Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/33d275f7-f208-480b-9ec9-add23ae63eed.roa
File:                     33d275f7-f208-480b-9ec9-add23ae63eed.roa (raw, json)
Hash identifier:          v0Nufr+Y7saV6HJiva4V3rFPMx7WP2+JkT4ncL8cxOU=
Subject key identifier:   00:C0:26:70:6D:98:B9:B5:96:19:A7:C1:C5:57:4F:1C:63:C0:4F:20
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6BAE14C9E9036CB0AE6AA572C11F6D98B7F60592
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/33d275f7-f208-480b-9ec9-add23ae63eed.roa
Signing time:             Sun 19 Oct 2025 00:31:06 +0000
ROA not before:           Sun 19 Oct 2025 00:31:06 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.138.16.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:ae:14:c9:e9:03:6c:b0:ae:6a:a5:72:c1:1f:6d:98:b7:f6:05:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 19 00:31:06 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=56268dbee91fc58b945b3ab557ed34e16471db8dc4e158698740d04b62fd58a5, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:d6:d3:eb:2a:49:b0:16:07:24:a1:12:1e:96:
                    3d:d3:cf:e1:9c:17:b3:9f:96:92:49:b1:af:eb:2e:
                    df:dd:14:7d:14:47:89:d5:d7:37:67:19:fe:dc:e7:
                    74:45:7c:e9:d6:2c:43:99:cd:2f:f9:10:33:30:79:
                    12:d4:91:30:b5:19:85:26:ab:f8:f6:94:37:f5:70:
                    3e:7e:26:4a:46:c7:16:e4:23:ac:ef:4f:90:70:ba:
                    07:8c:e2:d9:2b:5d:5c:36:02:b0:24:dc:ab:78:4b:
                    c5:2e:e2:d9:80:50:29:c6:50:bd:0b:49:a1:89:98:
                    11:16:c8:66:86:42:d1:9c:7e:63:07:c9:09:ff:5c:
                    c5:e8:dd:04:b9:c3:e4:4b:cb:27:0d:4b:74:95:76:
                    7f:5a:de:ad:82:80:bd:d5:40:22:5b:de:6e:96:7e:
                    41:60:a2:f9:37:84:e7:8d:c4:65:29:c1:db:1b:f6:
                    fa:0e:6f:a2:6b:2c:47:c5:0c:5e:4c:07:c1:6d:1a:
                    b0:f1:6d:e0:a3:8b:90:c4:84:89:b5:5a:0b:a5:a9:
                    c9:12:e6:32:5f:5b:30:3f:50:d0:e2:25:a3:38:b7:
                    5b:2e:03:56:43:7d:6f:14:cc:6a:db:39:c9:91:db:
                    52:7e:d2:c8:4e:53:1d:46:32:0e:2e:13:3a:87:6b:
                    c5:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:C0:26:70:6D:98:B9:B5:96:19:A7:C1:C5:57:4F:1C:63:C0:4F:20
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/33d275f7-f208-480b-9ec9-add23ae63eed.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.138.16.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c8:8d:17:00:09:95:d1:7f:aa:d2:ee:b5:e6:eb:6c:d3:ff:18:
         98:db:59:54:25:4f:f7:1e:a6:1f:f1:98:c8:b0:a1:05:55:c9:
         22:19:c1:a8:a1:9c:3d:fd:08:a1:0b:46:6b:e5:f5:df:bd:d8:
         5d:7e:2e:bd:05:94:e7:32:16:4b:cf:1d:35:60:c8:36:9b:98:
         3d:a9:29:21:89:63:b0:fd:e8:13:fd:84:16:ed:93:9e:61:e8:
         25:62:dc:73:16:41:8f:34:7d:99:2e:4a:bd:34:56:a8:46:0b:
         4c:b8:a7:7e:2e:c3:b4:8b:aa:1c:62:07:8f:9e:95:f1:b0:87:
         0b:fe:29:52:19:88:bc:45:93:79:d7:bb:97:d0:34:3c:25:10:
         26:b5:82:1f:11:49:b8:36:fc:54:55:ee:7c:9a:2f:84:8b:ff:
         91:3f:d6:55:b1:ed:93:5f:2c:13:a6:81:e0:7b:d9:7a:d7:ef:
         dc:99:fe:b9:f1:e4:0f:ad:eb:da:4b:37:70:0d:60:09:f3:c4:
         26:33:33:b9:3b:fe:07:20:c7:c8:e2:1f:5d:13:2f:0c:bb:2a:
         9d:ce:2f:9b:0f:1b:b4:f5:90:17:40:34:ef:a9:0d:d2:f8:38:
         b6:d0:32:6b:54:dd:fc:e5:82:7f:a5:5e:61:bb:7a:85:bb:07:
         23:5e:8a:71
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUa64UyekDbLCuaqVywR9tmLf2BZIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE5MDAzMTA2WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A1NjI2OGRiZWU5MWZjNThiOTQ1YjNhYjU1N2VkMzRlMTY0
NzFkYjhkYzRlMTU4Njk4NzQwZDA0YjYyZmQ1OGE1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCS1tPrKkmwFgckoRIelj3Tz+GcF7OflpJJsa/rLt/dFH0U
R4nV1zdnGf7c53RFfOnWLEOZzS/5EDMweRLUkTC1GYUmq/j2lDf1cD5+JkpGxxbk
I6zvT5BwugeM4tkrXVw2ArAk3Kt4S8Uu4tmAUCnGUL0LSaGJmBEWyGaGQtGcfmMH
yQn/XMXo3QS5w+RLyycNS3SVdn9a3q2CgL3VQCJb3m6WfkFgovk3hOeNxGUpwdsb
9voOb6JrLEfFDF5MB8FtGrDxbeCji5DEhIm1WgulqckS5jJfWzA/UNDiJaM4t1su
A1ZDfW8UzGrbOcmR21J+0shOUx1GMg4uEzqHa8XPAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUAMAmcG2YubWWGafBxVdPHGPATyAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzMzZDI3NWY3LWYyMDgtNDgwYi05ZWM5LWFkZDIzYWU2M2VlZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFsihAwDQYJKoZIhvcNAQELBQADggEBAMiNFwAJldF/qtLutebrbNP/GJjb
WVQlT/ceph/xmMiwoQVVySIZwaihnD39CKELRmvl9d+92F1+Lr0FlOcyFkvPHTVg
yDabmD2pKSGJY7D96BP9hBbtk55h6CVi3HMWQY80fZkuSr00VqhGC0y4p34uw7SL
qhxiB4+elfGwhwv+KVIZiLxFk3nXu5fQNDwlECa1gh8RSbg2/FRV7nyaL4SL/5E/
1lWx7ZNfLBOmgeB72XrX79yZ/rnx5A+t69pLN3ANYAnzxCYzM7k7/gcgx8jiH10T
Lwy7Kp3OL5sPG7T1kBdANO+pDdL4OLbQMmtU3fzlgn+lXmG7eoW7ByNeinE=
-----END CERTIFICATE-----