Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f3befc5c-dd10-4275-8807-c75d7c011fb1.roa
File:                     f3befc5c-dd10-4275-8807-c75d7c011fb1.roa (raw, json)
Hash identifier:          Yod2OwUPIhu47j4qx0J4RJ4kpYG55iaNNefdfwtYiiM=
Subject key identifier:   65:72:AD:AB:DF:35:1A:E4:0D:D7:72:F8:09:49:DE:7F:96:9D:33:C4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       26BD9BAFD1D1581B5E840F9D17EC70CBEE32956E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f3befc5c-dd10-4275-8807-c75d7c011fb1.roa
Signing time:             Mon 20 Oct 2025 03:22:21 +0000
ROA not before:           Mon 20 Oct 2025 03:22:21 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.159.216.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:bd:9b:af:d1:d1:58:1b:5e:84:0f:9d:17:ec:70:cb:ee:32:95:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 03:22:21 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=f4b91b18ac41e860a2a70f6e16bcbd2668e5889143707f8a1a870ae5d9a98163, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:ee:67:1e:c1:8c:8a:f7:ae:e8:ce:f6:71:39:
                    e8:fe:b1:14:ce:19:05:74:b1:16:15:7f:7c:d9:80:
                    ab:62:fa:43:4b:8a:8d:fe:ba:16:b8:c9:48:87:98:
                    62:d5:28:b7:95:8c:49:08:5c:d4:9d:b5:fc:7f:e6:
                    be:34:fb:34:4c:cd:51:df:0e:49:47:ab:84:36:c7:
                    b7:e4:27:19:3e:bd:8c:f6:49:ba:84:69:33:f2:27:
                    40:eb:30:8e:af:d4:9f:65:65:33:aa:e2:4f:84:ea:
                    48:12:a0:6c:b3:7d:99:a2:53:8f:cf:50:1c:e3:01:
                    79:5a:f3:3f:08:21:36:ac:fb:b2:52:7b:1f:f6:ad:
                    f3:92:d2:ff:e4:84:f5:01:3d:2e:61:25:2c:ae:e3:
                    af:4d:f4:16:f4:e3:a2:70:2a:4e:4e:6b:e3:dc:c8:
                    09:48:f7:51:33:83:36:4e:ab:24:aa:01:2f:32:70:
                    48:78:e8:54:11:08:4f:e9:fd:94:07:f1:a1:e6:10:
                    8f:27:3f:e2:f3:d0:4d:cb:ee:fb:68:00:1b:40:73:
                    53:d2:4c:c8:9a:cf:74:8f:43:9f:eb:b0:87:ae:e4:
                    8f:40:5e:6e:97:dd:fe:a2:9a:d5:12:19:d9:0b:42:
                    fa:76:30:f0:31:47:74:31:12:25:a2:e1:a4:39:54:
                    d6:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:72:AD:AB:DF:35:1A:E4:0D:D7:72:F8:09:49:DE:7F:96:9D:33:C4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f3befc5c-dd10-4275-8807-c75d7c011fb1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.159.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         65:5d:04:55:4f:5a:db:83:16:83:2d:d3:bb:18:7d:3d:68:68:
         60:2d:6a:8d:ea:b0:f0:cf:d3:79:02:0e:af:88:24:01:9b:85:
         c6:93:da:fb:c7:96:29:59:6d:fb:0a:6c:fb:d1:d9:8d:9c:f4:
         a1:50:3d:d1:95:f0:bf:8b:a0:cf:9b:7d:19:a2:19:61:84:bc:
         aa:7c:c9:37:fd:9f:8d:4a:1b:50:84:dc:51:bd:76:cc:6d:b3:
         bc:13:da:da:c9:91:3c:0f:28:6e:bf:11:65:57:55:42:0a:36:
         4c:fe:78:bc:86:96:31:5a:c9:1a:6a:89:40:b1:2f:d8:f8:1e:
         d0:bb:7d:0f:24:57:c7:95:40:ab:d8:42:8b:49:b5:58:d6:a7:
         e7:a6:8f:d3:9a:ef:83:f0:2f:55:9d:07:1a:06:1f:d9:e4:c2:
         d5:d4:dc:4b:86:12:0e:d0:91:50:a7:07:0a:09:c0:80:10:57:
         e2:86:bf:ea:3d:7f:c5:71:43:09:da:80:7a:87:78:f4:c6:64:
         a7:91:74:bf:6b:dc:b7:55:3c:77:b9:11:17:d1:c6:d7:00:7f:
         44:39:09:63:9b:18:89:1a:4e:e4:ed:e4:66:b0:3e:0a:a9:78:
         f0:9f:b9:e0:45:0c:23:8a:aa:26:9e:33:93:f4:5b:0f:39:bf:
         6c:1d:57:49
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJr2br9HRWBtehA+dF+xwy+4ylW4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDMyMjIxWhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BmNGI5MWIxOGFjNDFlODYwYTJhNzBmNmUxNmJjYmQyNjY4
ZTU4ODkxNDM3MDdmOGExYTg3MGFlNWQ5YTk4MTYzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC67mcewYyK967ozvZxOej+sRTOGQV0sRYVf3zZgKti+kNL
io3+uha4yUiHmGLVKLeVjEkIXNSdtfx/5r40+zRMzVHfDklHq4Q2x7fkJxk+vYz2
SbqEaTPyJ0DrMI6v1J9lZTOq4k+E6kgSoGyzfZmiU4/PUBzjAXla8z8IITas+7JS
ex/2rfOS0v/khPUBPS5hJSyu469N9Bb046JwKk5Oa+PcyAlI91EzgzZOqySqAS8y
cEh46FQRCE/p/ZQH8aHmEI8nP+Lz0E3L7vtoABtAc1PSTMiaz3SPQ5/rsIeu5I9A
Xm6X3f6imtUSGdkLQvp2MPAxR3QxEiWi4aQ5VNaFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZXKtq981GuQN13L4CUnef5adM8QwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2YzYmVmYzVjLWRkMTAtNDI3NS04ODA3LWM3NWQ3YzAxMWZiMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJsn9gwDQYJKoZIhvcNAQELBQADggEBAGVdBFVPWtuDFoMt07sYfT1oaGAt
ao3qsPDP03kCDq+IJAGbhcaT2vvHlilZbfsKbPvR2Y2c9KFQPdGV8L+LoM+bfRmi
GWGEvKp8yTf9n41KG1CE3FG9dsxts7wT2trJkTwPKG6/EWVXVUIKNkz+eLyGljFa
yRpqiUCxL9j4HtC7fQ8kV8eVQKvYQotJtVjWp+emj9Oa74PwL1WdBxoGH9nkwtXU
3EuGEg7QkVCnBwoJwIAQV+KGv+o9f8VxQwnagHqHePTGZKeRdL9r3LdVPHe5ERfR
xtcAf0Q5CWObGIkaTuTt5GawPgqpePCfueBFDCOKqiaeM5P0Ww85v2wdV0k=
-----END CERTIFICATE-----