Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/457424b8-03f5-483e-b2fe-c752baaa49db.roa
File:                     457424b8-03f5-483e-b2fe-c752baaa49db.roa (raw, json)
Hash identifier:          PepOHPBJD6fYD4+lUUN70YmuPBXQQ/gyyYB1DSbsW9s=
Subject key identifier:   A0:FD:85:BE:3C:AD:99:9D:06:B9:A8:1E:AE:11:4B:1B:BE:29:C2:31
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       18ACF5F3B56C400C5FB39B843F85EA5EC277BE15
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/457424b8-03f5-483e-b2fe-c752baaa49db.roa
Signing time:             Mon 20 Oct 2025 03:42:25 +0000
ROA not before:           Mon 20 Oct 2025 03:42:25 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.157.141.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:ac:f5:f3:b5:6c:40:0c:5f:b3:9b:84:3f:85:ea:5e:c2:77:be:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 03:42:25 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=503526947176e2c00c0dc0ca0d51515b3c4d1e3d38bad1c2a77d1ad948c52c75, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:a6:31:6c:fc:3e:1f:10:a7:9a:be:6e:a6:72:
                    21:f6:e5:44:c3:4a:bf:a2:f5:c7:90:b1:ae:b5:a3:
                    3f:e8:3b:82:d6:2a:bb:92:da:98:83:08:32:54:43:
                    60:1b:d6:ad:d0:36:e9:ae:9d:cf:02:7a:41:92:91:
                    59:d3:ed:79:3c:5c:ed:7f:e7:28:b8:6d:69:3c:16:
                    2d:69:75:9a:2b:25:90:95:cc:e4:48:8f:c9:15:69:
                    2a:32:29:9f:df:02:20:5b:a3:c4:75:db:75:2f:ad:
                    4a:d6:fe:25:b6:c8:82:bb:d4:11:dd:b3:42:16:09:
                    b7:94:c1:df:72:06:e4:a7:56:f6:9a:91:07:67:eb:
                    aa:86:90:34:af:70:10:1b:d4:fc:ae:ed:82:d6:05:
                    51:26:0a:f9:0c:aa:64:2c:24:d9:b1:a2:85:05:b8:
                    d7:7f:5c:d8:09:23:93:07:c1:14:70:ca:b2:88:78:
                    2b:18:44:01:7c:5c:6a:0e:50:1a:86:db:be:ca:ca:
                    fd:66:a5:e5:aa:da:0b:5d:92:df:30:25:68:36:27:
                    8a:b9:68:02:6c:a7:87:cd:8c:4d:eb:39:2f:14:31:
                    a3:79:e8:8c:0d:45:e6:6b:30:30:86:11:d0:58:9c:
                    db:82:9a:18:87:6c:e9:04:f2:94:14:62:b1:7f:cd:
                    3a:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:FD:85:BE:3C:AD:99:9D:06:B9:A8:1E:AE:11:4B:1B:BE:29:C2:31
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/457424b8-03f5-483e-b2fe-c752baaa49db.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.157.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:96:66:5f:fb:05:55:96:f0:58:a9:a7:80:44:02:0d:83:fd:
         38:fe:a4:89:27:36:11:b7:82:33:5c:21:6d:10:42:c7:51:78:
         92:9a:6c:23:3e:f8:79:2b:78:cd:c8:42:f6:a0:3a:30:fe:3b:
         6a:fd:be:c3:00:e7:d3:9d:f9:c7:d0:39:22:fa:32:f9:f1:ec:
         21:3f:7e:66:64:6b:98:e6:c7:c6:30:f3:5e:76:a1:8f:6b:0d:
         8f:c9:99:8d:61:e2:b5:e9:c4:8f:27:56:77:98:a2:4c:7d:4c:
         ed:88:f9:51:df:bb:89:46:d8:b9:23:bb:79:92:40:b0:af:c6:
         1d:96:e9:0a:a0:63:59:3f:40:9b:ae:b8:9a:0c:fd:54:bf:f6:
         5f:07:34:85:93:3c:87:b8:c4:41:3c:dd:a0:05:32:36:65:35:
         15:4e:5f:2d:cf:07:06:7f:b0:cf:6f:dd:69:9d:a0:4f:24:28:
         29:47:d9:08:e4:6b:ae:91:b2:09:0a:0b:d2:23:4b:1b:9f:be:
         16:cc:05:e8:23:76:69:74:3a:a1:6a:95:22:97:91:fa:75:67:
         b6:d7:da:bd:4b:01:fc:9f:94:7c:75:be:be:76:c8:1c:4a:7d:
         92:5f:1b:80:3a:c3:1f:8c:0b:c4:b9:d1:b4:54:ed:88:56:7a:
         64:5f:21:e0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGKz187VsQAxfs5uEP4XqXsJ3vhUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDM0MjI1WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A1MDM1MjY5NDcxNzZlMmMwMGMwZGMwY2EwZDUxNTE1YjNj
NGQxZTNkMzhiYWQxYzJhNzdkMWFkOTQ4YzUyYzc1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCmpjFs/D4fEKeavm6mciH25UTDSr+i9ceQsa61oz/oO4LW
KruS2piDCDJUQ2Ab1q3QNumunc8CekGSkVnT7Xk8XO1/5yi4bWk8Fi1pdZorJZCV
zORIj8kVaSoyKZ/fAiBbo8R123UvrUrW/iW2yIK71BHds0IWCbeUwd9yBuSnVvaa
kQdn66qGkDSvcBAb1Pyu7YLWBVEmCvkMqmQsJNmxooUFuNd/XNgJI5MHwRRwyrKI
eCsYRAF8XGoOUBqG277Kyv1mpeWq2gtdkt8wJWg2J4q5aAJsp4fNjE3rOS8UMaN5
6IwNReZrMDCGEdBYnNuCmhiHbOkE8pQUYrF/zTq9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUoP2FvjytmZ0GuagerhFLG74pwjEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ1NzQyNGI4LTAzZjUtNDgzZS1iMmZlLWM3NTJiYWFhNDlkYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsnY0wDQYJKoZIhvcNAQELBQADggEBAHSWZl/7BVWW8Fipp4BEAg2D/Tj+
pIknNhG3gjNcIW0QQsdReJKabCM++HkreM3IQvagOjD+O2r9vsMA59Od+cfQOSL6
Mvnx7CE/fmZka5jmx8Yw8152oY9rDY/JmY1h4rXpxI8nVneYokx9TO2I+VHfu4lG
2Lkju3mSQLCvxh2W6QqgY1k/QJuuuJoM/VS/9l8HNIWTPIe4xEE83aAFMjZlNRVO
Xy3PBwZ/sM9v3WmdoE8kKClH2Qjka66RsgkKC9IjSxufvhbMBegjdml0OqFqlSKX
kfp1Z7bX2r1LAfyflHx1vr52yBxKfZJfG4A6wx+MC8S50bRU7YhWemRfIeA=
-----END CERTIFICATE-----