Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/22f31a9f-0d22-436f-84f5-f26c2b23b8c9.roa
File:                     22f31a9f-0d22-436f-84f5-f26c2b23b8c9.roa (raw, json)
Hash identifier:          yIXYfP1xtqNw+VPWQgbNlSMZxvT5esTLZ0Ft0Wc1FDY=
Subject key identifier:   91:7F:B4:E8:35:7E:E2:AB:F6:02:13:31:9D:7D:5C:0B:BE:38:60:7E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2260429A8677282DC284D732BC9D7DA39029D71A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/22f31a9f-0d22-436f-84f5-f26c2b23b8c9.roa
Signing time:             Sun 19 Oct 2025 00:11:23 +0000
ROA not before:           Sun 19 Oct 2025 00:11:23 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.139.204.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:60:42:9a:86:77:28:2d:c2:84:d7:32:bc:9d:7d:a3:90:29:d7:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 19 00:11:23 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=cc31e65c285e755479a865c7a66bf46ec1f39be3c10164397206640869c16888, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:69:9f:fa:ae:6a:f9:01:9d:70:70:95:ff:3f:
                    ac:fc:06:a5:34:fb:fa:d0:69:6e:39:05:03:56:bb:
                    3a:09:8e:cb:93:68:a9:e8:c8:b9:24:12:b0:f2:39:
                    e3:c9:db:91:3b:56:78:35:78:e7:cc:e6:76:3e:6a:
                    93:9d:1b:14:0a:1a:1c:06:6e:03:ea:c7:ab:fc:2d:
                    9b:14:59:4e:82:c5:73:f4:48:74:50:14:89:58:d6:
                    6d:bc:b0:85:70:73:0c:51:17:46:4f:47:ef:ba:8a:
                    cc:84:87:89:37:c3:7c:20:94:5e:20:3c:db:6f:26:
                    e0:8c:20:d6:22:97:2a:4d:7e:8d:a1:77:6b:bf:e3:
                    cb:6d:61:f0:e4:c1:ac:c1:e2:06:9c:17:0d:53:3c:
                    64:fe:16:2b:f2:da:f4:2f:b5:6d:f5:d3:27:1b:44:
                    ef:6a:82:42:14:59:83:fb:89:0b:a8:c1:c6:0d:ad:
                    66:20:42:5d:e5:ca:97:98:71:cd:9f:af:dd:d5:05:
                    b5:5e:f6:f6:12:3e:a2:f6:4c:45:b9:d3:fd:15:ef:
                    63:60:54:3b:4e:02:5f:d0:74:d4:d0:8a:f4:b7:64:
                    d8:23:af:2f:91:7e:8a:9c:13:92:a6:2e:d4:b8:08:
                    00:f3:d5:fb:5c:3d:ef:44:c3:89:66:f7:a1:25:bb:
                    93:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:7F:B4:E8:35:7E:E2:AB:F6:02:13:31:9D:7D:5C:0B:BE:38:60:7E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/22f31a9f-0d22-436f-84f5-f26c2b23b8c9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.139.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:36:70:27:0b:ad:87:32:29:f4:69:ef:67:a3:5a:46:c8:e8:
         8e:dd:e5:f5:68:c5:7b:21:ad:3f:3a:35:07:29:5d:4e:a6:98:
         07:ef:69:e3:03:4e:7c:86:d3:1e:57:77:5e:99:8f:8b:4a:22:
         8e:36:85:66:50:a9:fa:56:07:9d:f4:b2:a5:ac:21:38:2d:fc:
         df:d5:d7:71:82:6b:c9:90:15:da:ba:08:8c:0e:19:c1:15:24:
         e4:f2:eb:31:94:13:d8:1e:63:07:9d:cb:79:69:51:25:c7:de:
         2d:8a:5e:78:5f:4f:05:12:e3:86:cb:a8:7b:f0:e6:01:8d:50:
         c0:6b:b6:a3:29:f9:df:6c:59:05:8b:ed:b3:80:a4:44:50:61:
         03:1e:df:b1:c1:a2:7f:ea:14:f2:51:85:8c:a7:01:c5:7d:ec:
         74:9e:44:61:db:4b:4f:7b:48:fa:c7:6d:8e:3b:e6:aa:43:02:
         e3:68:f1:21:73:a5:1b:06:12:dc:ab:96:f3:7a:60:2a:22:8a:
         c0:fc:b1:23:21:c3:4e:61:28:7d:86:ba:23:f4:15:3c:26:7f:
         7b:95:b0:9f:b0:26:a7:1f:d3:d3:af:19:0a:4f:40:31:1c:59:
         95:32:6b:86:23:74:8a:db:46:f9:cd:50:c2:5d:fd:99:2b:4d:
         75:b5:14:2d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUImBCmoZ3KC3ChNcyvJ19o5Ap1xowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE5MDAxMTIzWhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BjYzMxZTY1YzI4NWU3NTU0NzlhODY1YzdhNjZiZjQ2ZWMx
ZjM5YmUzYzEwMTY0Mzk3MjA2NjQwODY5YzE2ODg4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQClaZ/6rmr5AZ1wcJX/P6z8BqU0+/rQaW45BQNWuzoJjsuT
aKnoyLkkErDyOePJ25E7Vng1eOfM5nY+apOdGxQKGhwGbgPqx6v8LZsUWU6CxXP0
SHRQFIlY1m28sIVwcwxRF0ZPR++6isyEh4k3w3wglF4gPNtvJuCMINYilypNfo2h
d2u/48ttYfDkwazB4gacFw1TPGT+Fivy2vQvtW310ycbRO9qgkIUWYP7iQuowcYN
rWYgQl3lypeYcc2fr93VBbVe9vYSPqL2TEW50/0V72NgVDtOAl/QdNTQivS3ZNgj
ry+RfoqcE5KmLtS4CADz1ftcPe9Ew4lm96Elu5PbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUkX+06DV+4qv2AhMxnX1cC744YH4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzIyZjMxYTlmLTBkMjItNDM2Zi04NGY1LWYyNmMyYjIzYjhjOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsi8wwDQYJKoZIhvcNAQELBQADggEBAAI2cCcLrYcyKfRp72ejWkbI6I7d
5fVoxXshrT86NQcpXU6mmAfvaeMDTnyG0x5Xd16Zj4tKIo42hWZQqfpWB530sqWs
ITgt/N/V13GCa8mQFdq6CIwOGcEVJOTy6zGUE9geYwedy3lpUSXH3i2KXnhfTwUS
44bLqHvw5gGNUMBrtqMp+d9sWQWL7bOApERQYQMe37HBon/qFPJRhYynAcV97HSe
RGHbS097SPrHbY475qpDAuNo8SFzpRsGEtyrlvN6YCoiisD8sSMhw05hKH2GuiP0
FTwmf3uVsJ+wJqcf09OvGQpPQDEcWZUya4YjdIrbRvnNUMJd/ZkrTXW1FC0=
-----END CERTIFICATE-----