Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8d353507-72b8-476f-9613-596f5d3c2d14.roa
File:                     8d353507-72b8-476f-9613-596f5d3c2d14.roa (raw, json)
Hash identifier:          KyQLKKKPO1ayk2e1JsmLVPmfJuMJH8Io7SEiyXIHx6w=
Subject key identifier:   B4:46:0B:C2:AD:DF:68:40:A2:06:DB:A7:E7:69:80:5B:50:7E:15:9C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1379980DB6DC25B65DBFA8E15FF30A18E57ED793
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8d353507-72b8-476f-9613-596f5d3c2d14.roa
Signing time:             Mon 20 Oct 2025 03:11:25 +0000
ROA not before:           Mon 20 Oct 2025 03:11:25 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.156.88.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:79:98:0d:b6:dc:25:b6:5d:bf:a8:e1:5f:f3:0a:18:e5:7e:d7:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 03:11:25 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=b87f9a330ab0c23615ab6f412dd9fe4c0dbc79c4fcaf377e303f211d64453aa5, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:9e:f3:ab:24:e5:6f:be:f1:e6:65:0b:87:9c:
                    75:f0:94:27:77:33:c6:bb:e8:ef:40:c2:0c:59:49:
                    25:a5:d9:91:fb:90:46:8e:ac:61:c9:b2:c4:94:d9:
                    9f:72:d7:5d:f4:6d:61:fd:16:b7:43:00:8b:c5:c1:
                    01:96:cf:52:d5:b8:02:ae:2b:2e:19:24:9e:c8:c2:
                    b4:81:9f:b1:ac:2c:23:e0:20:a0:dd:28:e6:3c:ca:
                    4b:28:02:fd:7a:17:11:6b:f6:ed:a5:65:a3:16:bd:
                    b2:f3:fe:72:bc:42:89:e4:4c:ac:92:2d:15:1e:60:
                    5b:70:53:b9:a8:9b:2b:31:5b:06:9e:a1:6e:95:d0:
                    f0:17:91:e1:5a:93:d2:22:85:b1:a0:fe:66:f0:4d:
                    6e:d2:ad:8d:b2:df:aa:6c:18:2e:ce:f4:30:ce:cf:
                    83:34:2f:93:92:1f:6d:0b:c6:b2:98:53:b1:1f:16:
                    d7:56:ef:e6:16:df:dd:fb:91:47:d4:ce:40:28:1c:
                    18:ea:4c:4e:47:f4:b9:c5:28:c5:b2:15:1b:19:06:
                    6f:9d:53:2c:78:3f:70:2b:bf:03:da:ec:cc:dd:25:
                    03:0c:72:c6:fb:ff:6d:bd:96:8f:0b:dc:ba:39:26:
                    45:77:36:c6:bd:88:66:25:4a:70:33:a5:fb:d8:f4:
                    52:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:46:0B:C2:AD:DF:68:40:A2:06:DB:A7:E7:69:80:5B:50:7E:15:9C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8d353507-72b8-476f-9613-596f5d3c2d14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.156.88.0/21

    Signature Algorithm: sha256WithRSAEncryption
         4e:f2:44:cf:76:08:f1:2a:1a:26:16:bb:2f:e6:e5:e0:93:ec:
         2c:8e:0c:1c:15:36:ba:7a:20:42:dd:83:bb:36:e3:d8:c1:a2:
         85:df:07:0f:fe:cf:6a:a9:79:48:85:f8:9d:75:9e:f3:8e:c9:
         dc:f8:cc:67:f5:eb:06:c1:36:4c:83:f3:1c:7b:ae:32:d7:07:
         6a:3e:8b:a6:4d:03:f5:82:75:dc:06:92:cd:9c:fd:1d:58:b4:
         02:f1:3e:bd:a9:30:c0:ea:92:fc:f4:43:57:79:3b:89:a0:da:
         f9:31:7f:3e:52:c9:b2:fe:5f:90:55:a5:05:6a:18:25:e0:a3:
         89:2c:bd:de:29:7c:3a:3f:24:2d:75:66:29:3d:ef:cb:68:14:
         21:f0:9d:c9:fc:b9:03:7d:03:00:60:3f:b1:f0:6a:d3:11:ff:
         02:65:64:ec:76:0d:11:9f:84:70:72:37:d5:ce:03:da:3b:2c:
         8a:e3:f3:d7:03:60:62:fb:ce:a1:00:f9:97:3f:aa:f9:45:2c:
         74:ba:9e:d5:1c:85:ea:4c:4b:39:1c:01:6d:e2:f7:ed:f2:7e:
         00:32:f8:37:b5:67:6a:a0:21:35:7e:06:c4:a9:14:1f:ec:b8:
         17:cc:72:2d:f5:51:e0:7a:3c:04:5d:ce:8e:cf:75:1d:af:53:
         0e:7c:4c:94
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUE3mYDbbcJbZdv6jhX/MKGOV+15MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDMxMTI1WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BiODdmOWEzMzBhYjBjMjM2MTVhYjZmNDEyZGQ5ZmU0YzBk
YmM3OWM0ZmNhZjM3N2UzMDNmMjExZDY0NDUzYWE1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDZnvOrJOVvvvHmZQuHnHXwlCd3M8a76O9AwgxZSSWl2ZH7
kEaOrGHJssSU2Z9y1130bWH9FrdDAIvFwQGWz1LVuAKuKy4ZJJ7IwrSBn7GsLCPg
IKDdKOY8yksoAv16FxFr9u2lZaMWvbLz/nK8QonkTKySLRUeYFtwU7momysxWwae
oW6V0PAXkeFak9IihbGg/mbwTW7SrY2y36psGC7O9DDOz4M0L5OSH20LxrKYU7Ef
FtdW7+YW3937kUfUzkAoHBjqTE5H9LnFKMWyFRsZBm+dUyx4P3ArvwPa7MzdJQMM
csb7/229lo8L3Lo5JkV3Nsa9iGYlSnAzpfvY9FJlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUtEYLwq3faECiBtun52mAW1B+FZwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzhkMzUzNTA3LTcyYjgtNDc2Zi05NjEzLTU5NmY1ZDNjMmQxNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANsnFgwDQYJKoZIhvcNAQELBQADggEBAE7yRM92CPEqGiYWuy/m5eCT7CyO
DBwVNrp6IELdg7s249jBooXfBw/+z2qpeUiF+J11nvOOydz4zGf16wbBNkyD8xx7
rjLXB2o+i6ZNA/WCddwGks2c/R1YtALxPr2pMMDqkvz0Q1d5O4mg2vkxfz5SybL+
X5BVpQVqGCXgo4ksvd4pfDo/JC11Zik978toFCHwncn8uQN9AwBgP7HwatMR/wJl
ZOx2DRGfhHByN9XOA9o7LIrj89cDYGL7zqEA+Zc/qvlFLHS6ntUchepMSzkcAW3i
9+3yfgAy+De1Z2qgITV+BsSpFB/suBfMci31UeB6PARdzo7PdR2vUw58TJQ=
-----END CERTIFICATE-----