Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5d46f500-4d99-4116-822d-e82631198ea3.roa
File:                     5d46f500-4d99-4116-822d-e82631198ea3.roa (raw, json)
Hash identifier:          R88oeiizn1V8T7PuUQKzWy6n5ZEnqMzWHi8dqr+Z8ro=
Subject key identifier:   57:96:FA:A1:96:AE:51:60:0B:CF:4D:F7:1B:12:CF:A4:71:88:CB:D0
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       71F51BEFFCF5B67FA036B95D3621523A5060B943
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5d46f500-4d99-4116-822d-e82631198ea3.roa
Signing time:             Sun 19 Oct 2025 03:00:37 +0000
ROA not before:           Sun 19 Oct 2025 03:00:37 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.138.206.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:f5:1b:ef:fc:f5:b6:7f:a0:36:b9:5d:36:21:52:3a:50:60:b9:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 19 03:00:37 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=4303aa008fb909b335cd243ba3ca378822471ebf26864843913b3dae71a9a59f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:c0:f3:ed:c1:78:25:d6:88:9c:e9:54:e9:b1:
                    40:16:72:81:83:8e:45:02:98:63:49:3c:dc:53:22:
                    aa:e1:94:9b:d8:26:f2:d7:48:c0:09:a0:82:42:ce:
                    3b:bb:b6:e6:80:5a:e3:03:86:29:97:a4:11:83:b3:
                    d0:1c:79:44:49:8f:e8:89:e2:d6:29:e9:9c:d4:46:
                    87:9f:6e:3a:1b:56:20:a1:9b:0c:65:54:f1:c7:d7:
                    bc:5a:34:0e:6f:e3:57:e2:a7:cd:e9:67:38:8c:ab:
                    d5:06:36:2a:47:bc:74:27:50:f9:a6:8b:cc:79:8d:
                    dc:eb:35:f9:b8:ba:a6:95:43:28:27:7b:02:4a:9e:
                    21:b0:99:ca:85:af:d2:f3:be:b5:3b:24:8a:84:23:
                    6c:52:90:60:c8:f9:2f:b1:f4:e9:d1:f6:82:0f:e8:
                    d5:4a:7d:75:d5:aa:b9:9b:42:dc:08:bf:f4:bf:fc:
                    5d:80:0d:fd:96:4c:51:57:98:71:df:f4:e5:2b:6c:
                    d2:c8:d8:0e:f2:21:f2:e1:3f:4c:98:cc:24:e8:55:
                    1c:c9:8d:44:3d:0c:78:ef:84:a0:86:f7:fd:ad:52:
                    8a:5e:a2:db:76:b5:36:f4:ca:00:13:3f:ea:f8:73:
                    9e:64:fb:a2:01:b5:20:84:8c:16:c5:fa:81:01:1a:
                    a1:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:96:FA:A1:96:AE:51:60:0B:CF:4D:F7:1B:12:CF:A4:71:88:CB:D0
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5d46f500-4d99-4116-822d-e82631198ea3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.138.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c3:60:97:09:ed:10:ef:32:4e:80:44:e1:64:2c:f2:e2:9a:78:
         e0:e9:17:0d:28:d9:c1:01:5a:9f:5c:0e:2e:0f:0d:5e:8b:8b:
         fc:51:ed:6d:d6:59:3f:48:47:70:9a:31:7b:e1:0e:f4:5c:ed:
         d9:01:7d:f6:dc:8f:94:3d:29:29:a6:20:14:00:00:0d:48:b1:
         9c:a7:2b:19:64:3f:ee:be:71:e5:fd:ff:f1:a7:a2:4e:ba:be:
         91:5f:0c:f0:22:55:9f:cd:9a:ac:ac:52:eb:76:8a:2d:7e:0a:
         26:eb:be:7b:94:30:30:b8:12:29:86:60:e6:77:4c:1b:c8:ac:
         5a:ec:6f:d4:d2:c4:90:26:89:a4:f2:fd:c9:77:72:c9:e5:a1:
         45:a6:8e:cf:25:77:0c:90:c5:19:66:c2:d3:c1:ad:2c:88:27:
         8f:86:33:f8:3b:19:0f:0a:1f:8e:a4:37:c1:ec:e3:09:ab:38:
         1a:08:d2:cd:d6:2c:3f:52:af:e2:78:57:66:00:cd:35:09:4a:
         ab:e8:33:10:73:e9:20:d0:56:ab:5c:43:1d:9a:d6:4d:bb:82:
         5c:b0:fa:6d:80:8d:b5:2b:85:a6:c2:f8:32:98:a6:29:b6:df:
         f0:86:cf:1e:38:a8:75:92:a4:ae:54:4b:b0:b7:cb:f3:88:b3:
         64:14:8e:25
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcfUb7/z1tn+gNrldNiFSOlBguUMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE5MDMwMDM3WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A0MzAzYWEwMDhmYjkwOWIzMzVjZDI0M2JhM2NhMzc4ODIy
NDcxZWJmMjY4NjQ4NDM5MTNiM2RhZTcxYTlhNTlmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0wPPtwXgl1oic6VTpsUAWcoGDjkUCmGNJPNxTIqrhlJvY
JvLXSMAJoIJCzju7tuaAWuMDhimXpBGDs9AceURJj+iJ4tYp6ZzURoefbjobViCh
mwxlVPHH17xaNA5v41fip83pZziMq9UGNipHvHQnUPmmi8x5jdzrNfm4uqaVQygn
ewJKniGwmcqFr9LzvrU7JIqEI2xSkGDI+S+x9OnR9oIP6NVKfXXVqrmbQtwIv/S/
/F2ADf2WTFFXmHHf9OUrbNLI2A7yIfLhP0yYzCToVRzJjUQ9DHjvhKCG9/2tUope
ott2tTb0ygATP+r4c55k+6IBtSCEjBbF+oEBGqFvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUV5b6oZauUWALz033GxLPpHGIy9AwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzVkNDZmNTAwLTRkOTktNDExNi04MjJkLWU4MjYzMTE5OGVhMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFsis4wDQYJKoZIhvcNAQELBQADggEBAMNglwntEO8yToBE4WQs8uKaeODp
Fw0o2cEBWp9cDi4PDV6Li/xR7W3WWT9IR3CaMXvhDvRc7dkBffbcj5Q9KSmmIBQA
AA1IsZynKxlkP+6+ceX9//Gnok66vpFfDPAiVZ/NmqysUut2ii1+CibrvnuUMDC4
EimGYOZ3TBvIrFrsb9TSxJAmiaTy/cl3csnloUWmjs8ldwyQxRlmwtPBrSyIJ4+G
M/g7GQ8KH46kN8Hs4wmrOBoI0s3WLD9Sr+J4V2YAzTUJSqvoMxBz6SDQVqtcQx2a
1k27glyw+m2AjbUrhabC+DKYpim23/CGzx44qHWSpK5US7C3y/OIs2QUjiU=
-----END CERTIFICATE-----