Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/583b985c-531f-4613-93a0-105e07f13d5a.roa
File:                     583b985c-531f-4613-93a0-105e07f13d5a.roa (raw, json)
Hash identifier:          cDdk5LaK74+T3KA3mWUfxnd3lkVqEMm6rexhwWbehrI=
Subject key identifier:   A4:43:B0:FA:FD:E4:9E:4F:52:B9:DF:C0:EB:8A:D7:C2:F1:4A:A5:EC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       08E6917950B69B7D0E309A31F1884F2ACC453772
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/583b985c-531f-4613-93a0-105e07f13d5a.roa
Signing time:             Mon 20 Oct 2025 01:10:13 +0000
ROA not before:           Mon 20 Oct 2025 01:10:13 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.159.238.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:e6:91:79:50:b6:9b:7d:0e:30:9a:31:f1:88:4f:2a:cc:45:37:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 01:10:13 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=72e41ae844470e04bdeef5261a37fa8437c72bf22fab2d264d11c9582b499843, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:f1:6b:3a:d2:53:c3:7e:e3:01:dd:ec:93:17:
                    1a:e4:9c:7c:e0:ab:06:fb:74:ab:09:61:d8:49:e9:
                    da:6d:a9:60:68:87:3e:b0:65:57:bc:3c:ed:e8:9f:
                    02:30:55:2e:68:63:27:51:d6:6a:a9:ba:ff:b3:3d:
                    2e:50:8f:3f:70:b0:38:36:dc:32:2e:71:9d:b9:f9:
                    ac:80:fc:ab:84:5a:30:d8:e7:c9:6c:06:45:c2:70:
                    89:7b:4f:3b:c9:d7:5d:9f:e7:73:1e:b3:b4:e5:d9:
                    38:7d:7a:3c:59:a1:e6:1a:e6:d6:eb:a5:ea:a1:4e:
                    05:71:46:7b:30:0c:7e:56:29:be:d8:84:01:3f:0c:
                    e6:c1:82:1c:bf:c1:ef:09:b9:48:71:3f:ec:0d:85:
                    d0:8b:b3:0d:b5:60:e1:5c:c0:df:3a:99:70:2f:11:
                    8e:1f:15:ad:eb:21:a2:1c:5c:48:f2:2d:c4:78:0a:
                    3b:ba:70:56:2d:1f:35:fc:3a:35:91:25:43:2a:8d:
                    45:c1:f3:4c:8c:63:68:96:5b:87:f2:1f:3d:b1:d9:
                    ed:4d:96:15:52:eb:56:fa:02:be:a1:9a:d2:b0:69:
                    17:10:d6:b8:e5:0e:1a:29:72:2f:47:1f:82:69:7f:
                    e8:a8:41:48:ca:91:20:65:9a:b1:ff:36:4a:72:80:
                    1f:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:43:B0:FA:FD:E4:9E:4F:52:B9:DF:C0:EB:8A:D7:C2:F1:4A:A5:EC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/583b985c-531f-4613-93a0-105e07f13d5a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.159.238.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1a:c7:02:a4:68:6c:3b:df:b3:6e:2d:aa:42:7c:ff:25:2f:4b:
         46:c6:56:ec:55:94:dc:72:b1:ad:1b:e3:df:01:72:34:6c:19:
         63:c5:f8:de:a1:16:e0:02:e3:74:ef:b7:e9:95:3b:ef:da:3d:
         d8:3f:15:ca:0e:71:6e:a1:04:22:56:0c:c8:e0:1b:06:42:d0:
         4b:e1:95:02:fd:5d:c5:23:8d:00:25:5a:0d:ee:7e:90:db:87:
         f7:db:ed:00:a7:79:3f:a7:27:1d:89:92:15:53:96:8b:81:d3:
         f4:dc:a0:cd:f5:3d:73:f5:d7:bb:19:ab:99:69:8d:48:b5:c2:
         17:07:c8:f7:1c:c7:29:0c:d1:9d:f7:67:55:18:e6:f6:0d:e7:
         70:22:e0:15:7d:0d:f5:83:9b:96:91:fe:00:7e:0d:62:73:98:
         0f:bc:c3:32:5f:b3:f2:86:0e:70:aa:f9:29:7d:60:a9:f9:d8:
         f9:ad:26:67:41:58:1c:31:9a:77:37:9a:75:d0:14:0b:04:a6:
         7e:41:5e:94:98:ff:61:c0:f8:9f:b3:2e:43:2e:1b:30:cd:59:
         87:22:f6:50:af:2b:f4:7c:0c:de:13:99:f0:7b:ef:49:45:8d:
         ff:5b:c2:14:34:f3:3c:43:8c:b9:ed:42:55:61:69:f3:d3:0a:
         cc:5c:63:92
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCOaReVC2m30OMJox8YhPKsxFN3IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDExMDEzWhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A3MmU0MWFlODQ0NDcwZTA0YmRlZWY1MjYxYTM3ZmE4NDM3
YzcyYmYyMmZhYjJkMjY0ZDExYzk1ODJiNDk5ODQzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDK8Ws60lPDfuMB3eyTFxrknHzgqwb7dKsJYdhJ6dptqWBo
hz6wZVe8PO3onwIwVS5oYydR1mqpuv+zPS5Qjz9wsDg23DIucZ25+ayA/KuEWjDY
58lsBkXCcIl7TzvJ112f53Mes7Tl2Th9ejxZoeYa5tbrpeqhTgVxRnswDH5WKb7Y
hAE/DObBghy/we8JuUhxP+wNhdCLsw21YOFcwN86mXAvEY4fFa3rIaIcXEjyLcR4
Cju6cFYtHzX8OjWRJUMqjUXB80yMY2iWW4fyHz2x2e1NlhVS61b6Ar6hmtKwaRcQ
1rjlDhopci9HH4Jpf+ioQUjKkSBlmrH/NkpygB9PAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUpEOw+v3knk9Sud/A64rXwvFKpewwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU4M2I5ODVjLTUzMWYtNDYxMy05M2EwLTEwNWUwN2YxM2Q1YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFsn+4wDQYJKoZIhvcNAQELBQADggEBABrHAqRobDvfs24tqkJ8/yUvS0bG
VuxVlNxysa0b498BcjRsGWPF+N6hFuAC43Tvt+mVO+/aPdg/FcoOcW6hBCJWDMjg
GwZC0EvhlQL9XcUjjQAlWg3ufpDbh/fb7QCneT+nJx2JkhVTlouB0/TcoM31PXP1
17sZq5lpjUi1whcHyPccxykM0Z33Z1UY5vYN53Ai4BV9DfWDm5aR/gB+DWJzmA+8
wzJfs/KGDnCq+Sl9YKn52PmtJmdBWBwxmnc3mnXQFAsEpn5BXpSY/2HA+J+zLkMu
GzDNWYci9lCvK/R8DN4TmfB770lFjf9bwhQ08zxDjLntQlVhafPTCsxcY5I=
-----END CERTIFICATE-----