Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/663ee44c-a611-440f-8867-41a04580b94c.roa
File:                     663ee44c-a611-440f-8867-41a04580b94c.roa (raw, json)
Hash identifier:          V1Z05eJTbOu5vCDinMDm/vbzUdGYhX3bOS4IWLfdoxw=
Subject key identifier:   F6:1B:29:A7:0D:03:34:34:45:1C:C5:D8:B7:5C:73:9D:4E:75:2E:51
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       19C357832869EC19945FE1D78EDA968D9B2CD239
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/663ee44c-a611-440f-8867-41a04580b94c.roa
Signing time:             Mon 20 Oct 2025 00:31:02 +0000
ROA not before:           Mon 20 Oct 2025 00:31:02 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.158.216.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:c3:57:83:28:69:ec:19:94:5f:e1:d7:8e:da:96:8d:9b:2c:d2:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 00:31:02 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=deaa3653d63469aae69934ca9bcfbc9936f072d782a433380442ed7008601bdc, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:80:ea:92:30:c8:a2:16:aa:13:c9:bd:76:7b:
                    12:c0:aa:25:ce:c8:43:84:47:7a:f9:2b:d0:2f:80:
                    eb:01:d7:5c:00:f3:44:2f:c7:5f:db:21:ec:d5:77:
                    d0:ac:ca:5d:c9:39:6d:45:7e:e2:d9:df:26:5c:ce:
                    8d:97:33:10:e9:8a:7d:14:6f:b1:9a:2b:fa:54:e0:
                    4a:8e:bb:13:88:a0:37:04:f2:64:3a:43:3a:ea:7c:
                    16:0e:1b:b4:be:33:f4:ed:46:5a:24:39:90:03:f2:
                    09:71:43:99:5b:27:40:ab:ce:74:83:a9:ea:77:2d:
                    9d:ff:5f:d9:33:d0:10:19:a0:eb:d7:21:30:d6:84:
                    cb:5a:c3:f9:17:33:93:a6:fe:7b:bb:f0:9e:05:74:
                    db:c7:06:49:60:19:de:b6:c2:63:ec:87:d5:b3:10:
                    07:8e:c3:b5:54:e4:b3:4f:44:1e:53:38:09:c2:8f:
                    9e:22:47:ed:b3:1f:38:1c:ad:96:dc:52:23:7e:5d:
                    38:b5:16:bb:08:b3:3a:18:5f:21:70:41:e5:64:7d:
                    79:79:36:01:d8:36:90:6e:24:47:2b:3a:9e:d4:a0:
                    9c:75:f4:95:5e:e6:15:a3:9a:9e:17:96:2e:cb:a7:
                    58:b8:e1:83:59:f1:31:3f:09:cc:59:0e:b9:ec:72:
                    66:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:1B:29:A7:0D:03:34:34:45:1C:C5:D8:B7:5C:73:9D:4E:75:2E:51
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/663ee44c-a611-440f-8867-41a04580b94c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.158.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         24:01:ca:77:4e:dd:3f:43:af:42:a5:de:be:06:f2:18:4c:86:
         e7:af:1c:89:86:17:f7:03:c1:13:09:21:4c:43:76:cd:5e:15:
         31:cd:76:47:b8:08:bc:14:82:27:58:c9:92:be:55:70:22:ab:
         78:54:04:a7:9c:8d:d1:af:47:b6:11:86:77:d7:53:a1:e9:56:
         3c:20:b3:d9:31:c4:02:c8:df:99:b8:ef:2b:35:c5:2b:4d:e0:
         80:9f:7b:ff:9c:c8:df:b0:56:c4:2d:41:6e:be:91:7b:b0:94:
         e6:bc:32:d7:ba:0a:85:ce:e5:f6:ab:f5:48:ad:c1:d3:c8:e8:
         f4:1b:9c:cf:3d:dd:43:4e:3f:4a:a9:f6:ed:ca:f7:b2:f6:7c:
         c6:77:e7:1d:9e:83:dd:31:da:97:e5:38:e3:7e:e8:43:2b:2b:
         2f:86:1c:04:2e:77:49:27:e5:1a:a9:83:cf:7e:93:d4:96:c6:
         1d:2b:71:82:ba:7f:18:79:81:14:b1:99:14:2a:d1:9a:32:17:
         e7:d7:98:e0:09:f5:34:6c:83:a6:57:c6:5f:64:1b:64:c9:b0:
         ed:56:76:44:52:0a:5f:b6:be:6f:2e:91:f0:b4:1b:fd:78:e7:
         cf:33:7e:af:d2:1b:7f:57:99:9f:a9:2d:c6:8d:77:8a:a8:88:
         ef:c5:7f:77
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGcNXgyhp7BmUX+HXjtqWjZss0jkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDAzMTAyWhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BkZWFhMzY1M2Q2MzQ2OWFhZTY5OTM0Y2E5YmNmYmM5OTM2
ZjA3MmQ3ODJhNDMzMzgwNDQyZWQ3MDA4NjAxYmRjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDXgOqSMMiiFqoTyb12exLAqiXOyEOER3r5K9AvgOsB11wA
80Qvx1/bIezVd9Csyl3JOW1FfuLZ3yZczo2XMxDpin0Ub7GaK/pU4EqOuxOIoDcE
8mQ6QzrqfBYOG7S+M/TtRlokOZAD8glxQ5lbJ0CrznSDqep3LZ3/X9kz0BAZoOvX
ITDWhMtaw/kXM5Om/nu78J4FdNvHBklgGd62wmPsh9WzEAeOw7VU5LNPRB5TOAnC
j54iR+2zHzgcrZbcUiN+XTi1FrsIszoYXyFwQeVkfXl5NgHYNpBuJEcrOp7UoJx1
9JVe5hWjmp4Xli7Lp1i44YNZ8TE/CcxZDrnscmbfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU9hsppw0DNDRFHMXYt1xznU51LlEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY2M2VlNDRjLWE2MTEtNDQwZi04ODY3LTQxYTA0NTgwYjk0Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJsntgwDQYJKoZIhvcNAQELBQADggEBACQByndO3T9Dr0Kl3r4G8hhMhuev
HImGF/cDwRMJIUxDds1eFTHNdke4CLwUgidYyZK+VXAiq3hUBKecjdGvR7YRhnfX
U6HpVjwgs9kxxALI35m47ys1xStN4ICfe/+cyN+wVsQtQW6+kXuwlOa8Mte6CoXO
5far9UitwdPI6PQbnM893UNOP0qp9u3K97L2fMZ35x2eg90x2pflOON+6EMrKy+G
HAQud0kn5Rqpg89+k9SWxh0rcYK6fxh5gRSxmRQq0ZoyF+fXmOAJ9TRsg6ZXxl9k
G2TJsO1WdkRSCl+2vm8ukfC0G/14588zfq/SG39XmZ+pLcaNd4qoiO/Ff3c=
-----END CERTIFICATE-----