Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/43b23060-b366-4270-a7c5-2ef2f890b8ca.roa
File:                     43b23060-b366-4270-a7c5-2ef2f890b8ca.roa (raw, json)
Hash identifier:          PXClgj3MDNFhybWDl9fCknd268Gkp2ZU6fUt0srmCC0=
Subject key identifier:   D3:36:3A:2B:2C:9D:B5:7F:B6:FA:F3:7A:DF:66:4F:D3:81:B4:A0:F5
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1D7ACC89D2E7875CA7560A44D5F0066E798067B5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/43b23060-b366-4270-a7c5-2ef2f890b8ca.roa
Signing time:             Sun 19 Oct 2025 01:11:39 +0000
ROA not before:           Sun 19 Oct 2025 01:11:39 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.138.31.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:7a:cc:89:d2:e7:87:5c:a7:56:0a:44:d5:f0:06:6e:79:80:67:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 19 01:11:39 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=c68ca831786e176a9adcf2c87fe944c9d127023cb3695334523b281c8145e032, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:c5:24:df:95:4d:21:b1:c7:b9:47:e0:e0:ea:
                    67:87:29:d5:13:34:74:a3:2a:e6:b2:09:ef:c0:16:
                    36:f0:ac:7e:27:28:94:9d:d8:aa:cd:ac:88:6f:cf:
                    a2:1f:6d:24:fa:bb:b2:2c:a0:2f:de:b8:e3:35:ca:
                    f4:b0:5a:08:f6:fe:99:b4:5b:9a:40:5e:e6:87:91:
                    0b:1a:a5:09:94:d5:64:96:c1:86:d7:a8:ba:16:31:
                    39:eb:04:d6:8d:a1:64:dd:f2:ff:b3:89:95:80:41:
                    c7:99:a4:f2:0d:b9:7c:e2:87:c0:d5:ee:64:84:3a:
                    79:2a:77:84:9d:ac:80:39:41:34:b9:31:5d:62:b9:
                    85:88:d9:29:15:44:bf:18:40:a9:d5:71:cc:21:ac:
                    65:04:41:ce:b6:a1:35:a8:bb:8d:29:50:0d:0d:e1:
                    26:69:01:1f:93:b5:5d:25:03:10:95:71:85:40:1d:
                    92:99:09:6d:ac:9e:0c:f3:79:b4:ed:7a:35:09:b1:
                    75:b2:30:ad:c8:ef:76:73:34:70:11:e0:b6:b4:87:
                    06:82:fc:fb:ea:2a:bd:23:cb:15:e3:9f:8a:61:dc:
                    ec:a5:2c:e3:7b:15:e1:9b:89:42:db:ad:51:12:3d:
                    ba:2f:19:e7:c8:5b:6a:f1:1d:0c:75:de:dc:47:44:
                    0d:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:36:3A:2B:2C:9D:B5:7F:B6:FA:F3:7A:DF:66:4F:D3:81:B4:A0:F5
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/43b23060-b366-4270-a7c5-2ef2f890b8ca.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.138.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:3e:5d:74:dd:cd:e2:ea:92:96:0a:3f:27:88:38:33:2b:64:
         ab:fd:01:2d:88:54:15:ba:df:2e:e7:5c:22:a7:43:03:b2:40:
         94:51:4c:80:41:8b:0a:4d:f4:19:ee:94:8d:b3:35:d4:88:b2:
         ce:52:2f:eb:96:26:cc:d8:62:f7:8e:b0:31:8d:9a:9a:10:dc:
         4d:df:e0:38:19:3c:23:62:90:a7:71:64:fe:1c:a1:bd:5c:fc:
         6b:45:56:64:a8:75:f7:a3:d4:88:88:7f:9e:cf:a4:67:2a:02:
         1b:aa:40:d4:e5:37:3e:ac:e5:18:19:49:ed:c6:88:4b:44:d0:
         a0:90:fc:b6:32:d1:bc:19:ab:19:11:a1:95:17:5b:30:53:1b:
         66:10:48:b0:86:8c:24:fb:ea:47:e9:37:39:62:e3:ac:e4:76:
         81:93:09:9b:6f:40:e3:3b:e7:81:01:1f:35:ad:a1:50:c2:d4:
         a2:c4:00:8c:33:9a:07:15:ea:67:b9:fb:4f:bd:da:6c:44:96:
         da:40:15:cd:06:06:e8:76:b4:ee:b2:07:13:bd:cc:b2:04:3b:
         33:01:4a:d7:e6:32:05:79:e4:8e:7c:d9:3a:c9:d3:3c:3d:ba:
         58:2b:c2:9b:37:c5:fe:ea:d7:ab:29:e6:04:3b:4d:58:25:94:
         a3:4f:1d:8f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHXrMidLnh1ynVgpE1fAGbnmAZ7UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE5MDExMTM5WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BjNjhjYTgzMTc4NmUxNzZhOWFkY2YyYzg3ZmU5NDRjOWQx
MjcwMjNjYjM2OTUzMzQ1MjNiMjgxYzgxNDVlMDMyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDxSTflU0hsce5R+Dg6meHKdUTNHSjKuayCe/AFjbwrH4n
KJSd2KrNrIhvz6IfbST6u7IsoC/euOM1yvSwWgj2/pm0W5pAXuaHkQsapQmU1WSW
wYbXqLoWMTnrBNaNoWTd8v+ziZWAQceZpPINuXzih8DV7mSEOnkqd4SdrIA5QTS5
MV1iuYWI2SkVRL8YQKnVccwhrGUEQc62oTWou40pUA0N4SZpAR+TtV0lAxCVcYVA
HZKZCW2sngzzebTtejUJsXWyMK3I73ZzNHAR4La0hwaC/PvqKr0jyxXjn4ph3Oyl
LON7FeGbiULbrVESPbovGefIW2rxHQx13txHRA1VAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU0zY6KyydtX+2+vN632ZP04G0oPUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQzYjIzMDYwLWIzNjYtNDI3MC1hN2M1LTJlZjJmODkwYjhjYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsih8wDQYJKoZIhvcNAQELBQADggEBAD4+XXTdzeLqkpYKPyeIODMrZKv9
AS2IVBW63y7nXCKnQwOyQJRRTIBBiwpN9BnulI2zNdSIss5SL+uWJszYYveOsDGN
mpoQ3E3f4DgZPCNikKdxZP4cob1c/GtFVmSodfej1IiIf57PpGcqAhuqQNTlNz6s
5RgZSe3GiEtE0KCQ/LYy0bwZqxkRoZUXWzBTG2YQSLCGjCT76kfpNzli46zkdoGT
CZtvQOM754EBHzWtoVDC1KLEAIwzmgcV6me5+0+92mxEltpAFc0GBuh2tO6yBxO9
zLIEOzMBStfmMgV55I582TrJ0zw9ulgrwps3xf7q16sp5gQ7TVgllKNPHY8=
-----END CERTIFICATE-----