Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/99922d4f-b1fc-43d5-9674-a085ad312500.roa
File:                     99922d4f-b1fc-43d5-9674-a085ad312500.roa (raw, json)
Hash identifier:          y69FTND9fVz83By96HkodVQqbpSy8Y63D+xddTurhEc=
Subject key identifier:   80:33:A5:D3:29:5B:BC:CD:E4:68:DD:00:12:EB:44:84:93:2E:BE:84
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       111CD0BBFE72D8F945F1164D3ADACB2C3CBAE6AD
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/99922d4f-b1fc-43d5-9674-a085ad312500.roa
Signing time:             Fri 24 Oct 2025 00:00:20 +0000
ROA not before:           Fri 24 Oct 2025 00:00:20 +0000
ROA not after:            Fri 28 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        104.153.118.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:1c:d0:bb:fe:72:d8:f9:45:f1:16:4d:3a:da:cb:2c:3c:ba:e6:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 24 00:00:20 2025 GMT
            Not After : Nov 28 23:59:59 2025 GMT
        Subject: serialNumber=b087323a93a5dc9d4ea0461cee95b4c61e378dd11bfa30bb701e6612300dfae1, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:61:9f:7f:a9:68:26:64:55:10:ba:3d:8b:5b:
                    30:0f:4f:c2:6c:ab:03:1e:1b:cb:47:78:0a:aa:3c:
                    e8:84:7d:73:42:6c:69:e3:5c:ed:20:e7:a4:c2:a2:
                    58:17:24:ea:f1:55:d5:ff:9c:58:44:48:6b:4e:e3:
                    01:5d:d9:7a:7c:69:53:f6:da:60:34:81:a8:86:30:
                    39:65:d4:a6:f0:9b:39:cf:d5:2e:26:e2:c6:a4:58:
                    6b:86:50:09:6b:31:86:a4:96:c2:ba:64:b0:80:a9:
                    bb:67:c7:e3:f1:f7:86:88:d8:8d:4a:12:6e:7d:97:
                    bd:72:e3:13:64:22:c3:41:43:87:0d:15:85:de:9a:
                    86:69:fe:17:4e:8e:a6:fc:b9:89:80:10:68:72:95:
                    55:9f:2e:b3:7a:31:f1:a5:da:57:a2:99:3c:01:53:
                    d6:4f:6e:c7:34:d0:7a:13:60:a0:43:e0:1d:5e:ac:
                    83:79:fa:5c:15:25:d1:b0:c5:d7:c6:08:3a:eb:91:
                    a8:2b:8a:bd:83:81:7b:f8:88:e0:7c:32:68:31:3b:
                    90:21:4c:81:ee:d4:ff:8f:d3:b2:75:b6:86:0e:0e:
                    6b:88:03:af:c0:fd:94:18:ab:34:e1:2f:ce:67:cf:
                    c8:b9:a3:cf:bc:e2:ca:32:81:73:3e:70:d3:d9:6f:
                    3e:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:33:A5:D3:29:5B:BC:CD:E4:68:DD:00:12:EB:44:84:93:2E:BE:84
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/99922d4f-b1fc-43d5-9674-a085ad312500.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.153.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:38:bf:17:4e:da:a7:c2:97:01:54:c7:af:9d:5e:26:8d:62:
         9f:24:a2:47:f3:00:23:1b:27:fe:12:a3:46:5d:f1:25:8d:39:
         0a:4a:50:0d:b5:26:79:68:86:b0:0a:9a:f1:89:8a:ac:3d:83:
         dc:ff:b2:4f:4d:be:7d:71:f0:20:96:13:97:9b:33:0e:3b:e5:
         0b:9a:19:0d:1a:92:63:92:ca:66:21:cb:18:48:18:cf:d7:db:
         93:b8:d9:0a:79:67:c9:df:85:7f:b1:3e:35:3f:7a:6c:96:e8:
         56:47:66:2f:91:57:3f:79:c5:33:48:03:81:cf:02:af:cc:17:
         84:72:51:75:51:0d:99:cb:5e:5c:66:c9:32:94:20:e9:a0:d8:
         2a:de:c7:5d:fa:d9:7b:73:a7:84:0a:b7:2e:8c:cb:08:0d:f5:
         2f:99:18:89:51:ed:8b:bd:de:31:c4:9e:79:83:ce:2b:66:2e:
         a0:18:17:fd:cc:37:17:56:6c:1f:c4:3f:f1:d0:0e:e5:46:39:
         a8:a6:36:09:53:ea:39:d8:4a:d8:b4:43:0e:0e:31:2a:b7:c7:
         de:1e:eb:51:6b:cc:0e:25:51:ac:fe:40:aa:51:8d:da:b8:05:
         0f:7c:31:8d:65:d0:de:af:51:37:ef:00:1d:7a:20:5a:e0:22:
         7d:b5:bc:d9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUERzQu/5y2PlF8RZNOtrLLDy65q0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI0MDAwMDIwWhcNMjUxMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BiMDg3MzIzYTkzYTVkYzlkNGVhMDQ2MWNlZTk1YjRjNjFl
Mzc4ZGQxMWJmYTMwYmI3MDFlNjYxMjMwMGRmYWUxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCsYZ9/qWgmZFUQuj2LWzAPT8JsqwMeG8tHeAqqPOiEfXNC
bGnjXO0g56TColgXJOrxVdX/nFhESGtO4wFd2Xp8aVP22mA0gaiGMDll1KbwmznP
1S4m4sakWGuGUAlrMYaklsK6ZLCAqbtnx+Px94aI2I1KEm59l71y4xNkIsNBQ4cN
FYXemoZp/hdOjqb8uYmAEGhylVWfLrN6MfGl2leimTwBU9ZPbsc00HoTYKBD4B1e
rIN5+lwVJdGwxdfGCDrrkagrir2DgXv4iOB8MmgxO5AhTIHu1P+P07J1toYODmuI
A6/A/ZQYqzThL85nz8i5o8+84soygXM+cNPZbz49AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUgDOl0ylbvM3kaN0AEutEhJMuvoQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk5OTIyZDRmLWIxZmMtNDNkNS05Njc0LWEwODVhZDMxMjUwMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABomXYwDQYJKoZIhvcNAQELBQADggEBAEU4vxdO2qfClwFUx6+dXiaNYp8k
okfzACMbJ/4So0Zd8SWNOQpKUA21JnlohrAKmvGJiqw9g9z/sk9Nvn1x8CCWE5eb
Mw475QuaGQ0akmOSymYhyxhIGM/X25O42Qp5Z8nfhX+xPjU/emyW6FZHZi+RVz95
xTNIA4HPAq/MF4RyUXVRDZnLXlxmyTKUIOmg2Crex1362Xtzp4QKty6MywgN9S+Z
GIlR7Yu93jHEnnmDzitmLqAYF/3MNxdWbB/EP/HQDuVGOaimNglT6jnYSti0Qw4O
MSq3x94e61FrzA4lUaz+QKpRjdq4BQ98MY1l0N6vUTfvAB16IFrgIn21vNk=
-----END CERTIFICATE-----