Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5ad7d350-34e3-4f44-858b-b36ac11a0165.roa
File:                     5ad7d350-34e3-4f44-858b-b36ac11a0165.roa (raw, json)
Hash identifier:          SWeDV/iVM/SRUjVsCVFzccvTat27jfBvBM9cOanULCE=
Subject key identifier:   69:0B:FC:74:9F:03:29:2D:DE:CF:8E:C7:AC:C1:50:AE:51:C7:D6:E3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       20CD00D73DBC73EFB0C16315F06C06A2BC5BBF48
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5ad7d350-34e3-4f44-858b-b36ac11a0165.roa
Signing time:             Wed 05 Nov 2025 00:40:05 +0000
ROA not before:           Wed 05 Nov 2025 00:40:05 +0000
ROA not after:            Wed 10 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        109.71.191.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:cd:00:d7:3d:bc:73:ef:b0:c1:63:15:f0:6c:06:a2:bc:5b:bf:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  5 00:40:05 2025 GMT
            Not After : Dec 10 23:59:59 2025 GMT
        Subject: serialNumber=66f88aa0242f3991dcb400aa4dd9b0989747626ecff5189557b9c2ec19cfb780, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:e0:81:31:e6:77:3a:a5:52:62:1a:fb:15:64:
                    6a:81:5d:f4:92:e7:e7:f0:d8:1d:a9:42:39:66:a9:
                    ff:6d:e4:4a:0f:1f:ae:a2:28:40:df:86:c3:36:f4:
                    0b:78:fe:e5:11:6b:1b:09:e4:b0:b1:b7:3e:eb:25:
                    34:a9:2e:6f:ca:82:13:49:38:16:f2:23:3a:71:1f:
                    6f:2c:d9:d3:46:42:42:3f:c3:f2:d1:e6:66:a2:7f:
                    b6:8b:3d:c7:ed:d4:fa:a7:83:95:48:48:73:52:c6:
                    f4:d2:fe:8a:2a:e6:bf:be:ac:81:ab:df:c7:69:92:
                    1d:a8:ad:b0:2c:f2:68:c8:2d:17:6f:ae:15:29:7e:
                    29:d0:17:1e:c9:f8:3c:7e:c0:6a:aa:88:89:e9:e2:
                    b1:cc:42:8a:82:0f:47:45:85:4e:98:dd:b9:d2:07:
                    2c:d3:94:75:e5:28:ce:9f:59:40:15:22:4d:54:09:
                    4b:21:d1:a8:bf:64:3e:93:00:c5:18:35:02:f1:c8:
                    eb:95:23:10:9e:30:d9:72:44:02:07:d8:f5:12:90:
                    da:69:94:2c:68:34:55:14:0d:f0:f4:5e:21:84:b6:
                    3a:8b:dd:c3:fe:1d:94:48:67:2e:16:7e:7b:19:92:
                    28:08:01:54:db:f8:17:9d:1d:18:c9:2d:e4:f0:8b:
                    b3:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:0B:FC:74:9F:03:29:2D:DE:CF:8E:C7:AC:C1:50:AE:51:C7:D6:E3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5ad7d350-34e3-4f44-858b-b36ac11a0165.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.71.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cc:0a:62:d7:ad:df:85:1b:73:52:53:1c:7b:c4:49:c9:02:ae:
         40:e5:4f:80:aa:eb:23:89:1a:66:6f:b8:dd:e3:22:7e:52:25:
         33:12:50:04:a0:b0:9a:3c:d2:46:0c:be:80:01:68:22:35:ba:
         94:db:16:ea:a6:6c:f8:ac:9f:e5:98:99:b5:d0:38:11:03:49:
         24:1b:07:52:f5:53:dc:a3:d7:9e:6b:5d:3e:52:88:2a:c0:4c:
         7c:ed:d2:2b:ef:91:3d:4b:5a:d4:d8:6a:f9:b1:42:71:6a:a8:
         42:86:fd:e2:e4:66:09:8e:5b:de:d9:15:b4:d5:e9:31:66:be:
         5a:d6:b3:c3:6e:b5:6c:8d:90:a7:45:41:23:95:74:30:f4:08:
         c7:30:7c:35:f4:2e:ac:61:f7:1a:0a:eb:56:cd:95:75:2a:71:
         66:82:1a:ed:29:2a:39:2d:7d:f0:b1:5f:d9:9a:1e:ee:35:c1:
         94:ff:c3:5e:d1:2a:8e:63:07:bc:c1:cd:dc:a5:64:7a:e4:4e:
         7b:0f:8f:fa:97:1c:ac:d4:26:3b:7f:28:1a:af:b1:9c:e0:a1:
         46:b4:5a:ab:2b:d7:8f:3e:67:29:3a:5b:57:c3:28:6c:37:85:
         b2:45:d6:60:e3:07:7e:cc:30:57:4b:cf:2b:0d:dd:52:1b:0e:
         2a:22:15:16
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIM0A1z28c++wwWMV8GwGorxbv0gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTA1MDA0MDA1WhcNMjUxMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0A2NmY4OGFhMDI0MmYzOTkxZGNiNDAwYWE0ZGQ5YjA5ODk3
NDc2MjZlY2ZmNTE4OTU1N2I5YzJlYzE5Y2ZiNzgwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD04IEx5nc6pVJiGvsVZGqBXfSS5+fw2B2pQjlmqf9t5EoP
H66iKEDfhsM29At4/uURaxsJ5LCxtz7rJTSpLm/KghNJOBbyIzpxH28s2dNGQkI/
w/LR5maif7aLPcft1Pqng5VISHNSxvTS/ooq5r++rIGr38dpkh2orbAs8mjILRdv
rhUpfinQFx7J+Dx+wGqqiInp4rHMQoqCD0dFhU6Y3bnSByzTlHXlKM6fWUAVIk1U
CUsh0ai/ZD6TAMUYNQLxyOuVIxCeMNlyRAIH2PUSkNpplCxoNFUUDfD0XiGEtjqL
3cP+HZRIZy4WfnsZkigIAVTb+BedHRjJLeTwi7OZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUaQv8dJ8DKS3ez47HrMFQrlHH1uMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzVhZDdkMzUwLTM0ZTMtNGY0NC04NThiLWIzNmFjMTFhMDE2NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABtR78wDQYJKoZIhvcNAQELBQADggEBAMwKYtet34Ubc1JTHHvESckCrkDl
T4Cq6yOJGmZvuN3jIn5SJTMSUASgsJo80kYMvoABaCI1upTbFuqmbPisn+WYmbXQ
OBEDSSQbB1L1U9yj155rXT5SiCrATHzt0ivvkT1LWtTYavmxQnFqqEKG/eLkZgmO
W97ZFbTV6TFmvlrWs8NutWyNkKdFQSOVdDD0CMcwfDX0Lqxh9xoK61bNlXUqcWaC
Gu0pKjktffCxX9maHu41wZT/w17RKo5jB7zBzdylZHrkTnsPj/qXHKzUJjt/KBqv
sZzgoUa0Wqsr148+Zyk6W1fDKGw3hbJF1mDjB37MMFdLzysN3VIbDioiFRY=
-----END CERTIFICATE-----