Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/94a298e3-d943-4c6e-a332-ecd735d5329e.roa
File:                     94a298e3-d943-4c6e-a332-ecd735d5329e.roa (raw, json)
Hash identifier:          rUzZJSVvfo3woR2CHWS1bAlaL7exnOLtkInt0HE9ZpU=
Subject key identifier:   3F:8D:C8:27:04:07:9A:23:76:18:2A:D9:09:F2:02:60:49:85:91:F9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       090EE52715A4C21434C0F89FCF7F98A9FCA9311B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/94a298e3-d943-4c6e-a332-ecd735d5329e.roa
Signing time:             Mon 20 Oct 2025 04:42:10 +0000
ROA not before:           Mon 20 Oct 2025 04:42:10 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.157.0.0/19 maxlen: 19
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:0e:e5:27:15:a4:c2:14:34:c0:f8:9f:cf:7f:98:a9:fc:a9:31:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 04:42:10 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=2d4f0bf8348f7c7486e073655efb537f49970218c9caf2b5d9e3b6f2cdd46a04, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:7e:69:a4:8a:93:0c:32:0e:6d:39:a2:fc:58:
                    cc:e7:81:fd:1a:d5:9f:55:f3:bf:b4:02:66:c1:cb:
                    b0:53:ea:f8:0a:4d:4b:4d:13:5f:62:87:d2:e8:49:
                    25:76:37:d7:72:8f:92:36:d7:b3:70:15:a6:21:a4:
                    39:b6:e1:c6:7c:fe:f2:c4:f3:8f:a2:c2:59:8b:1e:
                    6f:7c:e4:db:30:f8:77:11:cd:64:a3:b2:a0:4c:47:
                    6b:75:6e:bb:12:61:f8:90:f1:e5:0a:74:a7:2c:dd:
                    71:98:8c:5a:7f:4d:4b:35:6f:55:8c:a6:a6:c6:98:
                    a8:85:66:22:bd:88:8c:89:78:3a:6e:da:c1:35:c0:
                    bf:c7:d3:d7:3d:1c:24:5d:79:a3:19:72:c6:e2:7c:
                    e9:24:f7:55:40:7b:87:e5:23:b0:7d:44:d1:29:4b:
                    29:7e:8d:f9:5e:88:97:e8:17:bc:ae:df:d6:14:f5:
                    d3:49:17:63:1e:4f:fe:aa:0a:d3:ce:10:93:aa:87:
                    ad:64:41:58:47:24:b7:5d:ac:b4:48:bd:99:0f:b2:
                    cd:62:64:92:b7:d6:3f:45:2f:fd:42:18:d8:2a:15:
                    3a:fb:97:c3:cc:fc:de:1c:f3:47:83:ce:57:b4:4a:
                    94:66:62:b8:2d:05:52:88:a3:a1:e0:70:60:29:80:
                    3b:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:8D:C8:27:04:07:9A:23:76:18:2A:D9:09:F2:02:60:49:85:91:F9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/94a298e3-d943-4c6e-a332-ecd735d5329e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.157.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         a1:62:60:9e:93:3a:79:c5:ba:a2:29:1a:cc:f4:71:d9:53:d8:
         72:59:f3:22:b8:b3:d8:20:3b:03:d9:23:9d:b9:7b:4e:c9:97:
         47:d9:82:5c:6a:cd:8c:3e:99:05:9f:bf:00:a4:3b:ec:27:3e:
         e1:6f:23:f6:c3:14:7b:ba:23:8c:cf:dd:56:94:f9:e6:77:8e:
         13:9d:ca:10:26:a5:e7:c3:ae:5b:ce:8d:91:dc:89:f2:b1:a1:
         28:29:17:39:9c:08:b1:46:ed:1d:65:02:4d:ca:8b:a1:b7:f1:
         d5:10:77:67:a1:df:f0:0d:c9:92:ff:3a:ab:43:22:cb:ac:5c:
         2e:66:bf:4a:25:ca:b9:44:d7:2e:c5:ba:90:3c:e8:70:1d:aa:
         9d:d0:d1:80:a1:23:36:1a:94:6a:b2:fc:42:0a:5d:f2:2b:ff:
         94:9f:09:ac:0e:97:67:ea:b9:60:2c:72:cb:cb:59:4d:a2:6f:
         0a:5f:e5:ba:ae:aa:27:54:48:fb:76:e6:46:c2:4e:cc:5c:d5:
         d2:52:ec:63:dc:e0:8d:4a:e5:da:09:fc:82:a7:90:11:e2:cd:
         e9:d8:0c:19:c1:b2:6d:1c:2a:b5:24:02:a4:7c:12:ce:5d:fd:
         7c:99:2d:f9:35:a5:04:51:b0:dc:fd:a5:5e:70:2e:3b:f3:a6:
         87:a6:b9:85
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCQ7lJxWkwhQ0wPifz3+YqfypMRswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDQ0MjEwWhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AyZDRmMGJmODM0OGY3Yzc0ODZlMDczNjU1ZWZiNTM3ZjQ5
OTcwMjE4YzljYWYyYjVkOWUzYjZmMmNkZDQ2YTA0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCpfmmkipMMMg5tOaL8WMzngf0a1Z9V87+0AmbBy7BT6vgK
TUtNE19ih9LoSSV2N9dyj5I217NwFaYhpDm24cZ8/vLE84+iwlmLHm985Nsw+HcR
zWSjsqBMR2t1brsSYfiQ8eUKdKcs3XGYjFp/TUs1b1WMpqbGmKiFZiK9iIyJeDpu
2sE1wL/H09c9HCRdeaMZcsbifOkk91VAe4flI7B9RNEpSyl+jfleiJfoF7yu39YU
9dNJF2MeT/6qCtPOEJOqh61kQVhHJLddrLRIvZkPss1iZJK31j9FL/1CGNgqFTr7
l8PM/N4c80eDzle0SpRmYrgtBVKIo6HgcGApgDtFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUP43IJwQHmiN2GCrZCfICYEmFkfkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk0YTI5OGUzLWQ5NDMtNGM2ZS1hMzMyLWVjZDczNWQ1MzI5ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAVsnQAwDQYJKoZIhvcNAQELBQADggEBAKFiYJ6TOnnFuqIpGsz0cdlT2HJZ
8yK4s9ggOwPZI525e07Jl0fZglxqzYw+mQWfvwCkO+wnPuFvI/bDFHu6I4zP3VaU
+eZ3jhOdyhAmpefDrlvOjZHcifKxoSgpFzmcCLFG7R1lAk3Ki6G38dUQd2eh3/AN
yZL/OqtDIsusXC5mv0olyrlE1y7FupA86HAdqp3Q0YChIzYalGqy/EIKXfIr/5Sf
CawOl2fquWAscsvLWU2ibwpf5bquqidUSPt25kbCTsxc1dJS7GPc4I1K5doJ/IKn
kBHizenYDBnBsm0cKrUkAqR8Es5d/XyZLfk1pQRRsNz9pV5wLjvzpoemuYU=
-----END CERTIFICATE-----