Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7d68e2fd-d4e5-4625-a479-ad522f6d6fb2.roa
File:                     7d68e2fd-d4e5-4625-a479-ad522f6d6fb2.roa (raw, json)
Hash identifier:          l5Q/C5N5YtHzwZ72wOYU+Z3w38pxJ7BfQwLTlJ5PGnY=
Subject key identifier:   72:3F:6C:8C:17:13:42:48:F9:63:93:EF:13:EE:39:99:20:B3:48:72
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5EB41CDB9A27527A0364A7BFC492135752CC5B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7d68e2fd-d4e5-4625-a479-ad522f6d6fb2.roa
Signing time:             Sun 19 Oct 2025 02:50:57 +0000
ROA not before:           Sun 19 Oct 2025 02:50:57 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.138.240.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:b4:1c:db:9a:27:52:7a:03:64:a7:bf:c4:92:13:57:52:cc:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 19 02:50:57 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=6f821624f1a45b328a21f839ef80c29ce17ad99d03cdb83eaffa4f02a01dad16, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:57:bf:9b:63:16:75:b2:a1:94:f7:78:67:1c:
                    a6:05:fd:78:7b:a7:59:a9:86:5b:8c:88:72:b7:f7:
                    2a:11:b1:17:36:a4:07:38:cd:8e:4e:4c:b6:d4:4c:
                    63:ac:14:d9:7b:65:3e:22:1a:53:6c:2b:96:8d:c2:
                    ec:e3:78:77:a4:fe:6d:19:59:be:13:51:3b:9e:d0:
                    b2:87:de:48:34:60:71:31:2e:d9:53:ab:47:4e:df:
                    71:1e:4f:fb:57:bf:a5:8e:e8:78:52:d0:ab:f8:3f:
                    bf:fb:de:aa:76:aa:d7:4e:42:8e:21:00:2b:58:74:
                    5e:01:c4:af:4c:ff:98:f4:b8:9a:55:88:e4:93:60:
                    06:12:6e:5e:f9:9d:e7:84:86:6b:77:e4:a7:5f:e0:
                    63:31:c8:9a:1b:18:73:37:83:1e:3a:88:fa:ed:f5:
                    ce:97:09:81:eb:bc:0e:b0:b5:f7:ab:ce:f6:a4:57:
                    8d:16:0c:3c:f1:a8:89:f9:79:19:d8:a9:f2:21:1e:
                    a8:c4:ca:95:3b:57:b4:07:0d:ba:a1:d8:19:18:db:
                    d5:d3:8f:15:03:35:62:82:00:b0:1b:92:0a:36:81:
                    de:63:23:bd:07:6b:eb:32:e6:b7:15:ec:62:9e:24:
                    37:88:60:d7:10:0f:59:a7:f2:6e:75:19:b6:ce:8c:
                    c6:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:3F:6C:8C:17:13:42:48:F9:63:93:EF:13:EE:39:99:20:B3:48:72
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7d68e2fd-d4e5-4625-a479-ad522f6d6fb2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.138.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:7b:62:17:ba:2f:41:b7:30:36:8c:4b:3f:af:86:ca:c1:a4:
         06:ed:97:e3:80:96:7b:52:c4:4e:10:a8:47:4b:32:f9:3a:e8:
         51:eb:2f:ba:6b:ae:f6:6c:ac:0a:40:f1:0b:b2:88:f0:7a:1f:
         0e:c1:01:02:92:68:88:0c:fb:fb:dc:60:3b:36:c9:e8:d5:cf:
