Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5f7ee251-0f51-4297-a81a-f89fd63601ca.roa
File:                     5f7ee251-0f51-4297-a81a-f89fd63601ca.roa (raw, json)
Hash identifier:          u+ajeYolYMWBBe7g78mFUxZpuVXDw9uMqDRT/gOAW8s=
Subject key identifier:   6E:F0:E4:A3:FE:47:66:92:A3:E1:68:11:9F:EF:D3:F7:8C:60:4B:F2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0BE735476422296D44D52852755ABE1229C64578
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5f7ee251-0f51-4297-a81a-f89fd63601ca.roa
Signing time:             Mon 20 Oct 2025 05:30:12 +0000
ROA not before:           Mon 20 Oct 2025 05:30:12 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.139.66.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:e7:35:47:64:22:29:6d:44:d5:28:52:75:5a:be:12:29:c6:45:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 05:30:12 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=0a753744697bc66eed6d4ce489c467ec2d776fc4bc8cd5b1b174f40b1906438c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:8a:82:0c:3b:51:9d:0e:03:ca:97:f6:99:03:
                    d6:a1:28:89:3e:7e:4a:26:00:e9:12:2d:00:96:aa:
                    7e:62:e0:f5:55:f3:d4:a8:af:76:22:32:32:4b:ba:
                    42:f0:a8:f8:6f:79:80:73:63:e4:4a:1a:9c:1b:23:
                    7b:7e:17:c3:b7:52:5e:89:d1:ce:10:ea:f5:1a:91:
                    c2:83:95:c0:42:91:6c:79:46:35:c1:81:32:28:d3:
                    a6:e6:6d:3f:fe:02:4a:19:47:41:12:59:9f:ca:43:
                    7b:3d:77:86:6d:12:03:9b:57:2f:84:9b:b6:14:45:
                    1b:a1:5f:32:b3:af:29:a3:46:e9:25:7e:37:7a:89:
                    70:13:c0:c4:c9:f8:5a:54:8f:bb:d9:99:20:3c:62:
                    f7:fe:4e:8b:ff:40:20:7e:da:44:e3:d0:9b:32:7b:
                    37:b8:c4:55:a9:83:70:a9:10:03:9b:2c:41:a7:b0:
                    e0:0c:ad:d5:92:bc:f5:42:ad:2b:43:5b:93:2d:64:
                    dd:b3:c8:7e:a7:42:78:b4:c8:27:1f:58:95:76:93:
                    12:a9:3e:07:1f:fe:39:c0:5f:f9:9f:32:9a:dc:2a:
                    c0:e4:b9:c6:34:ca:6f:43:d8:e4:8b:99:41:b5:ec:
                    3e:b7:bc:c1:84:17:df:fe:47:ac:d0:ca:db:69:84:
                    b0:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:F0:E4:A3:FE:47:66:92:A3:E1:68:11:9F:EF:D3:F7:8C:60:4B:F2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5f7ee251-0f51-4297-a81a-f89fd63601ca.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.139.66.0/23

    Signature Algorithm: sha256WithRSAEncryption
         be:07:44:a5:fd:2d:f6:0c:58:03:df:49:7c:e0:db:bc:3b:d4:
         54:6f:46:e7:54:35:e8:8a:ec:b4:72:f1:1d:4b:97:ce:39:c1:
         d2:4b:4e:ba:28:af:15:c7:cb:6d:40:9e:95:b1:6e:b2:51:d2:
         ca:71:93:cf:62:b7:6c:80:66:60:b0:8f:ee:3e:66:2b:29:5a:
         f5:1e:6a:2c:27:5a:b9:81:b8:f0:49:cf:7f:ff:e8:cc:85:e3:
         1f:4c:d2:e6:03:51:2c:cd:31:54:13:7c:96:c8:d5:ab:4c:b6:
         4d:94:6e:6a:af:59:30:c3:b7:ab:f1:9b:41:73:93:9f:b3:61:
         5e:b6:a6:f1:18:92:a1:3f:8f:7c:52:4a:03:99:45:8d:59:e4:
         60:98:63:e6:52:00:f5:5e:91:93:d9:dc:7e:5f:c4:40:51:02:
         3e:2c:9c:a6:90:7b:82:84:41:22:ca:7d:1f:f9:62:0c:7e:b6:
         0c:ef:86:3e:e9:34:b0:6b:38:3c:e1:d3:4f:c0:42:8b:c2:98:
         43:82:ec:bc:73:40:9c:c9:23:74:14:3e:aa:b9:4e:af:e9:78:
         df:30:93:c7:b0:89:b4:87:a0:33:a9:9d:0a:29:d4:1e:a7:ad:
         b5:1f:ab:4c:66:e5:8c:42:3c:2f:bc:0a:d4:71:af:a2:bd:ad:
         37:7b:da:3d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUC+c1R2QiKW1E1ShSdVq+EinGRXgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDUzMDEyWhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AwYTc1Mzc0NDY5N2JjNjZlZWQ2ZDRjZTQ4OWM0NjdlYzJk
Nzc2ZmM0YmM4Y2Q1YjFiMTc0ZjQwYjE5MDY0MzhjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDxioIMO1GdDgPKl/aZA9ahKIk+fkomAOkSLQCWqn5i4PVV
89Sor3YiMjJLukLwqPhveYBzY+RKGpwbI3t+F8O3Ul6J0c4Q6vUakcKDlcBCkWx5
RjXBgTIo06bmbT/+AkoZR0ESWZ/KQ3s9d4ZtEgObVy+Em7YURRuhXzKzrymjRukl
fjd6iXATwMTJ+FpUj7vZmSA8Yvf+Tov/QCB+2kTj0Jsyeze4xFWpg3CpEAObLEGn
sOAMrdWSvPVCrStDW5MtZN2zyH6nQni0yCcfWJV2kxKpPgcf/jnAX/mfMprcKsDk
ucY0ym9D2OSLmUG17D63vMGEF9/+R6zQyttphLCPAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUbvDko/5HZpKj4WgRn+/T94xgS/IwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzVmN2VlMjUxLTBmNTEtNDI5Ny1hODFhLWY4OWZkNjM2MDFjYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFsi0IwDQYJKoZIhvcNAQELBQADggEBAL4HRKX9LfYMWAPfSXzg27w71FRv
RudUNeiK7LRy8R1Ll845wdJLTroorxXHy21AnpWxbrJR0spxk89it2yAZmCwj+4+
ZispWvUeaiwnWrmBuPBJz3//6MyF4x9M0uYDUSzNMVQTfJbI1atMtk2UbmqvWTDD
t6vxm0Fzk5+zYV62pvEYkqE/j3xSSgOZRY1Z5GCYY+ZSAPVekZPZ3H5fxEBRAj4s
nKaQe4KEQSLKfR/5Ygx+tgzvhj7pNLBrODzh00/AQovCmEOC7LxzQJzJI3QUPqq5
Tq/peN8wk8ewibSHoDOpnQop1B6nrbUfq0xm5YxCPC+8CtRxr6K9rTd72j0=
-----END CERTIFICATE-----