Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a3875e54-cc09-4242-bd97-fe529d7631f8.roa
File:                     a3875e54-cc09-4242-bd97-fe529d7631f8.roa (raw, json)
Hash identifier:          p5WnjrRF0R0BaiyxM+U9zkQ0uwRbUUUhCPm+kbkEq8Q=
Subject key identifier:   AA:1E:25:DD:9D:F0:82:31:2B:30:4B:CB:CF:4E:5F:A9:89:7F:5E:A4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       434DB4EC022B8D629BAC95F4740F029F3D0E6B7D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a3875e54-cc09-4242-bd97-fe529d7631f8.roa
Signing time:             Mon 20 Oct 2025 02:31:46 +0000
ROA not before:           Mon 20 Oct 2025 02:31:46 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.158.224.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:4d:b4:ec:02:2b:8d:62:9b:ac:95:f4:74:0f:02:9f:3d:0e:6b:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 02:31:46 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=d5b2190d58c35aad4cf9a39b2d7b02007a69305612113e71126519095e5e2cf5, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:84:28:ad:d3:6b:4d:89:62:8e:66:98:c3:0b:
                    c4:95:8a:72:61:e1:7b:98:2b:64:07:e6:66:b1:49:
                    64:74:3a:66:0b:28:72:59:9a:cb:77:96:3f:8b:23:
                    a6:50:16:d1:b2:bd:87:57:31:a4:12:79:f2:a4:7b:
                    80:38:8f:9c:8d:16:a3:bc:a8:30:6c:73:ad:9a:b7:
                    6d:0c:e1:c3:06:79:17:61:b6:b8:60:cc:eb:ce:c9:
                    11:ed:f2:1a:88:7d:94:86:e4:cf:e9:f5:33:12:f2:
                    80:45:1d:1e:00:b7:9b:d0:e4:7d:76:e0:c0:8c:8a:
                    e4:02:1b:a4:ce:ef:4e:02:2a:c6:55:65:09:b5:a0:
                    8b:e8:64:92:94:07:17:09:49:62:8f:24:9e:17:74:
                    21:e8:66:e3:d6:d0:7c:9e:a4:2d:bf:3b:38:85:0f:
                    4f:36:41:34:2a:5b:e0:77:6c:81:af:7c:5e:a2:18:
                    ed:00:06:1f:74:4b:ba:e6:e3:22:47:7c:60:f8:5c:
                    b3:65:1d:8c:43:f2:1c:37:d5:3d:5b:17:1b:87:c5:
                    f6:f2:60:53:da:4a:f4:78:b1:31:64:be:c9:87:f7:
                    49:2d:d4:13:71:ed:9e:b6:25:b6:2e:a7:25:db:c6:
                    95:78:40:4d:55:75:4c:04:00:9f:e7:b1:a0:f5:75:
                    1e:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:1E:25:DD:9D:F0:82:31:2B:30:4B:CB:CF:4E:5F:A9:89:7F:5E:A4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a3875e54-cc09-4242-bd97-fe529d7631f8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.158.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         57:a3:c5:d9:68:bc:7e:50:aa:31:94:a3:0e:4b:74:24:75:5f:
         49:af:f6:25:48:21:88:c0:de:ae:dc:2c:b6:c0:fb:8c:0b:ac:
         a7:86:cd:fa:35:c4:07:15:9f:8a:ad:34:c0:ef:6b:8f:38:a4:
         c0:8a:12:c3:65:35:c5:88:91:e8:af:c4:c3:57:6f:e9:8e:64:
         75:47:72:8a:3f:c6:cf:c9:cf:a7:77:46:c6:75:6d:66:80:90:
         a0:89:aa:b8:ea:f1:2c:c8:30:3e:36:8a:63:41:a0:da:96:a2:
         df:c8:09:df:8f:2a:a3:cb:b5:62:dc:40:87:40:b5:15:83:7d:
         16:c3:65:83:f9:52:d2:9e:18:4b:1f:e2:8d:1d:11:9a:96:9b:
         e0:a4:0c:a7:bf:07:ff:45:57:bf:b7:05:20:51:f2:2b:22:61:
         d3:50:f1:bc:80:f4:6b:77:48:b3:c4:d3:c8:81:45:dc:09:cf:
         99:53:2a:48:77:13:4c:9a:5d:c4:06:a3:ed:a6:95:f4:69:0d:
         69:51:5c:70:38:42:89:f0:76:f8:cd:b0:f7:1f:6e:43:43:ec:
         09:b1:fa:17:e5:3a:9b:2c:fb:e9:c4:35:0c:81:93:09:1c:67:
         16:78:91:f3:06:05:46:e2:ef:22:57:53:06:ce:43:6d:5f:69:
         e3:ef:39:b4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQ0207AIrjWKbrJX0dA8Cnz0Oa30wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDIzMTQ2WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BkNWIyMTkwZDU4YzM1YWFkNGNmOWEzOWIyZDdiMDIwMDdh
NjkzMDU2MTIxMTNlNzExMjY1MTkwOTVlNWUyY2Y1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDHhCit02tNiWKOZpjDC8SVinJh4XuYK2QH5maxSWR0OmYL
KHJZmst3lj+LI6ZQFtGyvYdXMaQSefKke4A4j5yNFqO8qDBsc62at20M4cMGeRdh
trhgzOvOyRHt8hqIfZSG5M/p9TMS8oBFHR4At5vQ5H124MCMiuQCG6TO704CKsZV
ZQm1oIvoZJKUBxcJSWKPJJ4XdCHoZuPW0HyepC2/OziFD082QTQqW+B3bIGvfF6i
GO0ABh90S7rm4yJHfGD4XLNlHYxD8hw31T1bFxuHxfbyYFPaSvR4sTFkvsmH90kt
1BNx7Z62JbYupyXbxpV4QE1VdUwEAJ/nsaD1dR6JAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUqh4l3Z3wgjErMEvLz05fqYl/XqQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2EzODc1ZTU0LWNjMDktNDI0Mi1iZDk3LWZlNTI5ZDc2MzFmOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANsnuAwDQYJKoZIhvcNAQELBQADggEBAFejxdlovH5QqjGUow5LdCR1X0mv
9iVIIYjA3q7cLLbA+4wLrKeGzfo1xAcVn4qtNMDva484pMCKEsNlNcWIkeivxMNX
b+mOZHVHcoo/xs/Jz6d3RsZ1bWaAkKCJqrjq8SzIMD42imNBoNqWot/ICd+PKqPL
tWLcQIdAtRWDfRbDZYP5UtKeGEsf4o0dEZqWm+CkDKe/B/9FV7+3BSBR8isiYdNQ
8byA9Gt3SLPE08iBRdwJz5lTKkh3E0yaXcQGo+2mlfRpDWlRXHA4QonwdvjNsPcf
bkND7Amx+hflOpss++nENQyBkwkcZxZ4kfMGBUbi7yJXUwbOQ21faePvObQ=
-----END CERTIFICATE-----