Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/60c629e9-7b96-4592-b791-e35689817f8f.roa
File:                     60c629e9-7b96-4592-b791-e35689817f8f.roa (raw, json)
Hash identifier:          ddZefp08pvmz3VpnwudIymy2GL1SAzyRhHvsoQ9ruAo=
Subject key identifier:   E2:3B:61:22:64:1D:DD:35:98:27:50:F2:1B:9B:43:AD:A3:20:E5:84
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2E6120621ADE6AF7E311C2DC6747A3D41E7F3BD7
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/60c629e9-7b96-4592-b791-e35689817f8f.roa
Signing time:             Mon 20 Oct 2025 03:51:20 +0000
ROA not before:           Mon 20 Oct 2025 03:51:20 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.139.32.0/19 maxlen: 19
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:61:20:62:1a:de:6a:f7:e3:11:c2:dc:67:47:a3:d4:1e:7f:3b:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 03:51:20 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=0e8a5b6f0bde35a373d85e720be15435d90bd2a49a7673620f44fe24d2a2a0be, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:5c:0f:5d:ba:b7:cc:5f:46:d3:92:7d:04:38:
                    4d:ac:a6:51:61:41:8f:01:21:54:f2:7f:b2:4b:e9:
                    8a:ea:09:c1:f0:46:6b:b3:3f:dd:d1:be:17:99:15:
                    dd:aa:d6:ee:cf:e7:f6:0a:2a:2a:30:b4:80:8d:ab:
                    d9:f2:38:f7:fa:16:cf:1e:7f:b0:45:67:96:91:52:
                    dc:d5:32:cb:17:69:9e:bc:b4:11:4a:11:a5:d2:db:
                    a6:47:cb:d3:32:01:28:46:f8:a2:25:50:b4:25:a8:
                    9e:89:45:85:50:42:66:38:14:38:38:d4:38:ff:1a:
                    08:40:47:13:51:49:55:03:55:92:64:73:91:14:95:
                    f9:35:97:47:10:8d:30:2c:74:c3:ba:0b:10:9a:5d:
                    0a:10:f0:29:0f:a1:ca:8e:b9:21:89:c6:56:93:d6:
                    18:87:0d:91:5c:11:9f:a6:bc:fa:c1:35:f0:b8:ec:
                    ca:7c:b8:6f:d3:14:f7:a2:1d:c4:05:78:33:0f:b5:
                    bc:88:35:83:df:41:56:b2:59:6b:0c:a2:db:24:ed:
                    1f:ca:93:05:89:3a:f6:df:2b:e5:96:70:1c:33:3c:
                    89:58:bc:07:9c:55:03:f0:62:f7:33:77:04:db:38:
                    b8:6d:30:5c:1d:83:2a:5d:ee:9d:9f:17:f4:d9:7b:
                    b1:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:3B:61:22:64:1D:DD:35:98:27:50:F2:1B:9B:43:AD:A3:20:E5:84
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/60c629e9-7b96-4592-b791-e35689817f8f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.139.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         10:54:f1:8f:6d:6d:3a:73:3e:32:fc:25:64:9c:53:ef:76:21:
         3f:89:e2:47:64:01:0a:a3:8c:b7:3b:7a:ef:17:f5:a2:54:0b:
         5c:91:9c:86:c9:dd:ed:0e:7c:33:c4:84:43:28:e4:de:a7:a6:
         e0:42:28:df:46:fa:0d:28:2c:c1:7b:0a:12:89:5f:0c:7e:d9:
         c1:1a:73:57:b0:b6:7b:cb:f9:fd:76:62:81:c9:81:48:30:db:
         2e:b0:a2:27:1a:70:73:18:2c:2b:55:b8:91:97:78:be:de:b4:
         b2:99:1f:a7:23:c0:d4:e1:06:9d:81:a6:9c:10:0e:5b:75:5a:
         02:22:9a:74:5e:50:9b:df:1c:e4:1b:90:2e:bb:07:0e:57:dd:
         a5:17:27:58:bf:3e:a6:fb:ee:81:ad:ce:eb:91:19:4a:1f:1b:
         97:0a:2a:5d:db:7c:b5:34:36:44:34:7a:a8:e3:98:03:df:de:
         8a:87:90:7f:49:42:b3:dd:d3:77:dd:43:72:35:4d:40:5b:e3:
         fa:3a:f4:53:b4:7c:55:71:fe:55:88:a0:dd:09:d4:30:9f:af:
         40:40:fc:2a:d6:4d:89:9d:f9:41:17:67:d6:1b:5e:43:1a:18:
         9c:67:29:05:d9:10:93:b4:0d:40:eb:a7:5b:6e:ef:2e:c2:43:
         56:c1:0d:c0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULmEgYhreavfjEcLcZ0ej1B5/O9cwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDM1MTIwWhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AwZThhNWI2ZjBiZGUzNWEzNzNkODVlNzIwYmUxNTQzNWQ5
MGJkMmE0OWE3NjczNjIwZjQ0ZmUyNGQyYTJhMGJlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQChXA9durfMX0bTkn0EOE2splFhQY8BIVTyf7JL6YrqCcHw
RmuzP93RvheZFd2q1u7P5/YKKiowtICNq9nyOPf6Fs8ef7BFZ5aRUtzVMssXaZ68
tBFKEaXS26ZHy9MyAShG+KIlULQlqJ6JRYVQQmY4FDg41Dj/GghARxNRSVUDVZJk
c5EUlfk1l0cQjTAsdMO6CxCaXQoQ8CkPocqOuSGJxlaT1hiHDZFcEZ+mvPrBNfC4
7Mp8uG/TFPeiHcQFeDMPtbyINYPfQVayWWsMotsk7R/KkwWJOvbfK+WWcBwzPIlY
vAecVQPwYvczdwTbOLhtMFwdgypd7p2fF/TZe7HfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU4jthImQd3TWYJ1DyG5tDraMg5YQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzYwYzYyOWU5LTdiOTYtNDU5Mi1iNzkxLWUzNTY4OTgxN2Y4Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAVsiyAwDQYJKoZIhvcNAQELBQADggEBABBU8Y9tbTpzPjL8JWScU+92IT+J
4kdkAQqjjLc7eu8X9aJUC1yRnIbJ3e0OfDPEhEMo5N6npuBCKN9G+g0oLMF7ChKJ
Xwx+2cEac1ewtnvL+f12YoHJgUgw2y6woicacHMYLCtVuJGXeL7etLKZH6cjwNTh
Bp2BppwQDlt1WgIimnReUJvfHOQbkC67Bw5X3aUXJ1i/Pqb77oGtzuuRGUofG5cK
Kl3bfLU0NkQ0eqjjmAPf3oqHkH9JQrPd03fdQ3I1TUBb4/o69FO0fFVx/lWIoN0J
1DCfr0BA/CrWTYmd+UEXZ9YbXkMaGJxnKQXZEJO0DUDrp1tu7y7CQ1bBDcA=
-----END CERTIFICATE-----