Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4de73bd1-8205-4c39-b3d8-bac76eb70530.roa
File:                     4de73bd1-8205-4c39-b3d8-bac76eb70530.roa (raw, json)
Hash identifier:          C8Ei5gFauPz/QLxH9bOputctCv582jftbzqXPfzrcFs=
Subject key identifier:   D8:05:B1:2B:31:96:E8:3E:81:59:75:BE:A5:4C:08:51:7E:80:B5:1A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       49084CEC0C17C222C661CBFAB55B83BB720AB1A9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4de73bd1-8205-4c39-b3d8-bac76eb70530.roa
Signing time:             Mon 20 Oct 2025 01:50:12 +0000
ROA not before:           Mon 20 Oct 2025 01:50:12 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.158.16.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:08:4c:ec:0c:17:c2:22:c6:61:cb:fa:b5:5b:83:bb:72:0a:b1:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 01:50:12 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=d9785e07b21d5231ff801b9778bdbdbff12822a86b61e97270fa01451a9b7f6d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:f8:4d:b2:66:f4:f5:d9:1a:5d:5e:47:ec:03:
                    60:c6:8f:81:84:95:ff:cf:3e:4b:70:8a:e6:36:c3:
                    6c:32:41:35:64:cd:ca:4c:3f:cb:f8:3c:07:8e:25:
                    d3:ec:f5:5d:27:f5:9f:b7:12:3d:cf:06:77:28:98:
                    b0:2c:88:4c:21:f6:14:2a:e1:77:cd:71:db:f6:b7:
                    18:60:24:3f:10:ba:9d:a0:d1:34:36:b6:52:d7:27:
                    ec:84:45:2f:37:25:9d:e8:80:e8:c7:f9:2f:70:f8:
                    bc:47:ec:7b:5b:cf:b8:92:37:80:71:86:92:0b:c9:
                    6a:f3:20:e0:04:3e:67:94:fd:ec:9c:e3:8b:9b:35:
                    aa:be:d0:74:33:1d:d7:9b:e6:f0:7c:85:76:ac:3c:
                    63:69:00:9f:b0:92:6d:1b:c4:cd:69:24:b7:74:cf:
                    74:06:cd:3a:12:e8:82:db:37:dc:46:24:11:e9:2c:
                    a5:c9:82:07:93:fa:c7:b7:6c:ab:0a:46:bd:30:aa:
                    4c:0b:95:9b:26:95:83:91:3a:ac:2c:1f:db:f7:42:
                    91:8e:e0:b5:78:a0:2d:66:c1:07:5c:50:2f:fb:33:
                    85:f1:e8:e4:6b:e8:87:d9:5f:75:e9:8b:84:92:4b:
                    5b:4a:ca:84:c5:b4:71:7f:0d:ea:84:f0:3c:53:42:
                    25:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:05:B1:2B:31:96:E8:3E:81:59:75:BE:A5:4C:08:51:7E:80:B5:1A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4de73bd1-8205-4c39-b3d8-bac76eb70530.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.158.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1c:06:19:85:5d:93:0a:06:16:fe:43:2c:d6:cc:7a:48:9b:7c:
         10:05:96:8c:12:33:f8:d4:f9:c2:15:5b:6f:2a:6d:c7:37:06:
         d6:bb:8e:3a:0e:eb:3a:ea:83:83:aa:f0:c1:87:ff:ea:50:63:
         2e:b3:fb:de:ab:23:3d:04:71:82:33:aa:e4:54:f4:dc:6f:2b:
         72:f9:e3:e9:f0:09:47:29:55:29:c0:fd:1a:b6:10:9a:9e:5e:
         96:25:d4:bc:2b:46:f5:f7:ec:29:17:20:a6:12:67:a7:4c:06:
         ee:90:a9:a1:c2:88:6b:5f:33:c1:06:fa:4e:58:3f:a7:43:b1:
         ca:01:84:78:8a:03:1e:34:b6:1b:54:67:98:93:18:35:30:34:
         1b:a0:1c:e0:b4:7c:3a:4d:e2:78:d0:32:d7:fc:30:79:b0:f6:
         e6:48:db:7e:65:45:72:ef:c3:c1:f1:cc:e4:c6:3b:59:ed:54:
         23:4c:f8:72:55:d2:72:35:50:b8:b0:fb:df:dd:e7:a5:b2:e4:
         3e:d4:d2:17:93:da:45:99:11:12:24:b6:c5:9e:8f:b7:97:51:
         0c:2b:0d:0a:2f:21:af:c3:e4:40:0b:62:3c:a4:ce:b4:b9:79:
         28:7c:49:3b:b6:67:08:1c:4d:00:74:22:a9:42:8c:21:91:0b:
         53:c1:37:68
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSQhM7AwXwiLGYcv6tVuDu3IKsakwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDE1MDEyWhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BkOTc4NWUwN2IyMWQ1MjMxZmY4MDFiOTc3OGJkYmRiZmYx
MjgyMmE4NmI2MWU5NzI3MGZhMDE0NTFhOWI3ZjZkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDV+E2yZvT12RpdXkfsA2DGj4GElf/PPktwiuY2w2wyQTVk
zcpMP8v4PAeOJdPs9V0n9Z+3Ej3PBncomLAsiEwh9hQq4XfNcdv2txhgJD8Qup2g
0TQ2tlLXJ+yERS83JZ3ogOjH+S9w+LxH7Htbz7iSN4BxhpILyWrzIOAEPmeU/eyc
44ubNaq+0HQzHdeb5vB8hXasPGNpAJ+wkm0bxM1pJLd0z3QGzToS6ILbN9xGJBHp
LKXJggeT+se3bKsKRr0wqkwLlZsmlYOROqwsH9v3QpGO4LV4oC1mwQdcUC/7M4Xx
6ORr6IfZX3Xpi4SSS1tKyoTFtHF/DeqE8DxTQiW9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU2AWxKzGW6D6BWXW+pUwIUX6AtRowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzRkZTczYmQxLTgyMDUtNGMzOS1iM2Q4LWJhYzc2ZWI3MDUzMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJsnhAwDQYJKoZIhvcNAQELBQADggEBABwGGYVdkwoGFv5DLNbMekibfBAF
lowSM/jU+cIVW28qbcc3Bta7jjoO6zrqg4Oq8MGH/+pQYy6z+96rIz0EcYIzquRU
9NxvK3L54+nwCUcpVSnA/Rq2EJqeXpYl1LwrRvX37CkXIKYSZ6dMBu6QqaHCiGtf
M8EG+k5YP6dDscoBhHiKAx40thtUZ5iTGDUwNBugHOC0fDpN4njQMtf8MHmw9uZI
235lRXLvw8HxzOTGO1ntVCNM+HJV0nI1ULiw+9/d56Wy5D7U0heT2kWZERIktsWe
j7eXUQwrDQovIa/D5EALYjykzrS5eSh8STu2ZwgcTQB0IqlCjCGRC1PBN2g=
-----END CERTIFICATE-----