Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/54309193-f2e8-4421-b566-58dcfc82d6f6.roa
File:                     54309193-f2e8-4421-b566-58dcfc82d6f6.roa (raw, json)
Hash identifier:          EXq3MbV2YzBUhpoYih/fkwToNWD2btEyoUfvvPS2cn8=
Subject key identifier:   86:97:53:62:33:A4:37:F9:BF:70:ED:06:95:3B:70:56:DF:B5:77:D4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       229399F2294D7FE9EA7D464F84575CDC0504273E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/54309193-f2e8-4421-b566-58dcfc82d6f6.roa
Signing time:             Mon 20 Oct 2025 00:01:40 +0000
ROA not before:           Mon 20 Oct 2025 00:01:40 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.158.146.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:93:99:f2:29:4d:7f:e9:ea:7d:46:4f:84:57:5c:dc:05:04:27:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 00:01:40 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=49241da9a4f0790efad2c95818aa656d3b65f0fbb7865c5402d6e7471b3ce2b0, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:15:b8:db:cc:ad:c1:20:2c:e8:5f:aa:99:d8:
                    2e:59:e5:9f:cd:04:68:48:d1:0b:a3:a5:24:ca:6b:
                    be:5f:61:0e:5d:5b:80:22:f2:0e:6f:0c:eb:dd:26:
                    03:a7:d9:22:f6:a4:bc:dd:8a:e1:bd:6e:7b:3a:9b:
                    fa:88:e4:73:b0:9a:b9:6d:81:7a:96:c1:6d:13:ae:
                    82:28:8f:09:92:72:80:c7:c3:c5:c5:01:71:9f:43:
                    a6:c4:5e:a8:36:10:34:2c:d3:e1:94:d1:3c:7c:9a:
                    f8:95:54:2a:9f:e6:bc:42:26:86:d4:e6:80:fe:de:
                    02:9d:7a:38:5f:41:0b:25:f4:0b:e9:cd:0d:61:17:
                    85:4a:5a:d2:fc:b7:f5:b4:04:4a:2c:15:4e:74:e2:
                    b2:d3:7a:6d:25:e4:8a:d5:f2:b5:63:92:d3:60:b2:
                    00:6e:8b:cd:78:c1:10:66:d3:1b:92:8b:0a:49:c3:
                    d9:9d:04:75:c4:54:91:10:99:40:86:0c:b4:0c:8f:
                    7d:be:03:56:1e:81:60:86:d8:59:51:80:5c:74:39:
                    4e:f1:d8:a2:1d:89:ee:7f:6e:00:38:e5:e3:52:67:
                    81:93:e7:bb:a5:86:be:e8:3a:3e:7b:3f:75:b5:82:
                    d2:9c:66:03:0a:6b:e0:7f:5c:8b:30:f9:84:ee:cb:
                    55:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:97:53:62:33:A4:37:F9:BF:70:ED:06:95:3B:70:56:DF:B5:77:D4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/54309193-f2e8-4421-b566-58dcfc82d6f6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.158.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:45:cb:e9:68:72:f8:39:c7:ad:e0:76:13:ad:0b:f2:c2:38:
         49:15:38:dd:1f:40:bd:66:74:7b:6b:31:49:ea:a0:da:d6:64:
         ef:d0:5f:92:e9:cd:a8:c3:3c:36:ac:de:71:00:e0:77:54:92:
         8a:01:e9:83:fa:ac:b5:40:c9:37:d9:ef:b5:68:14:a8:13:25:
         3d:10:48:f2:99:b2:af:8a:b7:15:67:50:6e:a3:22:ce:a7:9f:
         3e:6f:bb:d4:81:b0:11:0b:af:c5:8f:2c:16:4c:85:ef:2f:e5:
         50:37:2c:49:20:4e:e3:90:1b:3a:6f:6c:69:9e:89:81:35:1e:
         80:43:5f:39:2b:34:60:9d:1f:d2:69:9b:18:a8:44:f2:4a:ae:
         2f:fe:95:2f:3c:84:a6:e2:10:86:29:33:d6:7e:aa:35:54:f8:
         d7:21:b1:71:ff:37:82:9f:9f:49:84:13:81:df:55:27:54:3e:
         16:e8:de:15:39:20:91:6e:07:81:5d:df:a3:37:73:13:30:c0:
         d9:2e:0c:eb:f7:41:29:2d:9c:ab:73:47:99:78:04:13:6a:7a:
         62:99:49:4b:ef:fd:fe:d6:99:b6:97:9e:83:b8:88:be:0c:7e:
         2f:b9:cd:a8:25:e0:ba:18:d8:05:5e:b7:56:03:35:39:3a:cc:
         97:f9:fb:2f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIpOZ8ilNf+nqfUZPhFdc3AUEJz4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDAwMTQwWhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A0OTI0MWRhOWE0ZjA3OTBlZmFkMmM5NTgxOGFhNjU2ZDNi
NjVmMGZiYjc4NjVjNTQwMmQ2ZTc0NzFiM2NlMmIwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDEFbjbzK3BICzoX6qZ2C5Z5Z/NBGhI0QujpSTKa75fYQ5d
W4Ai8g5vDOvdJgOn2SL2pLzdiuG9bns6m/qI5HOwmrltgXqWwW0TroIojwmScoDH
w8XFAXGfQ6bEXqg2EDQs0+GU0Tx8mviVVCqf5rxCJobU5oD+3gKdejhfQQsl9Avp
zQ1hF4VKWtL8t/W0BEosFU504rLTem0l5IrV8rVjktNgsgBui814wRBm0xuSiwpJ
w9mdBHXEVJEQmUCGDLQMj32+A1YegWCG2FlRgFx0OU7x2KIdie5/bgA45eNSZ4GT
57ulhr7oOj57P3W1gtKcZgMKa+B/XIsw+YTuy1WbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUhpdTYjOkN/m/cO0GlTtwVt+1d9QwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU0MzA5MTkzLWYyZTgtNDQyMS1iNTY2LTU4ZGNmYzgyZDZmNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsnpIwDQYJKoZIhvcNAQELBQADggEBAIJFy+locvg5x63gdhOtC/LCOEkV
ON0fQL1mdHtrMUnqoNrWZO/QX5LpzajDPDas3nEA4HdUkooB6YP6rLVAyTfZ77Vo
FKgTJT0QSPKZsq+KtxVnUG6jIs6nnz5vu9SBsBELr8WPLBZMhe8v5VA3LEkgTuOQ
GzpvbGmeiYE1HoBDXzkrNGCdH9JpmxioRPJKri/+lS88hKbiEIYpM9Z+qjVU+Nch
sXH/N4Kfn0mEE4HfVSdUPhbo3hU5IJFuB4Fd36M3cxMwwNkuDOv3QSktnKtzR5l4
BBNqemKZSUvv/f7WmbaXnoO4iL4Mfi+5zagl4LoY2AVet1YDNTk6zJf5+y8=
-----END CERTIFICATE-----