Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a30c1ce4-6a37-4b6b-a979-2e356320d154.roa
File:                     a30c1ce4-6a37-4b6b-a979-2e356320d154.roa (raw, json)
Hash identifier:          3EdSL9GEN3bROGc68H4NnY6L6JTHORY511aF7723peg=
Subject key identifier:   6E:49:EE:96:6C:99:5D:7E:B7:09:4A:3C:07:33:BB:99:79:77:5C:CC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4DA1EC1FE4E365CC068B202D085799724D9C1659
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a30c1ce4-6a37-4b6b-a979-2e356320d154.roa
Signing time:             Sun 19 Oct 2025 02:41:28 +0000
ROA not before:           Sun 19 Oct 2025 02:41:28 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.138.66.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:a1:ec:1f:e4:e3:65:cc:06:8b:20:2d:08:57:99:72:4d:9c:16:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 19 02:41:28 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=bc570240fa7dc03a7df243630a925c2ee80a19dd9b68ef70b110555e9a1091eb, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:1e:7b:83:fc:c9:55:b8:3d:65:df:71:86:f9:
                    93:d4:2a:33:71:7a:72:e6:45:5f:b5:52:c2:c9:d5:
                    8f:8c:e7:25:f3:34:1a:26:80:78:1a:46:81:dc:d8:
                    41:17:53:ec:ca:99:2a:6d:2a:6b:d6:66:74:45:31:
                    a0:d3:b5:fb:fb:b8:39:58:e7:7e:59:43:c5:87:6d:
                    74:5b:4d:96:85:a8:da:43:33:58:a3:7a:e2:45:c8:
                    3f:ce:4f:72:54:78:ed:24:97:d8:db:a1:53:51:a6:
                    cb:7f:e0:41:51:54:ed:90:87:0e:25:1c:b2:0e:cb:
                    b4:46:ed:cc:2f:0d:84:a9:61:fa:09:17:c5:1e:45:
                    38:de:55:45:e8:d9:e6:62:a3:c9:be:11:7c:00:fb:
                    0e:c5:56:b0:6c:6d:31:1f:09:6e:c2:88:15:c4:2f:
                    eb:7f:11:3f:f7:f8:02:78:23:b6:1c:de:3d:5b:5f:
                    f2:81:32:d5:c5:9f:d8:a6:74:8b:2c:3d:55:49:98:
                    0a:a9:1f:f7:b9:f5:64:d4:a1:72:1b:70:02:a5:a6:
                    14:31:7f:a5:32:47:89:ec:48:c3:e7:89:ed:c7:26:
                    e0:c1:10:47:e9:0e:e1:99:41:28:11:b9:e9:37:c1:
                    a2:2b:c8:e9:40:1b:70:fc:cb:37:80:5e:51:7a:b8:
                    d2:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:49:EE:96:6C:99:5D:7E:B7:09:4A:3C:07:33:BB:99:79:77:5C:CC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a30c1ce4-6a37-4b6b-a979-2e356320d154.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.138.66.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b1:60:7f:a5:6d:1f:fc:02:04:a6:54:9b:21:9f:09:15:93:5c:
         25:d9:d6:cf:4c:d4:dd:04:9f:69:7c:fb:6e:4b:6a:13:b9:32:
         66:75:3b:4a:6f:b4:c8:49:03:40:db:ff:be:fa:ec:4f:ac:c9:
         f2:2d:83:dc:80:06:94:e3:1b:48:4f:19:21:32:b0:e1:f4:c3:
         85:f5:62:a0:d2:f3:81:fe:bf:ea:40:32:a1:25:46:f2:b4:bc:
         f5:b1:1f:6c:b5:52:ee:76:08:0d:2a:fd:da:58:bf:f6:42:49:
         70:75:23:1f:b1:ce:11:55:af:53:04:28:e2:fd:3c:f8:d1:0c:
         6d:92:1c:7a:90:8b:e5:5c:06:91:62:61:d9:79:80:ac:5a:3c:
         17:c0:a3:bf:ca:db:91:b9:c6:04:7f:65:ea:bc:c4:54:bf:ca:
         24:77:a1:cb:8d:e1:68:87:b3:52:b9:cd:85:a7:81:47:43:17:
         2b:4e:fe:df:29:98:04:98:33:51:73:8d:85:43:92:48:b3:21:
         3f:d2:41:79:8e:ac:b6:5c:33:e6:a1:c3:66:c9:79:2f:68:e5:
         3c:94:ff:40:9d:f1:59:fa:3b:e0:d8:a7:6c:15:77:0a:9b:00:
         0b:df:a9:5b:b3:7e:b6:8b:f1:72:e0:29:36:f9:f1:2c:0d:7a:
         0d:82:4e:5f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTaHsH+TjZcwGiyAtCFeZck2cFlkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE5MDI0MTI4WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BiYzU3MDI0MGZhN2RjMDNhN2RmMjQzNjMwYTkyNWMyZWU4
MGExOWRkOWI2OGVmNzBiMTEwNTU1ZTlhMTA5MWViMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDyHnuD/MlVuD1l33GG+ZPUKjNxenLmRV+1UsLJ1Y+M5yXz
NBomgHgaRoHc2EEXU+zKmSptKmvWZnRFMaDTtfv7uDlY535ZQ8WHbXRbTZaFqNpD
M1ijeuJFyD/OT3JUeO0kl9jboVNRpst/4EFRVO2Qhw4lHLIOy7RG7cwvDYSpYfoJ
F8UeRTjeVUXo2eZio8m+EXwA+w7FVrBsbTEfCW7CiBXEL+t/ET/3+AJ4I7Yc3j1b
X/KBMtXFn9imdIssPVVJmAqpH/e59WTUoXIbcAKlphQxf6UyR4nsSMPnie3HJuDB
EEfpDuGZQSgRuek3waIryOlAG3D8yzeAXlF6uNLzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUbknulmyZXX63CUo8BzO7mXl3XMwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2EzMGMxY2U0LTZhMzctNGI2Yi1hOTc5LTJlMzU2MzIwZDE1NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFsikIwDQYJKoZIhvcNAQELBQADggEBALFgf6VtH/wCBKZUmyGfCRWTXCXZ
1s9M1N0En2l8+25LahO5MmZ1O0pvtMhJA0Db/7767E+syfItg9yABpTjG0hPGSEy
sOH0w4X1YqDS84H+v+pAMqElRvK0vPWxH2y1Uu52CA0q/dpYv/ZCSXB1Ix+xzhFV
r1MEKOL9PPjRDG2SHHqQi+VcBpFiYdl5gKxaPBfAo7/K25G5xgR/Zeq8xFS/yiR3
ocuN4WiHs1K5zYWngUdDFytO/t8pmASYM1FzjYVDkkizIT/SQXmOrLZcM+ahw2bJ
eS9o5TyU/0Cd8Vn6O+DYp2wVdwqbAAvfqVuzfraL8XLgKTb58SwNeg2CTl8=
-----END CERTIFICATE-----