         78:48:5e:88:f0:f5:7d:ca:c2:33:94:0b:9d:12:e8:bd:9e:7b:
         6f:9f:53:d6:68:87:e2:b3:31:38:e2:6b:fb:59:9f:38:bd:20:
         39:06:4c:58:ba:42:21:7a:fd:c2:fa:a5:5f:b2:8e:4e:6e:f1:
         f2:63:4b:7d:e6:2e:36:e7:90:ef:8f:ee:67:ac:09:d0:ff:bd:
         ff:c1:5b:b6:ce:b2:39:e7:1a:cb:5f:d9:b6:1a:2a:68:51:92:
         6a:6a:47:ee:0b:14:01:b3:dd:2d:26:81:98:bd:6d:1e:fc:f4:
         e7:d3:b3:e7:14:e3:9b:07:fb:87:95:05:48:df:8d:80:66:bc:
         92:03:51:f8:72:96:26:67:97:98:9b:39:b5:64:06:f2:13:41:
         0c:5b:c4:25:7a:15:ab:a8:4d:50:b9:13:26:03:f5:16:88:75:
         89:2f:da:1b:26:75:6c:72:5d:78:c4:07:8b:a0:2b:b1:c7:40:
         7c:dc:79:d0
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgITXrQc25onUnoDZKe/xJITV1LMWzANBgkqhkiG9w0BAQsF
ADA9MTswOQYDVQQDEzI2ZWQ4OGNhZDExZmVhYzc3NDQ5ZjAxOGQ0MmJlMzU4ZWIz
NzEwN2RiZThjYjcxZDBhNzAeFw0yNTEwMTkwMjUwNTdaFw0yNTExMjMyMzU5NTla
MHoxSTBHBgNVBAUTQDZmODIxNjI0ZjFhNDViMzI4YTIxZjgzOWVmODBjMjljZTE3
YWQ5OWQwM2NkYjgzZWFmZmE0ZjAyYTAxZGFkMTYxLTArBgNVBAMTJGIyNWM5NzBm
LWQ4MTMtNDQ1Yy1iZmUyLTYyNjY4NTE4Yzg3ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKlXv5tjFnWyoZT3eGccpgX9eHunWamGW4yIcrf3KhGxFzak
BzjNjk5MttRMY6wU2XtlPiIaU2wrlo3C7ON4d6T+bRlZvhNRO57QsofeSDRgcTEu
2VOrR07fcR5P+1e/pY7oeFLQq/g/v/veqnaq105CjiEAK1h0XgHEr0z/mPS4mlWI
5JNgBhJuXvmd54SGa3fkp1/gYzHImhsYczeDHjqI+u31zpcJgeu8DrC196vO9qRX
jRYMPPGoifl5Gdip8iEeqMTKlTtXtAcNuqHYGRjb1dOPFQM1YoIAsBuSCjaB3mMj
vQdr6zLmtxXsYp4kN4hg1xAPWafybnUZts6MxrcCAwEAAaOCArEwggKtMB0GA1Ud
DgQWBBRyP2yMFxNCSPljk+8T7jmZILNIcjAfBgNVHSMEGDAWgBQQXdeNVXhAq0Nd
vRUhII8p+kk/rjAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHg
BggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2Fy
aW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMv
MmEyNDY5NDctMmQ2Mi00YTZjLWJhMDUtODcxODdmMDA5OWIyLzFiYTMwMmI4LThk
YWItNDkxZC1iOWVkLWQ3YzkyZDAzMGQ4Mi82ZWQ4OGNhZDExZmVhYzc3NDQ5ZjAx
OGQ0MmJlMzU4ZWIzNzEwN2RiZThjYjcxZDBhNy5jZXIwgZ4GCCsGAQUFBwELBIGR
MIGOMIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8yMGFhMzI5Yi1mYzUyLTRjNjEtYmY1My0wOTcy
NWMwNDI5NDIvN2Q2OGUyZmQtZDRlNS00NjI1LWE0NzktYWQ1MjJmNmQ2ZmIyLnJv
YTCBiAYDVR0fBIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0
LTIuYW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMt
MDk3MjVjMDQyOTQyL19xeDNSSjhCalVLLU5ZNnpjUWZiNk10eDBLYy5jcmwwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAGyK8DANBgkqhkiG9w0BAQsFAAOCAQEAAXtiF7ovQbcwNoxLP6+GysGkBu2X
44CWe1LEThCoR0sy+TroUesvumuu9mysCkDxC7KI8HofDsEBApJoiAz7+9xgOzbJ
6NXPeEheiPD1fcrCM5QLnRLovZ57b59T1miH4rMxOOJr+1mfOL0gOQZMWLpCIXr9
wvqlX7KOTm7x8mNLfeYuNueQ74/uZ6wJ0P+9/8Fbts6yOecay1/ZthoqaFGSampH
7gsUAbPdLSaBmL1tHvz059Oz5xTjmwf7h5UFSN+NgGa8kgNR+HKWJmeXmJs5tWQG
8hNBDFvEJXoVq6hNULkTJgP1Foh1iS/aGyZ1bHJdeMQHi6ArscdAfNx50A==
-----END CERTIFICATE-----