Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a6c331a5-023b-4fb0-8874-44b39743a651.roa
File:                     a6c331a5-023b-4fb0-8874-44b39743a651.roa (raw, json)
Hash identifier:          FekjOjLknt665tBl6CFe8/dfQPe+fHNY2h+ThSpC1v4=
Subject key identifier:   D2:73:C9:14:08:65:39:2A:02:11:C1:97:4C:98:D0:9B:C7:03:02:0C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       344D23B1F836EF8904DF997D0765C59860E6EE64
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a6c331a5-023b-4fb0-8874-44b39743a651.roa
Signing time:             Mon 20 Oct 2025 02:50:04 +0000
ROA not before:           Mon 20 Oct 2025 02:50:04 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.138.184.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:4d:23:b1:f8:36:ef:89:04:df:99:7d:07:65:c5:98:60:e6:ee:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 02:50:04 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=ecc9ce029fff6a05a7510cc100484775b32c67c7213e1a5cf8804cc615017c12, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:a4:8f:59:f4:de:d5:64:8a:8b:3e:3b:80:88:
                    a0:fa:ff:35:bc:d0:4f:c6:3b:34:34:52:32:9a:f4:
                    be:d0:99:25:15:b3:9b:ac:74:fb:4a:15:12:2f:a2:
                    5e:03:92:9c:bc:02:ed:fc:f7:63:45:45:1a:ec:37:
                    7a:fb:30:e4:e4:ed:10:d0:d3:9a:5c:6f:18:16:85:
                    32:0d:66:4b:33:7f:0e:ed:a8:4b:f6:ed:b9:9e:e4:
                    68:77:75:c3:eb:05:8e:92:0b:b4:00:26:da:66:91:
                    2c:0f:1f:4f:d3:d0:8f:2b:9e:e6:16:6a:e3:b1:cb:
                    fd:7a:da:9e:71:77:c7:a5:7f:c4:af:ab:20:42:bf:
                    33:de:2f:ec:fe:3b:8d:97:e2:88:03:a2:fd:c9:8c:
                    78:d5:ae:0c:4f:32:e0:5a:fc:e5:7a:e6:f9:a6:ef:
                    89:a2:75:de:1d:61:eb:3a:7f:83:1a:c5:ec:e4:e0:
                    d3:86:db:0e:0a:18:b9:7d:b8:98:a5:5e:36:96:57:
                    60:b3:29:34:43:e7:fb:97:92:dd:cc:e3:8c:8e:fc:
                    6c:75:08:9c:06:d5:6a:96:99:8d:7c:ab:ec:35:76:
                    5a:b9:6f:60:f0:75:b8:e9:9e:3f:fb:4b:51:e4:6e:
                    90:af:af:5a:93:c5:3f:20:19:69:3d:ec:66:93:c4:
                    df:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:73:C9:14:08:65:39:2A:02:11:C1:97:4C:98:D0:9B:C7:03:02:0C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a6c331a5-023b-4fb0-8874-44b39743a651.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.138.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         31:07:dd:a6:83:67:2e:85:05:e9:6f:16:7c:82:82:4f:c4:a4:
         d0:a9:06:8d:f0:9b:b8:93:45:80:fd:1e:2a:89:1b:25:76:4e:
         c3:29:f4:ab:68:5a:1b:c8:28:27:72:d3:08:3d:1f:65:7e:2d:
         78:99:3c:6f:3d:dd:cd:d1:e9:65:f6:77:d7:5e:4b:23:bd:a7:
         82:d0:1d:a0:f9:25:4c:1c:dd:c9:85:c0:60:e0:a0:6d:6a:d0:
         97:bf:11:ee:41:d5:87:8e:c5:fc:df:dc:eb:7d:2b:fd:82:d0:
         18:82:0e:01:42:62:25:02:54:b4:b4:98:70:1f:60:e2:4b:27:
         04:f6:28:29:48:7c:8b:9a:71:c6:e6:f1:50:c1:77:68:5d:b8:
         e1:35:61:8d:a6:62:03:4d:b2:0f:36:49:d6:a7:6d:7f:29:0e:
         30:cf:4d:e0:fb:f9:80:69:27:47:e1:80:9a:2b:ed:72:f9:40:
         ba:84:b8:78:53:17:77:a1:c9:be:17:69:c1:92:ab:1f:24:50:
         fc:5e:5d:43:16:b0:9d:af:69:d4:5d:3c:5a:6c:17:d6:ad:1a:
         4f:83:19:92:2d:2d:b1:ed:71:75:8f:17:f5:b4:2a:4e:ec:2c:
         70:76:9d:b0:07:9b:59:be:c9:6d:52:df:70:93:2f:f5:e3:25:
         6c:3c:a7:c8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNE0jsfg274kE35l9B2XFmGDm7mQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDI1MDA0WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BlY2M5Y2UwMjlmZmY2YTA1YTc1MTBjYzEwMDQ4NDc3NWIz
MmM2N2M3MjEzZTFhNWNmODgwNGNjNjE1MDE3YzEyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDUpI9Z9N7VZIqLPjuAiKD6/zW80E/GOzQ0UjKa9L7QmSUV
s5usdPtKFRIvol4Dkpy8Au3892NFRRrsN3r7MOTk7RDQ05pcbxgWhTINZkszfw7t
qEv27bme5Gh3dcPrBY6SC7QAJtpmkSwPH0/T0I8rnuYWauOxy/162p5xd8elf8Sv
qyBCvzPeL+z+O42X4ogDov3JjHjVrgxPMuBa/OV65vmm74midd4dYes6f4Maxezk
4NOG2w4KGLl9uJilXjaWV2CzKTRD5/uXkt3M44yO/Gx1CJwG1WqWmY18q+w1dlq5
b2Dwdbjpnj/7S1HkbpCvr1qTxT8gGWk97GaTxN9XAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU0nPJFAhlOSoCEcGXTJjQm8cDAgwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E2YzMzMWE1LTAyM2ItNGZiMC04ODc0LTQ0YjM5NzQzYTY1MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJsirgwDQYJKoZIhvcNAQELBQADggEBADEH3aaDZy6FBelvFnyCgk/EpNCp
Bo3wm7iTRYD9HiqJGyV2TsMp9KtoWhvIKCdy0wg9H2V+LXiZPG893c3R6WX2d9de
SyO9p4LQHaD5JUwc3cmFwGDgoG1q0Je/Ee5B1YeOxfzf3Ot9K/2C0BiCDgFCYiUC
VLS0mHAfYOJLJwT2KClIfIuaccbm8VDBd2hduOE1YY2mYgNNsg82SdanbX8pDjDP
TeD7+YBpJ0fhgJor7XL5QLqEuHhTF3ehyb4XacGSqx8kUPxeXUMWsJ2vadRdPFps
F9atGk+DGZItLbHtcXWPF/W0Kk7sLHB2nbAHm1m+yW1S33CTL/XjJWw8p8g=
-----END CERTIFICATE-----