Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6465e0a7-1f24-41c3-aec2-a762d2d2014d.roa
File:                     6465e0a7-1f24-41c3-aec2-a762d2d2014d.roa (raw, json)
Hash identifier:          /btYZz9e+IwJ1EtqUNXefLm0PVRthrV8pB1popKK50c=
Subject key identifier:   D6:E9:3B:A1:F5:A2:96:AB:9E:10:48:D5:3E:9A:67:6F:3B:25:A8:A5
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2EFADB82C7612109FFA32853DB6A47940646CF1E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6465e0a7-1f24-41c3-aec2-a762d2d2014d.roa
Signing time:             Mon 20 Oct 2025 01:01:29 +0000
ROA not before:           Mon 20 Oct 2025 01:01:29 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.158.131.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:fa:db:82:c7:61:21:09:ff:a3:28:53:db:6a:47:94:06:46:cf:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 01:01:29 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=59a96191a9469de5f3954a0f779a39e25790c41565140d37f24479bd6f9e3fea, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:df:29:f9:9e:8e:15:73:54:54:6e:29:c8:26:
                    7d:ce:45:76:09:0a:66:e9:8c:4e:fb:e1:ad:26:06:
                    a1:cd:5f:98:58:9c:01:ab:c1:53:d7:cd:c8:10:f3:
                    b9:32:de:2d:fc:59:27:ca:84:19:5f:47:2c:0b:51:
                    e4:96:5e:f4:27:73:89:87:48:ca:f0:31:53:03:07:
                    e0:c9:2c:cf:2c:ab:da:e6:9e:79:9d:98:f8:fe:4f:
                    79:e0:e3:e3:d8:a1:c9:6a:15:03:61:ff:4d:bc:3c:
                    ea:77:6a:2c:c9:36:d7:66:d5:64:e8:65:85:27:e9:
                    78:d1:42:61:33:12:79:be:15:8f:e5:51:90:f1:1d:
                    66:cb:fd:95:94:46:1b:eb:97:21:11:d2:40:49:98:
                    41:4c:e0:1d:32:00:61:ff:d0:0a:a7:d6:8d:be:18:
                    6f:4c:b5:7a:56:7f:9c:2e:62:6a:d9:9d:50:d7:e4:
                    83:d0:8b:1b:ed:7c:c5:55:3c:b2:74:60:cd:ad:6a:
                    04:4e:4b:dc:88:b1:6a:f8:4c:b4:32:66:46:8f:4d:
                    5b:d3:48:ac:3b:af:53:4d:a0:b6:80:bb:c6:e8:17:
                    01:c9:13:7f:c8:47:ca:e2:f7:6c:61:e9:e8:f7:52:
                    6e:fd:37:62:7d:19:5c:49:53:00:49:ae:9e:77:86:
                    9e:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:E9:3B:A1:F5:A2:96:AB:9E:10:48:D5:3E:9A:67:6F:3B:25:A8:A5
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6465e0a7-1f24-41c3-aec2-a762d2d2014d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.158.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:cd:68:30:5c:38:da:70:ed:53:a9:95:d5:ad:9e:ce:93:c1:
         8b:26:e4:62:db:0e:3e:4a:ed:1c:a7:ff:3c:bf:3e:33:0e:9c:
         ea:85:b5:08:86:28:93:38:8a:f9:fc:bf:99:f0:2f:cf:37:91:
         45:0d:23:13:78:c8:e3:3b:5f:89:5d:9e:5c:45:8a:c5:fd:d0:
         0e:5f:13:f4:c7:aa:52:ef:91:02:dd:e2:43:23:e3:63:43:5e:
         51:2f:f7:03:79:a7:bf:a4:bb:77:96:3e:a9:90:38:e7:8e:81:
         24:71:1a:44:dc:94:e7:a3:2b:90:cb:7f:96:af:84:6f:65:d0:
         eb:8b:75:d6:14:45:ff:80:fd:0d:27:bd:87:fa:f7:f4:4c:0d:
         38:38:dc:96:e9:0f:5d:3e:0e:ba:f6:b7:cb:cb:99:c6:3d:b6:
         74:21:f3:1b:06:15:7b:43:f6:32:d0:d4:91:a2:c2:3c:75:67:
         00:ff:7e:c0:9d:11:77:3e:18:c0:34:96:7c:1c:00:98:38:1c:
         c0:7a:be:40:40:cb:98:33:6e:14:30:5d:f7:fa:1c:79:2a:79:
         93:c4:e6:a1:3b:fd:ad:4a:97:3d:39:fe:c5:f1:de:45:25:c9:
         96:51:ad:96:38:ac:89:59:5e:8f:e3:95:2f:4f:18:71:63:19:
         05:e0:7f:e2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULvrbgsdhIQn/oyhT22pHlAZGzx4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDEwMTI5WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A1OWE5NjE5MWE5NDY5ZGU1ZjM5NTRhMGY3NzlhMzllMjU3
OTBjNDE1NjUxNDBkMzdmMjQ0NzliZDZmOWUzZmVhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDT3yn5no4Vc1RUbinIJn3ORXYJCmbpjE774a0mBqHNX5hY
nAGrwVPXzcgQ87ky3i38WSfKhBlfRywLUeSWXvQnc4mHSMrwMVMDB+DJLM8sq9rm
nnmdmPj+T3ng4+PYoclqFQNh/028POp3aizJNtdm1WToZYUn6XjRQmEzEnm+FY/l
UZDxHWbL/ZWURhvrlyER0kBJmEFM4B0yAGH/0Aqn1o2+GG9MtXpWf5wuYmrZnVDX
5IPQixvtfMVVPLJ0YM2tagROS9yIsWr4TLQyZkaPTVvTSKw7r1NNoLaAu8boFwHJ
E3/IR8ri92xh6ej3Um79N2J9GVxJUwBJrp53hp5BAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU1uk7ofWilqueEEjVPppnbzslqKUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY0NjVlMGE3LTFmMjQtNDFjMy1hZWMyLWE3NjJkMmQyMDE0ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsnoMwDQYJKoZIhvcNAQELBQADggEBAKrNaDBcONpw7VOpldWtns6TwYsm
5GLbDj5K7Ryn/zy/PjMOnOqFtQiGKJM4ivn8v5nwL883kUUNIxN4yOM7X4ldnlxF
isX90A5fE/THqlLvkQLd4kMj42NDXlEv9wN5p7+ku3eWPqmQOOeOgSRxGkTclOej
K5DLf5avhG9l0OuLddYURf+A/Q0nvYf69/RMDTg43JbpD10+Drr2t8vLmcY9tnQh
8xsGFXtD9jLQ1JGiwjx1ZwD/fsCdEXc+GMA0lnwcAJg4HMB6vkBAy5gzbhQwXff6
HHkqeZPE5qE7/a1Klz05/sXx3kUlyZZRrZY4rIlZXo/jlS9PGHFjGQXgf+I=
-----END CERTIFICATE-----