Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3ffed9c6-a96b-47b1-b771-6b108c612667.roa
File:                     3ffed9c6-a96b-47b1-b771-6b108c612667.roa (raw, json)
Hash identifier:          y1j6gz0y+YtQuXRdg4smU398hwGTP0pQL3in+L1/Acg=
Subject key identifier:   67:15:F2:5F:2C:92:49:14:91:2D:2E:91:E2:D6:F1:67:39:FC:DD:BE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       32CE4E49535333588DB03C67DDE93FDD22AD3188
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3ffed9c6-a96b-47b1-b771-6b108c612667.roa
Signing time:             Mon 20 Oct 2025 03:12:12 +0000
ROA not before:           Mon 20 Oct 2025 03:12:12 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.158.89.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:ce:4e:49:53:53:33:58:8d:b0:3c:67:dd:e9:3f:dd:22:ad:31:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 03:12:12 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=e4500c7d5ab608f251092e434a7088b9e7c33016b9f409f07c70d45de8d7dfca, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:5e:75:3e:96:20:d3:88:71:c2:b5:c1:98:bd:
                    b5:3b:2f:e9:21:25:93:86:ba:ad:ef:17:a6:66:d6:
                    42:13:d5:1b:59:4b:5e:5c:84:9d:ad:a5:a5:bf:26:
                    e4:86:eb:04:1f:d3:c2:88:6e:d7:db:8f:b6:1e:68:
                    c4:67:2a:c0:4e:d6:7b:44:64:32:fa:be:2c:8b:84:
                    aa:7a:3b:89:b2:eb:13:2b:30:bc:f9:01:ed:43:20:
                    bc:18:9b:54:14:19:3d:c6:a7:a5:38:ee:50:bc:02:
                    a4:7a:03:63:89:9d:4f:2f:bc:3b:e1:3b:94:ac:a9:
                    50:31:0f:98:e2:16:a4:3e:a1:ce:a3:f7:8f:29:11:
                    9c:17:82:30:53:9c:36:0d:ac:03:e9:93:cf:c1:21:
                    87:51:86:3b:fe:c0:e2:a1:51:ae:79:65:2f:a3:92:
                    d6:de:a5:ed:43:1e:ef:b8:a9:f1:7e:10:5a:a6:f9:
                    72:cb:59:c5:7a:0d:b3:db:a4:28:cb:0b:9d:c9:cb:
                    70:10:e2:62:49:94:37:5f:53:cb:e9:61:33:a9:e9:
                    5b:9b:bc:df:ed:33:74:08:d2:7b:d6:4a:08:f1:51:
                    eb:1d:44:7c:7f:ad:09:a4:2d:75:78:92:a2:db:03:
                    dc:9b:43:02:b1:09:a7:42:ec:fd:dd:a2:47:ab:51:
                    87:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:15:F2:5F:2C:92:49:14:91:2D:2E:91:E2:D6:F1:67:39:FC:DD:BE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3ffed9c6-a96b-47b1-b771-6b108c612667.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.158.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:fe:d8:35:de:65:01:3d:b5:4d:fc:ab:7d:5f:69:92:f5:42:
         0a:02:6e:23:5b:3c:3d:ab:c1:2d:e2:bd:94:fb:64:7b:7a:bc:
         37:ce:b5:3e:e5:d0:d0:d3:dd:5e:7c:ca:02:a4:a5:8b:6d:c2:
         cd:8a:a6:00:d3:e7:6a:1d:1d:fa:ca:4a:d9:3e:50:e8:52:33:
         51:03:8e:02:ed:60:8a:5c:3a:d7:05:8d:f1:80:22:a2:57:31:
         2e:fb:3b:2e:a0:86:5d:c3:4f:f5:c2:8b:f6:80:5d:bc:48:7c:
         b8:e8:fd:78:1c:d3:a6:66:8c:c7:c9:71:ef:b0:08:b2:aa:79:
         ed:af:b8:31:61:57:b7:c3:72:9a:b9:7f:c2:bb:89:5c:3c:ef:
         b6:3c:7b:2d:86:8b:fe:21:92:dc:d1:af:07:f6:ac:30:61:8c:
         26:fb:2d:fa:be:4a:fc:bc:07:f1:0f:3a:fc:7f:14:e5:1c:63:
         97:ff:ac:f7:e2:cb:45:74:c3:61:84:ac:5a:0d:31:8f:1b:73:
         53:38:7c:82:dc:ef:1e:e2:5d:2b:f7:a3:e4:08:3b:d7:55:01:
         f6:70:0b:0c:73:c8:23:43:d6:f8:d8:8f:b1:d0:c9:c1:b2:a0:
         d0:fb:30:95:30:7e:8a:6c:ae:c6:b1:bf:1f:17:ea:9a:7b:e7:
         2d:68:42:ea
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMs5OSVNTM1iNsDxn3ek/3SKtMYgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDMxMjEyWhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BlNDUwMGM3ZDVhYjYwOGYyNTEwOTJlNDM0YTcwODhiOWU3
YzMzMDE2YjlmNDA5ZjA3YzcwZDQ1ZGU4ZDdkZmNhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+XnU+liDTiHHCtcGYvbU7L+khJZOGuq3vF6Zm1kIT1RtZ
S15chJ2tpaW/JuSG6wQf08KIbtfbj7YeaMRnKsBO1ntEZDL6viyLhKp6O4my6xMr
MLz5Ae1DILwYm1QUGT3Gp6U47lC8AqR6A2OJnU8vvDvhO5SsqVAxD5jiFqQ+oc6j
948pEZwXgjBTnDYNrAPpk8/BIYdRhjv+wOKhUa55ZS+jktbepe1DHu+4qfF+EFqm
+XLLWcV6DbPbpCjLC53Jy3AQ4mJJlDdfU8vpYTOp6VubvN/tM3QI0nvWSgjxUesd
RHx/rQmkLXV4kqLbA9ybQwKxCadC7P3dokerUYcHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZxXyXyySSRSRLS6R4tbxZzn83b4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNmZmVkOWM2LWE5NmItNDdiMS1iNzcxLTZiMTA4YzYxMjY2Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsnlkwDQYJKoZIhvcNAQELBQADggEBABv+2DXeZQE9tU38q31faZL1QgoC
biNbPD2rwS3ivZT7ZHt6vDfOtT7l0NDT3V58ygKkpYttws2KpgDT52odHfrKStk+
UOhSM1EDjgLtYIpcOtcFjfGAIqJXMS77Oy6ghl3DT/XCi/aAXbxIfLjo/Xgc06Zm
jMfJce+wCLKqee2vuDFhV7fDcpq5f8K7iVw877Y8ey2Gi/4hktzRrwf2rDBhjCb7
Lfq+Svy8B/EPOvx/FOUcY5f/rPfiy0V0w2GErFoNMY8bc1M4fILc7x7iXSv3o+QI
O9dVAfZwCwxzyCND1vjYj7HQycGyoND7MJUwfopsrsaxvx8X6pp75y1oQuo=
-----END CERTIFICATE-----