Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ad923d14-2794-41c3-81a9-da47069ec168.roa
File:                     ad923d14-2794-41c3-81a9-da47069ec168.roa (raw, json)
Hash identifier:          dPmLArst6tWcH7WCfBjjnVwG0V0vn31/zL4uPKUcW0Y=
Subject key identifier:   D4:BA:94:1F:FB:F6:40:D7:73:B1:1A:B4:E0:09:C4:CD:0C:5A:13:61
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1DCA4B281E5B90B8E4F5C0705E95AD81CBF04F86
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ad923d14-2794-41c3-81a9-da47069ec168.roa
Signing time:             Mon 20 Oct 2025 00:42:37 +0000
ROA not before:           Mon 20 Oct 2025 00:42:37 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.139.44.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:ca:4b:28:1e:5b:90:b8:e4:f5:c0:70:5e:95:ad:81:cb:f0:4f:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 00:42:37 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=e9e9ea9cde553c342ae5b80bb521698ba9106535f54f7b79ba8ed00ce675a0b9, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:ce:e9:e3:35:dc:23:72:93:b0:ad:af:84:91:
                    66:c0:a1:e3:b0:10:2b:90:c2:ff:e0:3b:f2:f0:79:
                    2a:44:76:87:ca:59:cb:61:d0:53:e0:10:14:da:c0:
                    70:9f:7e:88:d3:8b:40:b4:8d:8a:d7:6b:b1:ca:c4:
                    7a:26:6a:0e:62:58:5d:f9:e5:93:20:96:7a:dd:a0:
                    c1:48:96:8d:ee:c8:5a:2b:e9:e1:17:3c:e0:41:ba:
                    f3:df:80:25:75:cf:ad:25:03:73:89:32:cf:3d:51:
                    ac:a4:90:c9:6d:2c:0c:a6:55:7c:d3:bf:e6:ab:57:
                    b1:69:e9:3c:9b:f9:61:67:01:ec:22:62:11:71:d5:
                    6b:8d:a1:ee:35:50:27:c5:41:24:1b:0a:3a:fb:ac:
                    4e:86:b2:77:54:e5:20:5c:65:fe:e1:ef:be:a0:67:
                    4f:69:24:6b:10:d4:71:12:c0:2b:68:4c:c2:e3:44:
                    56:a9:f0:2f:83:a1:44:f9:d1:21:cd:08:8a:6c:87:
                    2a:5c:b8:c4:9a:f6:83:73:22:d2:55:b1:65:61:20:
                    db:b1:31:52:68:e5:25:a4:ef:e6:32:fe:28:dd:96:
                    ce:5e:76:52:70:2e:5d:a3:fd:72:04:db:50:1c:cc:
                    c8:69:02:8f:f5:f3:24:c5:f3:76:55:65:44:98:fb:
                    58:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:BA:94:1F:FB:F6:40:D7:73:B1:1A:B4:E0:09:C4:CD:0C:5A:13:61
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ad923d14-2794-41c3-81a9-da47069ec168.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.139.44.0/23

    Signature Algorithm: sha256WithRSAEncryption
         10:08:2e:a3:28:01:39:ed:21:c5:50:af:57:70:e6:44:26:e6:
         fc:6e:b7:c1:60:d9:a3:c5:64:40:62:92:9e:cd:1c:d2:34:50:
         c5:fa:2d:c4:2b:fb:24:a0:6c:26:4a:5b:03:f8:e5:70:b2:28:
         fb:5f:bb:00:81:c2:4e:de:4a:49:f4:4e:da:be:16:49:23:67:
         39:c0:ad:eb:0c:7d:ed:bd:fd:d0:67:7f:15:1f:24:de:37:b6:
         68:71:06:ed:25:d5:3e:17:62:05:cc:0a:0b:fe:83:4f:74:98:
         01:09:d3:a8:b6:fe:ca:70:6a:8d:06:15:06:71:c4:de:d0:79:
         d0:5b:13:44:f7:b2:62:85:2a:1c:6e:6b:34:98:c6:e6:60:c9:
         d9:a5:9e:99:d0:f3:98:c5:32:22:4a:9e:a2:f9:97:33:4c:4e:
         4d:63:df:c7:f2:30:05:a5:78:a3:e4:b4:5a:3e:80:9d:47:9f:
         b4:57:9f:43:4e:44:75:8b:2a:b5:a0:7d:f9:a8:97:0b:5e:5c:
         d6:67:70:8c:7b:12:5e:7c:22:dd:68:fa:22:de:9b:a2:aa:2f:
         40:76:d2:b5:a9:43:35:18:0d:d0:1e:9d:44:50:ba:91:b3:ae:
         15:ae:fd:9d:eb:bb:1b:fc:74:35:b4:98:5d:c4:1a:bf:74:52:
         5f:b9:a1:25
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHcpLKB5bkLjk9cBwXpWtgcvwT4YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDA0MjM3WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BlOWU5ZWE5Y2RlNTUzYzM0MmFlNWI4MGJiNTIxNjk4YmE5
MTA2NTM1ZjU0ZjdiNzliYThlZDAwY2U2NzVhMGI5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDlzunjNdwjcpOwra+EkWbAoeOwECuQwv/gO/LweSpEdofK
Wcth0FPgEBTawHCffojTi0C0jYrXa7HKxHomag5iWF355ZMglnrdoMFIlo3uyFor
6eEXPOBBuvPfgCV1z60lA3OJMs89UaykkMltLAymVXzTv+arV7Fp6Tyb+WFnAewi
YhFx1WuNoe41UCfFQSQbCjr7rE6GsndU5SBcZf7h776gZ09pJGsQ1HESwCtoTMLj
RFap8C+DoUT50SHNCIpshypcuMSa9oNzItJVsWVhINuxMVJo5SWk7+Yy/ijdls5e
dlJwLl2j/XIE21AczMhpAo/18yTF83ZVZUSY+1jdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU1LqUH/v2QNdzsRq04AnEzQxaE2EwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FkOTIzZDE0LTI3OTQtNDFjMy04MWE5LWRhNDcwNjllYzE2OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFsiywwDQYJKoZIhvcNAQELBQADggEBABAILqMoATntIcVQr1dw5kQm5vxu
t8Fg2aPFZEBikp7NHNI0UMX6LcQr+ySgbCZKWwP45XCyKPtfuwCBwk7eSkn0Ttq+
FkkjZznAresMfe29/dBnfxUfJN43tmhxBu0l1T4XYgXMCgv+g090mAEJ06i2/spw
ao0GFQZxxN7QedBbE0T3smKFKhxuazSYxuZgydmlnpnQ85jFMiJKnqL5lzNMTk1j
38fyMAWleKPktFo+gJ1Hn7RXn0NORHWLKrWgffmolwteXNZncIx7El58It1o+iLe
m6KqL0B20rWpQzUYDdAenURQupGzrhWu/Z3ruxv8dDW0mF3EGr90Ul+5oSU=
-----END CERTIFICATE-----