Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3129af31-202c-4775-bebc-e3d0414c3662.roa
File:                     3129af31-202c-4775-bebc-e3d0414c3662.roa (raw, json)
Hash identifier:          o0bkiKOx8GTZMu4GgYTNj0++ZHnV+IUsMRC4q34FENc=
Subject key identifier:   A3:4D:7B:9F:4E:10:71:44:D0:94:0C:0B:2F:49:DD:33:CC:2D:B5:91
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       388AB9C6D6C8C49FCEFE5E946DAC134F28FE051A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3129af31-202c-4775-bebc-e3d0414c3662.roa
Signing time:             Mon 20 Oct 2025 03:00:55 +0000
ROA not before:           Mon 20 Oct 2025 03:00:55 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.157.71.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:8a:b9:c6:d6:c8:c4:9f:ce:fe:5e:94:6d:ac:13:4f:28:fe:05:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 03:00:55 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=d787d0d3f135285afabb26b18a45f5a9372e9fcd21b5531c890f4750abdc4214, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:b5:df:d3:14:09:8d:e8:2b:85:78:dc:2e:a3:
                    8a:bd:1e:69:76:0d:96:32:9b:40:c6:21:72:c7:22:
                    91:1a:78:28:db:7d:3b:1d:4e:70:70:1e:4c:08:04:
                    a7:f6:d6:59:05:79:69:cb:6d:90:e0:1f:ad:c8:94:
                    70:34:e9:c8:ef:e0:ed:ca:71:26:9e:7f:51:f5:f3:
                    2d:4d:ad:c2:72:03:9e:f2:39:70:2b:96:db:d4:34:
                    7c:fd:75:4d:94:08:de:ff:81:67:0b:6e:26:9c:01:
                    0e:9a:a8:21:36:83:08:26:a4:da:b9:42:d2:a3:47:
                    7e:cd:15:4e:f2:71:57:7a:93:99:ea:59:56:cf:de:
                    89:8e:dd:2a:fb:e2:a3:d3:10:dd:d2:a9:b0:bc:3a:
                    82:07:3b:00:83:5d:0a:cf:b4:19:9f:45:08:c6:bd:
                    da:9f:79:64:a9:03:f0:23:fd:f7:ef:5d:67:a7:b3:
                    fa:e1:f4:31:98:7b:7d:a0:de:f4:cf:ed:15:6e:50:
                    fb:73:63:4b:dd:72:ce:da:ab:d7:9e:0c:c1:9c:2e:
                    c6:4e:1b:23:5e:ad:6f:d7:65:de:93:af:6c:af:5d:
                    11:ec:d2:84:1c:11:81:bf:b1:5e:c6:12:08:68:57:
                    ba:aa:36:57:fe:ea:b3:10:39:66:ad:b0:b6:d9:c6:
                    68:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:4D:7B:9F:4E:10:71:44:D0:94:0C:0B:2F:49:DD:33:CC:2D:B5:91
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3129af31-202c-4775-bebc-e3d0414c3662.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.157.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:56:63:f1:53:bb:07:bf:49:ad:83:d2:6a:77:4c:41:9f:32:
         d1:9b:ba:30:0a:ae:ad:bd:39:de:d9:dd:1f:4f:3e:5f:8f:ef:
         c3:b1:e2:4d:01:e9:02:44:39:78:17:52:bf:4b:2d:9e:7a:17:
         a1:79:4c:1f:23:b3:38:63:1a:77:aa:5d:fa:06:55:a5:6e:79:
         29:18:bb:d2:0d:ee:9c:4b:48:98:d1:d9:4a:9a:e9:9d:15:95:
         5e:8d:0d:18:2f:8c:f0:ab:2c:b1:ae:50:e4:35:c3:db:0c:98:
         33:34:c6:ef:11:cc:fb:64:a1:0c:53:db:43:44:1f:c2:ed:a5:
         80:05:59:82:7d:3c:c3:4d:b0:16:f3:45:2c:80:bb:87:9a:43:
         e1:aa:65:8a:11:a1:7a:06:1e:ed:c4:8a:c0:29:b2:35:4c:6d:
         16:e0:a1:c3:67:12:a1:37:71:fb:a2:d8:b4:1f:13:df:ce:f3:
         d2:a1:52:39:80:23:89:5c:2e:43:27:f0:36:b7:6b:ca:b0:4e:
         64:15:19:b2:fe:08:c8:b1:d2:c8:4d:e5:c9:48:f5:8e:9b:c2:
         3a:58:b7:7a:7a:c5:ed:44:d4:25:15:a1:b4:b6:6e:87:4d:d5:
         74:7b:c8:fb:c4:79:71:20:19:77:23:75:a2:4c:26:b4:0a:a4:
         0c:a9:81:29
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOIq5xtbIxJ/O/l6UbawTTyj+BRowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDMwMDU1WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BkNzg3ZDBkM2YxMzUyODVhZmFiYjI2YjE4YTQ1ZjVhOTM3
MmU5ZmNkMjFiNTUzMWM4OTBmNDc1MGFiZGM0MjE0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCEtd/TFAmN6CuFeNwuo4q9Hml2DZYym0DGIXLHIpEaeCjb
fTsdTnBwHkwIBKf21lkFeWnLbZDgH63IlHA06cjv4O3KcSaef1H18y1NrcJyA57y
OXArltvUNHz9dU2UCN7/gWcLbiacAQ6aqCE2gwgmpNq5QtKjR37NFU7ycVd6k5nq
WVbP3omO3Sr74qPTEN3SqbC8OoIHOwCDXQrPtBmfRQjGvdqfeWSpA/Aj/ffvXWen
s/rh9DGYe32g3vTP7RVuUPtzY0vdcs7aq9eeDMGcLsZOGyNerW/XZd6Tr2yvXRHs
0oQcEYG/sV7GEghoV7qqNlf+6rMQOWatsLbZxmj7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUo017n04QcUTQlAwLL0ndM8wttZEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzMxMjlhZjMxLTIwMmMtNDc3NS1iZWJjLWUzZDA0MTRjMzY2Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsnUcwDQYJKoZIhvcNAQELBQADggEBAEZWY/FTuwe/Sa2D0mp3TEGfMtGb
ujAKrq29Od7Z3R9PPl+P78Ox4k0B6QJEOXgXUr9LLZ56F6F5TB8jszhjGneqXfoG
VaVueSkYu9IN7pxLSJjR2Uqa6Z0VlV6NDRgvjPCrLLGuUOQ1w9sMmDM0xu8RzPtk
oQxT20NEH8LtpYAFWYJ9PMNNsBbzRSyAu4eaQ+GqZYoRoXoGHu3EisApsjVMbRbg
ocNnEqE3cfui2LQfE9/O89KhUjmAI4lcLkMn8Da3a8qwTmQVGbL+CMix0shN5clI
9Y6bwjpYt3p6xe1E1CUVobS2bodN1XR7yPvEeXEgGXcjdaJMJrQKpAypgSk=
-----END CERTIFICATE-----