Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/65a76228-fec5-4133-a90e-78865ae11d52.roa
File:                     65a76228-fec5-4133-a90e-78865ae11d52.roa (raw, json)
Hash identifier:          s3VtS5VOL372/xzNv0zxhklZXymh3uYvBOdS73Riwy0=
Subject key identifier:   A1:9D:1B:A9:D8:6C:51:F5:4A:17:AD:21:BB:F8:8D:2F:76:79:65:CC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0B05B3C5996109D27BF646D7D6709B2640ED7983
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/65a76228-fec5-4133-a90e-78865ae11d52.roa
Signing time:             Mon 20 Oct 2025 06:20:06 +0000
ROA not before:           Mon 20 Oct 2025 06:20:06 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.139.56.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:05:b3:c5:99:61:09:d2:7b:f6:46:d7:d6:70:9b:26:40:ed:79:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 06:20:06 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=5ba2fae4ac31916991dd1a5ef6c75712b543e076f660a46e703c25791ea51cae, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:c6:1a:65:58:f6:b8:6a:5c:ec:5a:8f:3b:06:
                    08:e3:18:b6:3d:cc:73:f1:16:10:40:2f:70:47:d8:
                    88:7a:5e:a0:b1:18:cc:4f:9e:aa:80:aa:be:91:19:
                    fd:84:7d:e6:39:9d:9d:78:cf:ff:b5:e8:99:2a:56:
                    86:e4:10:94:86:08:d6:a5:07:c9:60:0b:13:7d:93:
                    4b:6c:1b:4a:44:d3:18:eb:1a:2c:55:bb:0d:6c:80:
                    84:2a:d3:4a:d2:7c:50:40:97:2e:1b:71:33:2b:f9:
                    f4:3a:40:17:c9:2f:aa:d5:76:d1:1b:d9:4e:24:bf:
                    50:08:b9:7f:ee:bb:da:4f:b2:9f:89:17:3c:f6:b5:
                    b1:a7:59:8f:2f:3f:84:ba:b9:6c:74:63:6f:d7:96:
                    16:d3:8f:62:c6:f5:7f:2d:2d:05:2b:fb:44:2c:8c:
                    d6:fd:e6:fc:ea:60:d1:8d:21:df:ad:01:7e:81:1e:
                    c6:c7:16:b6:2a:b6:6d:08:55:12:5c:48:64:c2:ad:
                    74:a6:2f:61:50:aa:81:cb:e7:cd:6b:1b:cb:86:d7:
                    3b:97:d9:4d:aa:e2:e5:2e:f4:93:c0:9b:ad:78:6d:
                    f0:0b:cf:2b:a3:86:d2:62:56:07:20:17:cc:bb:39:
                    4d:21:94:dc:a5:39:b1:79:1e:02:7e:7a:53:6d:e5:
                    0e:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:9D:1B:A9:D8:6C:51:F5:4A:17:AD:21:BB:F8:8D:2F:76:79:65:CC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/65a76228-fec5-4133-a90e-78865ae11d52.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.139.56.0/21

    Signature Algorithm: sha256WithRSAEncryption
         45:21:c9:06:6f:57:f9:53:92:db:ca:85:e6:5f:d4:5a:21:a4:
         df:a6:8a:7f:19:82:20:97:f6:ba:2b:a7:8b:89:91:51:60:28:
         d1:14:6a:be:f6:e8:e4:ff:44:1a:fd:28:60:cc:e3:f7:d7:01:
         96:55:9b:fc:97:a6:b0:a2:5b:06:db:46:d5:89:c9:8e:8d:e3:
         8a:19:ff:e8:87:84:54:5c:7a:10:05:77:80:46:31:80:e0:fd:
         13:b7:cd:85:e2:53:8f:02:ae:79:0f:c5:9c:01:f0:9b:bc:8e:
         1d:53:53:e7:f7:87:7d:0a:7a:56:fe:ca:47:eb:9a:84:5b:45:
         63:23:e0:d5:7a:e0:ae:e8:2a:53:d7:69:12:08:c5:86:d9:ba:
         1a:b3:2f:8f:21:68:a9:ea:8a:b9:4f:07:68:7c:70:ad:cd:38:
         d3:3e:09:fd:c8:c3:e0:a0:4d:7d:6c:be:5a:32:39:20:e5:2b:
         e8:27:b8:08:7b:91:df:bf:25:2f:64:d7:bb:5b:0e:85:18:2d:
         59:7f:cf:40:aa:2b:15:9d:a9:f0:14:9b:4d:22:c5:a1:ec:1f:
         7e:77:da:96:8c:1c:0b:57:24:bf:82:8f:a8:0a:45:b7:25:02:
         be:28:31:94:e3:54:cb:1f:5e:6a:2a:57:fd:f4:5b:b5:62:80:
         d1:2a:08:53
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCwWzxZlhCdJ79kbX1nCbJkDteYMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDYyMDA2WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A1YmEyZmFlNGFjMzE5MTY5OTFkZDFhNWVmNmM3NTcxMmI1
NDNlMDc2ZjY2MGE0NmU3MDNjMjU3OTFlYTUxY2FlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrxhplWPa4alzsWo87BgjjGLY9zHPxFhBAL3BH2Ih6XqCx
GMxPnqqAqr6RGf2EfeY5nZ14z/+16JkqVobkEJSGCNalB8lgCxN9k0tsG0pE0xjr
GixVuw1sgIQq00rSfFBAly4bcTMr+fQ6QBfJL6rVdtEb2U4kv1AIuX/uu9pPsp+J
Fzz2tbGnWY8vP4S6uWx0Y2/XlhbTj2LG9X8tLQUr+0QsjNb95vzqYNGNId+tAX6B
HsbHFrYqtm0IVRJcSGTCrXSmL2FQqoHL581rG8uG1zuX2U2q4uUu9JPAm614bfAL
zyujhtJiVgcgF8y7OU0hlNylObF5HgJ+elNt5Q4tAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUoZ0bqdhsUfVKF60hu/iNL3Z5ZcwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY1YTc2MjI4LWZlYzUtNDEzMy1hOTBlLTc4ODY1YWUxMWQ1Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANsizgwDQYJKoZIhvcNAQELBQADggEBAEUhyQZvV/lTktvKheZf1FohpN+m
in8ZgiCX9rorp4uJkVFgKNEUar726OT/RBr9KGDM4/fXAZZVm/yXprCiWwbbRtWJ
yY6N44oZ/+iHhFRcehAFd4BGMYDg/RO3zYXiU48CrnkPxZwB8Ju8jh1TU+f3h30K
elb+ykfrmoRbRWMj4NV64K7oKlPXaRIIxYbZuhqzL48haKnqirlPB2h8cK3NONM+
Cf3Iw+CgTX1svloyOSDlK+gnuAh7kd+/JS9k17tbDoUYLVl/z0CqKxWdqfAUm00i
xaHsH3532paMHAtXJL+Cj6gKRbclAr4oMZTjVMsfXmoqV/30W7VigNEqCFM=
-----END CERTIFICATE-----