1:07:84:c2:71:72:3a:a9:be:
         58:d4:99:36:79:38:c7:80:9a:ed:d2:ee:53:fc:39:38:33:c3:
         d8:fd:20:a9:8d:ff:eb:83:85:c3:05:34:a4:36:38:e5:63:e5:
         bb:42:55:f3:ca:0c:45:03:f6:fb:a3:97:74:34:55:29:02:39:
         c8:dc:07:22:03:55:5c:58:80:6d:3b:a7:cf:1d:02:a9:c1:d0:
         3b:99:63:2f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMC+LLrejq7AIFjGbX+iZaU1AcwwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDIyMDA5WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BhN2QxZWUwYmE2YzVkMTlmM2Y2M2VmYmVhMzUwZWU1NWE2
YzY3OGVmYjQ1N2YzNjRhMjRmN2FhYTQyZGY3Yjg0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCOkOsJmW6OTRpIOAb9MJGXtCcN9NC25huT1VjNczMEoTSu
CPFFwasqmjr4RfNd3j4EM+LNVTW5zkZNnf9LLs36SWmi/N/JDlY+pZZSA6eZpnlP
P0nQmn2XOU5JxEWvDgP15ogoPwo2NA0ynIbr19WD7CIiuUV3Jp4Xkqn7cIVaEG+S
kNG1+e7QiqGzfz8HQ14u7Mivp+SrY5Qb3OTRJPE4+JAGavZzx1A3JtDpNEN09U8f
jja+A/dqoj8GZkt/SpAQRAY9nXqn7gC1GCh1ihVCssLDZJ0CTrzUqVMaknpevaem
koXP7+ggETNZyo2oncmiBtqGKwKPPmCap1XfUtIDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU8Ivc9epKAKscWo2t9t1ePO/yXTQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2YxOGJlYzE4LTY0YTktNDhiOC05MjQwLTE0NDg3ODNhYWE1Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFsn6AwDQYJKoZIhvcNAQELBQADggEBALH9h5acD+9ZPRKPrA9L2MlMJtZs
pXOIpE2/Ij3NU4Ljn+lNUHKlApw1IUjpfo+DggnMoFA6EQU8bhNg8na2YyGnVoMf
5U+aq0Sz1okzhn/FEspcZnAT9kotGlkHUaGt0vNkcM8KxLdo/BXWPn4eE55fj0HS
odBmiN0tihz/WN0lvCtQnoF3MrCfhVxFN050Q6sIWQEhHwx7vblikKGL6o/SxZuP
auIEQqvgifEHhMJxcjqpvljUmTZ5OMeAmu3S7lP8OTgzw9j9IKmN/+uDhcMFNKQ2
OOVj5btCVfPKDEUD9vujl3Q0VSkCOcjcByIDVVxYgG07p88dAqnB0DuZYy8=
-----END CERTIFICATE-----