Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/148844e6-7eda-43da-8a51-e479e0c044b7.roa
File:                     148844e6-7eda-43da-8a51-e479e0c044b7.roa (raw, json)
Hash identifier:          ZZb/YhcJqGJ+ibzLcpuGMclwe74hKjdl1SxtzfQOVOI=
Subject key identifier:   83:1A:6A:78:9A:E6:F9:E7:A0:EB:CD:AC:5E:29:2C:AF:EB:D3:C7:1F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       01E9494503A08ED5CD5C506D96AAF067E7D20654
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/148844e6-7eda-43da-8a51-e479e0c044b7.roa
Signing time:             Mon 20 Oct 2025 04:41:23 +0000
ROA not before:           Mon 20 Oct 2025 04:41:23 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.138.76.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:e9:49:45:03:a0:8e:d5:cd:5c:50:6d:96:aa:f0:67:e7:d2:06:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 04:41:23 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=b46f667ed1aa14d685d1e10b622bbb3951c6dafeb948a448d31e459b9987a5a9, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:30:24:04:4a:94:4c:a3:dd:ff:ba:f7:f2:bd:
                    32:77:12:8a:41:fd:aa:02:74:4e:c0:45:dc:85:0c:
                    75:1d:27:5c:cb:95:f8:0e:70:10:96:f3:07:75:bb:
                    91:be:d2:71:43:6e:52:e4:5b:8d:09:25:aa:66:36:
                    16:4e:d4:2e:ac:42:5f:81:92:20:b7:ef:01:62:c8:
                    63:ef:c5:5c:c8:65:b4:62:e1:41:1b:76:62:8a:53:
                    24:76:c8:1a:2d:6c:67:68:f6:56:99:41:50:d6:ce:
                    7e:b5:7f:43:07:8e:ec:da:d8:95:9f:3e:4e:31:68:
                    21:1e:b0:54:b5:fb:de:ec:a9:8b:27:be:66:df:f9:
                    4f:7d:7e:4d:90:59:ca:4b:a3:54:1a:6e:40:89:22:
                    c5:70:4a:56:1e:64:23:dd:5a:78:5c:ea:59:b9:07:
                    b6:36:e4:ee:aa:47:6d:83:67:60:d4:82:09:b5:bc:
                    0c:7e:1a:22:78:99:97:8f:d7:8f:ef:41:89:6a:d6:
                    14:ab:5b:27:2c:8c:ba:8e:0f:4e:c4:39:d1:61:b9:
                    2d:52:a6:4a:d4:56:dd:2c:57:35:34:74:7b:af:01:
                    12:24:48:1c:4d:a2:9a:4e:9c:2d:84:d7:87:39:18:
                    88:d7:a7:8e:61:21:7a:8c:5f:68:17:b6:06:ac:3a:
                    4b:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:1A:6A:78:9A:E6:F9:E7:A0:EB:CD:AC:5E:29:2C:AF:EB:D3:C7:1F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/148844e6-7eda-43da-8a51-e479e0c044b7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.138.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6c:8c:4d:a4:01:9e:57:9e:54:ad:d7:cd:17:c0:c5:09:39:af:
         d7:fe:ac:d0:c3:a0:6c:64:e8:2e:80:64:ef:7a:75:9c:b2:bc:
         33:3f:80:77:99:75:ca:57:8e:48:e2:d4:0a:8c:3e:c6:6f:79:
         d4:b6:e6:d8:2f:fe:e4:55:cf:2b:3f:ad:ed:65:a9:12:ac:a4:
         52:2c:62:c0:dd:47:88:1c:cc:40:6c:2e:1f:3c:d5:5c:5e:ca:
         54:81:9a:c0:d1:ad:af:f8:05:d9:e2:b0:64:4f:4c:3e:b3:f0:
         80:00:df:12:e0:83:4f:83:e7:63:01:9d:1d:24:1a:e7:c0:98:
         78:b7:b0:60:12:2d:06:f4:ef:77:2b:65:b5:19:15:fb:04:4e:
         8a:9b:65:69:f2:bf:6e:9d:be:96:33:be:48:ec:c2:b3:1c:a3:
         ed:64:d9:0a:32:fe:70:31:7b:96:8a:9a:96:5c:a4:dd:1c:e3:
         93:ce:ec:ac:cd:6c:fd:2b:a7:94:97:de:a0:f0:57:f9:66:2e:
         75:0c:f4:ce:7c:27:6a:81:ba:bf:e8:6c:f6:93:42:6c:23:3f:
         89:a9:f0:bc:84:13:dc:93:cf:47:95:b0:b5:f9:9b:f7:d3:02:
         e7:a4:43:f0:e4:bc:5f:4c:70:68:30:2f:e7:30:99:72:83:62:
         14:d9:f3:37
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAelJRQOgjtXNXFBtlqrwZ+fSBlQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDQ0MTIzWhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BiNDZmNjY3ZWQxYWExNGQ2ODVkMWUxMGI2MjJiYmIzOTUx
YzZkYWZlYjk0OGE0NDhkMzFlNDU5Yjk5ODdhNWE5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCoMCQESpRMo93/uvfyvTJ3EopB/aoCdE7ARdyFDHUdJ1zL
lfgOcBCW8wd1u5G+0nFDblLkW40JJapmNhZO1C6sQl+BkiC37wFiyGPvxVzIZbRi
4UEbdmKKUyR2yBotbGdo9laZQVDWzn61f0MHjuza2JWfPk4xaCEesFS1+97sqYsn
vmbf+U99fk2QWcpLo1QabkCJIsVwSlYeZCPdWnhc6lm5B7Y25O6qR22DZ2DUggm1
vAx+GiJ4mZeP14/vQYlq1hSrWycsjLqOD07EOdFhuS1SpkrUVt0sVzU0dHuvARIk
SBxNoppOnC2E14c5GIjXp45hIXqMX2gXtgasOksFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUgxpqeJrm+eeg682sXiksr+vTxx8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzE0ODg0NGU2LTdlZGEtNDNkYS04YTUxLWU0NzllMGMwNDRiNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJsikwwDQYJKoZIhvcNAQELBQADggEBAGyMTaQBnleeVK3XzRfAxQk5r9f+
rNDDoGxk6C6AZO96dZyyvDM/gHeZdcpXjkji1AqMPsZvedS25tgv/uRVzys/re1l
qRKspFIsYsDdR4gczEBsLh881VxeylSBmsDRra/4BdnisGRPTD6z8IAA3xLgg0+D
52MBnR0kGufAmHi3sGASLQb073crZbUZFfsEToqbZWnyv26dvpYzvkjswrMco+1k
2Qoy/nAxe5aKmpZcpN0c45PO7KzNbP0rp5SX3qDwV/lmLnUM9M58J2qBur/obPaT
QmwjP4mp8LyEE9yTz0eVsLX5m/fTAuekQ/DkvF9McGgwL+cwmXKDYhTZ8zc=
-----END CERTIFICATE-----