Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/355900e6-1a55-4e9c-9345-481d52270b21.roa
File:                     355900e6-1a55-4e9c-9345-481d52270b21.roa (raw, json)
Hash identifier:          7OhXtBlNW7nVxWAUhyLgmyT+VmfynFt+MsNReYCHEG4=
Subject key identifier:   8D:91:CC:E0:8F:6A:1E:6B:3E:A1:A7:12:05:B9:19:AC:F2:33:F3:CC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       268B89F4E3FBBA482CD81BC8A07E4C65265821CE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/355900e6-1a55-4e9c-9345-481d52270b21.roa
Signing time:             Mon 20 Oct 2025 02:11:00 +0000
ROA not before:           Mon 20 Oct 2025 02:11:00 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.158.24.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:8b:89:f4:e3:fb:ba:48:2c:d8:1b:c8:a0:7e:4c:65:26:58:21:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 02:11:00 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=76932f16036e8110b6ab7212cc44abcd5e66230d8260eec234065e0ea27ef73a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:58:90:08:7b:6d:48:46:31:b9:25:cd:28:38:
                    a0:d2:e3:5a:38:26:66:59:19:43:86:80:cb:a9:f3:
                    37:a1:be:32:48:f6:73:93:5f:dc:41:c0:de:73:2d:
                    20:d3:e6:76:55:0d:5f:a3:82:2e:50:f7:aa:49:4e:
                    87:4d:07:31:c5:d4:aa:db:eb:e2:ae:a1:c7:80:6a:
                    69:5c:ec:f1:3c:c1:08:7b:e4:72:dd:d8:0c:6c:23:
                    48:e7:94:76:97:37:f8:c9:c4:ae:41:62:a9:02:97:
                    06:8d:70:8d:c7:ec:e4:44:3c:96:0e:76:f1:7a:db:
                    04:b6:64:16:9e:88:79:54:c2:56:8b:52:9f:30:d7:
                    be:d1:36:0b:e8:44:66:17:fc:af:4e:a6:47:98:3b:
                    31:8a:90:1a:f1:94:cc:e8:a4:0b:8a:bb:4e:ab:13:
                    ed:9f:2b:43:42:96:38:53:3b:2d:f2:73:e6:34:1d:
                    86:a0:d8:08:f3:d4:05:da:49:b0:ab:a4:99:86:78:
                    8b:2b:b2:85:73:a9:cb:3e:96:ac:1a:60:92:ae:7e:
                    43:d7:f0:52:b0:c7:a8:fc:e4:ff:f2:27:07:82:bc:
                    79:63:e7:97:59:6e:80:e1:2d:35:34:7e:18:a5:78:
                    de:07:8f:f4:de:c9:57:0a:1d:88:d1:f4:ec:73:be:
                    25:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:91:CC:E0:8F:6A:1E:6B:3E:A1:A7:12:05:B9:19:AC:F2:33:F3:CC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/355900e6-1a55-4e9c-9345-481d52270b21.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.158.24.0/21

    Signature Algorithm: sha256WithRSAEncryption
         a8:a0:e0:6e:9d:ed:c9:e3:9f:6a:45:42:d4:58:5e:4d:f1:38:
         d2:83:b0:f9:18:66:c9:85:5e:d6:29:3c:a4:21:29:47:cf:62:
         f3:f8:a1:76:c4:0e:9e:ad:c9:d7:c6:ae:f0:9e:b1:6a:58:04:
         60:6d:e0:18:7c:d1:f4:32:ad:02:64:29:df:8f:e6:71:72:73:
         3a:94:6f:1d:80:c5:a3:5c:7e:80:34:90:b2:e9:aa:de:ff:02:
         3b:21:a3:5e:3d:52:2f:6e:da:3d:9c:68:7d:46:05:28:23:a6:
         e1:93:87:4f:3f:84:d0:1c:f1:2d:3b:2e:44:b7:63:43:bf:ca:
         c3:5e:ab:cd:dc:ec:49:74:6e:45:43:e2:89:68:1b:b3:87:ed:
         b4:00:b7:8c:ba:08:b8:fd:93:79:5b:61:b8:72:6d:40:a0:dc:
         81:15:70:95:36:57:1d:6c:1a:e0:40:19:59:8c:42:c9:ea:1a:
         80:d7:b6:33:cb:4a:17:f7:85:91:44:16:90:55:9d:86:8e:2f:
         1f:c9:81:5e:91:d2:8e:d8:ba:f9:f8:c3:7c:25:ee:d3:e7:f5:
         2f:b4:b3:23:5b:fa:a5:99:7d:86:ee:1f:ac:98:46:87:78:a8:
         3f:0a:e7:9b:13:15:6f:33:bc:ba:3b:66:68:91:fd:5a:27:61:
         6d:53:e7:35
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJouJ9OP7ukgs2BvIoH5MZSZYIc4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDIxMTAwWhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A3NjkzMmYxNjAzNmU4MTEwYjZhYjcyMTJjYzQ0YWJjZDVl
NjYyMzBkODI2MGVlYzIzNDA2NWUwZWEyN2VmNzNhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1WJAIe21IRjG5Jc0oOKDS41o4JmZZGUOGgMup8zehvjJI
9nOTX9xBwN5zLSDT5nZVDV+jgi5Q96pJTodNBzHF1Krb6+KuoceAamlc7PE8wQh7
5HLd2AxsI0jnlHaXN/jJxK5BYqkClwaNcI3H7OREPJYOdvF62wS2ZBaeiHlUwlaL
Up8w177RNgvoRGYX/K9OpkeYOzGKkBrxlMzopAuKu06rE+2fK0NCljhTOy3yc+Y0
HYag2Ajz1AXaSbCrpJmGeIsrsoVzqcs+lqwaYJKufkPX8FKwx6j85P/yJweCvHlj
55dZboDhLTU0fhileN4Hj/TeyVcKHYjR9OxzviX7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUjZHM4I9qHms+oacSBbkZrPIz88wwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM1NTkwMGU2LTFhNTUtNGU5Yy05MzQ1LTQ4MWQ1MjI3MGIyMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANsnhgwDQYJKoZIhvcNAQELBQADggEBAKig4G6d7cnjn2pFQtRYXk3xONKD
sPkYZsmFXtYpPKQhKUfPYvP4oXbEDp6tydfGrvCesWpYBGBt4Bh80fQyrQJkKd+P
5nFyczqUbx2AxaNcfoA0kLLpqt7/Ajsho149Ui9u2j2caH1GBSgjpuGTh08/hNAc
8S07LkS3Y0O/ysNeq83c7El0bkVD4oloG7OH7bQAt4y6CLj9k3lbYbhybUCg3IEV
cJU2Vx1sGuBAGVmMQsnqGoDXtjPLShf3hZFEFpBVnYaOLx/JgV6R0o7Yuvn4w3wl
7tPn9S+0syNb+qWZfYbuH6yYRod4qD8K55sTFW8zvLo7ZmiR/VonYW1T5zU=
-----END CERTIFICATE-----