Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/80e300ab-f18d-4e27-8f7c-588428a093ac.roa
File:                     80e300ab-f18d-4e27-8f7c-588428a093ac.roa (raw, json)
Hash identifier:          dJhYk2S1htuNQqLMeNx62dsD1EKdEHwlYVJAhsOm5pQ=
Subject key identifier:   0F:C1:04:CC:DC:1F:6F:DD:72:25:48:C2:DD:6F:9C:DB:0B:FD:A6:B2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1B9EEE8FBE8E90573332FACD054FDA0AFCB0BD90
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/80e300ab-f18d-4e27-8f7c-588428a093ac.roa
Signing time:             Sun 19 Oct 2025 02:00:08 +0000
ROA not before:           Sun 19 Oct 2025 02:00:08 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.139.26.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:9e:ee:8f:be:8e:90:57:33:32:fa:cd:05:4f:da:0a:fc:b0:bd:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 19 02:00:08 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=d111091b330182de6684e4411f9d663ce40a30bc2a0cc9d04ec218d1845a835f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:f3:27:6d:f7:9c:c6:1b:29:65:25:49:3b:5a:
                    d7:1d:8b:79:dd:a9:d4:58:99:f5:17:f0:38:48:17:
                    42:a6:1c:00:4a:bc:a0:87:9c:d4:02:bc:18:9c:8b:
                    5b:5b:98:aa:35:83:c6:b3:a6:c7:60:2c:ef:db:cd:
                    22:45:a1:9c:f8:02:c5:9d:64:a0:09:43:d5:4c:f3:
                    aa:fb:9a:5e:f1:44:ce:b8:8f:4a:41:9d:9a:fc:37:
                    58:77:d4:03:06:88:31:a2:6b:e8:31:bb:b4:3f:2b:
                    b1:aa:3e:b3:21:c2:4a:d9:f4:3c:71:8a:1b:30:2f:
                    7d:2a:f9:06:89:a4:53:78:1a:c5:ce:d4:43:51:a6:
                    2d:83:03:cb:27:28:cc:e5:f7:b3:0a:a7:28:02:16:
                    dc:53:89:a6:08:9b:f6:bb:f8:6a:fa:6f:06:b5:4b:
                    61:15:7f:98:16:bd:34:7d:38:9c:b4:dc:76:57:1a:
                    51:70:2d:d6:a4:3d:a6:17:43:dd:4b:12:1f:db:b8:
                    84:0b:21:6f:78:7a:1b:1e:fb:01:7a:54:95:43:51:
                    79:72:d2:f9:f7:db:7e:ba:fa:df:f4:a7:cc:97:5a:
                    36:e9:a3:53:82:01:27:94:86:1d:ac:c6:dc:bf:fd:
                    1e:c2:5a:cb:c2:76:61:6e:fa:d7:dc:ab:9a:04:92:
                    11:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:C1:04:CC:DC:1F:6F:DD:72:25:48:C2:DD:6F:9C:DB:0B:FD:A6:B2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/80e300ab-f18d-4e27-8f7c-588428a093ac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.139.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:f2:25:6d:5d:4d:45:dc:39:74:35:63:c4:ef:79:94:4e:83:
         04:15:9e:f2:7d:de:67:c6:13:f9:6e:68:94:be:a1:10:8d:81:
         b8:4d:e0:9f:d7:f8:2a:9f:0f:70:63:2c:05:e6:b5:e7:ff:0a:
         8a:5f:66:5e:d9:6a:d8:f2:21:94:66:d6:73:e3:f3:6a:c1:b2:
         76:13:f6:4f:43:d9:96:1a:85:4a:c7:de:66:c1:e5:51:a6:4e:
         d7:52:76:36:51:52:40:f5:b6:de:e1:f0:27:c2:5b:a0:b6:88:
         8e:c8:25:2c:ef:41:b1:17:74:70:49:bf:42:6f:e4:49:1e:e8:
         88:9e:37:0f:c8:28:0b:43:53:84:eb:48:24:0a:bf:94:0a:67:
         32:fa:f1:72:bd:90:26:16:de:b5:f6:ae:39:7e:94:a6:bd:a1:
         37:46:23:56:5d:cf:a0:62:de:65:e0:e0:04:36:ed:01:3f:6a:
         9e:ae:75:e8:c1:6a:d6:2b:d7:66:b0:34:08:d5:4c:fb:de:f4:
         cd:6f:9d:51:39:6e:f4:53:25:e7:fa:16:95:5a:40:35:af:12:
         b2:2b:9a:dc:1b:24:73:2d:c1:b4:97:2b:21:e4:9b:0c:7a:79:
         0f:8f:5f:ff:10:ea:e7:f7:e2:8f:fa:e4:ba:30:7c:a4:c9:ad:
         5f:4a:10:91
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUG57uj76OkFczMvrNBU/aCvywvZAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE5MDIwMDA4WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BkMTExMDkxYjMzMDE4MmRlNjY4NGU0NDExZjlkNjYzY2U0
MGEzMGJjMmEwY2M5ZDA0ZWMyMThkMTg0NWE4MzVmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDR8ydt95zGGyllJUk7Wtcdi3ndqdRYmfUX8DhIF0KmHABK
vKCHnNQCvBici1tbmKo1g8azpsdgLO/bzSJFoZz4AsWdZKAJQ9VM86r7ml7xRM64
j0pBnZr8N1h31AMGiDGia+gxu7Q/K7GqPrMhwkrZ9DxxihswL30q+QaJpFN4GsXO
1ENRpi2DA8snKMzl97MKpygCFtxTiaYIm/a7+Gr6bwa1S2EVf5gWvTR9OJy03HZX
GlFwLdakPaYXQ91LEh/buIQLIW94ehse+wF6VJVDUXly0vn32366+t/0p8yXWjbp
o1OCASeUhh2sxty//R7CWsvCdmFu+tfcq5oEkhFXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUD8EEzNwfb91yJUjC3W+c2wv9prIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzgwZTMwMGFiLWYxOGQtNGUyNy04ZjdjLTU4ODQyOGEwOTNhYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsixowDQYJKoZIhvcNAQELBQADggEBACnyJW1dTUXcOXQ1Y8TveZROgwQV
nvJ93mfGE/luaJS+oRCNgbhN4J/X+CqfD3BjLAXmtef/CopfZl7ZatjyIZRm1nPj
82rBsnYT9k9D2ZYahUrH3mbB5VGmTtdSdjZRUkD1tt7h8CfCW6C2iI7IJSzvQbEX
dHBJv0Jv5Eke6IieNw/IKAtDU4TrSCQKv5QKZzL68XK9kCYW3rX2rjl+lKa9oTdG
I1Zdz6Bi3mXg4AQ27QE/ap6udejBatYr12awNAjVTPve9M1vnVE5bvRTJef6FpVa
QDWvErIrmtwbJHMtwbSXKyHkmwx6eQ+PX/8Q6uf34o/65LowfKTJrV9KEJE=
-----END CERTIFICATE-----