Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6e1b6281-1f33-447b-bb74-e5f519c0773f.roa
File:                     6e1b6281-1f33-447b-bb74-e5f519c0773f.roa (raw, json)
Hash identifier:          H+LHUatyfN9317iwXbca0Lrty/XK0Hl7vHf2BYDbfRw=
Subject key identifier:   20:6C:DD:5F:63:29:93:76:37:AA:DC:C2:85:BD:93:1F:88:A0:B4:22
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0FDAC8958AAE098531BD5D17E2B14B5218A64C16
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6e1b6281-1f33-447b-bb74-e5f519c0773f.roa
Signing time:             Sun 19 Oct 2025 02:10:58 +0000
ROA not before:           Sun 19 Oct 2025 02:10:58 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.138.33.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:da:c8:95:8a:ae:09:85:31:bd:5d:17:e2:b1:4b:52:18:a6:4c:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 19 02:10:58 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=4e66f8205b212560772ba10f8800045356cd23780c4d743f6507a37f1f307558, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:5c:56:89:43:02:26:7a:58:98:ac:90:21:ea:
                    df:43:91:3f:a5:7b:b9:36:d1:06:6c:07:ce:77:ed:
                    af:b1:4a:eb:cf:ee:da:36:24:25:d4:fc:35:83:5c:
                    7b:83:f0:4f:c2:a6:4a:e4:f7:a4:48:bd:91:28:03:
                    46:91:b4:53:a0:44:bd:3c:f0:91:92:83:b7:fe:15:
                    a3:73:5a:1c:8f:ae:09:e0:1d:35:d6:b1:78:f2:bc:
                    99:c1:0f:a6:6c:6d:07:db:4d:a8:97:ce:09:fb:08:
                    5e:08:8e:7e:03:47:fd:38:8b:9a:0a:fd:20:e5:c1:
                    2d:87:1a:e7:6f:c1:40:15:1a:da:d9:48:d2:19:e4:
                    ad:a9:ef:17:91:00:3e:d7:f9:eb:51:9a:b6:16:67:
                    bf:3a:89:74:a6:a3:03:91:b8:ef:ce:76:8f:0b:42:
                    60:bb:7d:e3:48:cd:9e:1e:32:0c:97:3a:ec:52:67:
                    f6:38:5f:cb:7f:6f:fe:99:ad:41:c6:0b:ed:55:8b:
                    3a:37:8c:44:0e:c5:9a:5c:bc:b0:7b:f7:68:23:f9:
                    e3:17:0a:e2:3c:8b:03:20:a9:a6:b3:8b:c1:42:66:
                    c6:51:fd:f5:8c:70:b7:d8:1f:58:ed:8c:cf:32:52:
                    0f:08:1b:89:ac:96:46:87:05:63:16:53:62:bd:34:
                    05:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:6C:DD:5F:63:29:93:76:37:AA:DC:C2:85:BD:93:1F:88:A0:B4:22
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6e1b6281-1f33-447b-bb74-e5f519c0773f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.138.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:5f:0f:11:8b:1d:a1:32:f4:5c:01:14:c6:e2:5e:db:c0:97:
         69:40:40:02:20:dd:74:74:1a:cc:d7:c2:29:71:cb:e3:10:8a:
         a8:34:f2:b4:3d:86:fa:f2:30:72:04:29:2e:65:0e:22:f7:3d:
         7c:8b:b9:e5:28:5c:23:42:1e:8f:2a:1a:74:f2:4d:50:90:ee:
         4f:cb:c7:ee:4e:80:ed:d6:1e:6f:d4:41:df:e2:e8:b0:d6:26:
         6c:1c:07:f6:c4:f7:9b:2b:4b:98:8d:8c:a3:ac:3e:d5:94:23:
         e3:28:66:bf:78:83:44:5f:59:2a:4e:24:9a:91:22:6b:2a:51:
         a1:9d:08:0f:f0:e1:63:0b:b3:6b:91:bf:85:8f:af:12:c7:6d:
         2b:17:d0:a4:4d:02:56:09:13:3b:33:ca:0f:2f:16:d2:34:4b:
         15:d8:7b:fc:1b:43:51:b7:a4:11:31:da:fb:f0:61:68:8f:0d:
         a4:ff:06:43:e0:c0:22:59:6f:e5:d9:c5:7e:81:b2:6a:da:75:
         3d:1c:67:44:cd:7c:bb:d4:75:63:69:48:0a:8e:e9:3b:1c:8f:
         bc:dd:c9:af:48:a0:4f:48:8d:9a:96:97:e2:ec:5e:8d:85:ed:
         e2:98:3f:8b:40:31:54:99:36:fc:26:4c:09:3a:53:1f:f2:22:
         76:e1:c6:8d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUD9rIlYquCYUxvV0X4rFLUhimTBYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE5MDIxMDU4WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZTY2ZjgyMDViMjEyNTYwNzcyYmExMGY4ODAwMDQ1MzU2
Y2QyMzc4MGM0ZDc0M2Y2NTA3YTM3ZjFmMzA3NTU4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCiXFaJQwImeliYrJAh6t9DkT+le7k20QZsB8537a+xSuvP
7to2JCXU/DWDXHuD8E/Cpkrk96RIvZEoA0aRtFOgRL088JGSg7f+FaNzWhyPrgng
HTXWsXjyvJnBD6ZsbQfbTaiXzgn7CF4Ijn4DR/04i5oK/SDlwS2HGudvwUAVGtrZ
SNIZ5K2p7xeRAD7X+etRmrYWZ786iXSmowORuO/Odo8LQmC7feNIzZ4eMgyXOuxS
Z/Y4X8t/b/6ZrUHGC+1Vizo3jEQOxZpcvLB792gj+eMXCuI8iwMgqaazi8FCZsZR
/fWMcLfYH1jtjM8yUg8IG4mslkaHBWMWU2K9NAWvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIGzdX2Mpk3Y3qtzChb2TH4igtCIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzZlMWI2MjgxLTFmMzMtNDQ3Yi1iYjc0LWU1ZjUxOWMwNzczZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsiiEwDQYJKoZIhvcNAQELBQADggEBAANfDxGLHaEy9FwBFMbiXtvAl2lA
QAIg3XR0GszXwilxy+MQiqg08rQ9hvryMHIEKS5lDiL3PXyLueUoXCNCHo8qGnTy
TVCQ7k/Lx+5OgO3WHm/UQd/i6LDWJmwcB/bE95srS5iNjKOsPtWUI+MoZr94g0Rf
WSpOJJqRImsqUaGdCA/w4WMLs2uRv4WPrxLHbSsX0KRNAlYJEzszyg8vFtI0SxXY
e/wbQ1G3pBEx2vvwYWiPDaT/BkPgwCJZb+XZxX6BsmradT0cZ0TNfLvUdWNpSAqO
6Tscj7zdya9IoE9IjZqWl+LsXo2F7eKYP4tAMVSZNvwmTAk6Ux/yInbhxo0=
-----END CERTIFICATE-----