Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bbe805c8-6f23-4c45-987b-a786382a0389.roa
File:                     bbe805c8-6f23-4c45-987b-a786382a0389.roa (raw, json)
Hash identifier:          qS9ceRb2pESZNcGWBjpB6KpVvnL3h3e2gxUafynPfY8=
Subject key identifier:   4A:CA:A9:61:1A:B8:F1:38:03:FA:8C:34:56:FF:61:2A:56:5E:36:A7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       37103B0C9C29B145785491A7F7BBD054320C05E8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bbe805c8-6f23-4c45-987b-a786382a0389.roa
Signing time:             Mon 20 Oct 2025 00:31:49 +0000
ROA not before:           Mon 20 Oct 2025 00:31:49 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.158.104.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:10:3b:0c:9c:29:b1:45:78:54:91:a7:f7:bb:d0:54:32:0c:05:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 00:31:49 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=941f0cd59549f40aab585aa0363c508c02505805a7fdd2f6efbfbaba44297a32, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:c5:99:9e:29:90:fb:8c:ed:d6:f4:81:b2:e5:
                    4f:59:ed:de:43:91:23:c9:bc:dc:d0:3b:a1:47:94:
                    d3:33:59:0a:48:e3:ef:59:9b:ff:0a:0d:d0:93:2d:
                    86:80:f9:c0:f4:bf:55:fa:bc:95:bd:c9:bc:f7:97:
                    14:c0:b2:5e:a3:36:39:9d:b3:0c:cc:fe:67:35:20:
                    a9:ec:69:d1:15:65:7c:b6:3d:c1:40:7c:83:d5:c7:
                    15:90:56:95:63:e5:77:65:ef:75:5d:9a:1b:99:3a:
                    ab:23:66:1c:27:59:44:2f:5b:92:69:73:5e:ba:02:
                    f6:75:d5:f9:31:e2:ca:e1:30:c2:1d:b9:2d:f6:a1:
                    eb:1d:1c:ac:12:f3:05:a9:9e:9e:54:4c:bb:c3:30:
                    1e:6f:b8:2d:cb:f8:df:e1:9f:03:04:02:21:d6:00:
                    19:1b:ff:11:88:06:ad:37:57:25:51:16:8e:22:a0:
                    04:4b:e6:55:31:35:6a:51:dc:00:1e:07:13:88:bd:
                    bb:70:d3:fe:f4:f1:88:cf:c4:94:f4:74:18:6b:9c:
                    80:c6:ab:ae:3a:fd:0b:f6:c3:05:f8:1f:5e:b4:3c:
                    7e:c7:a4:02:b0:e8:77:ab:06:e4:f2:5c:77:c4:4b:
                    a3:58:8f:95:0c:39:fa:25:07:ab:e5:db:c3:5d:cd:
                    4a:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:CA:A9:61:1A:B8:F1:38:03:FA:8C:34:56:FF:61:2A:56:5E:36:A7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bbe805c8-6f23-4c45-987b-a786382a0389.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.158.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         00:e3:2f:00:5c:1b:5b:54:cf:cd:64:b8:dd:f2:76:d4:e8:c7:
         36:1c:f7:2b:7a:ec:13:02:1a:91:4c:00:79:8a:0a:8f:b1:46:
         30:94:72:a1:ec:54:99:b4:f7:6d:36:6d:a4:9b:72:60:e9:90:
         a6:c9:fb:f5:a7:8e:87:41:8e:33:c8:66:02:76:66:e0:21:45:
         52:56:23:2d:71:72:6d:37:03:09:cc:2b:11:98:24:60:cd:4c:
         59:02:9c:b8:7b:3b:0e:92:4c:c6:77:7b:9a:ad:a0:f2:9c:64:
         40:52:f0:46:1b:ae:1d:e1:07:e4:e0:1f:b6:5c:e3:5d:a8:2f:
         6e:ee:69:5e:c5:af:41:ef:f1:29:0b:23:b3:47:6c:fc:b7:d3:
         79:7b:cb:a7:f4:8c:77:57:38:d0:64:1a:72:81:b3:bd:92:72:
         40:8e:68:51:79:d7:5a:bc:d4:86:0f:4c:d5:42:d0:52:c5:38:
         a6:eb:0c:49:c3:59:de:d0:5c:34:ca:57:78:f7:9f:fd:4a:fb:
         91:02:a5:de:bd:63:30:27:29:a5:1f:13:0c:23:1b:bf:b5:1d:
         dd:e6:9c:9c:d8:b8:d1:9e:69:a0:fc:49:27:ff:1d:b9:e3:a2:
         17:2d:33:12:d1:a7:3e:bc:df:78:0d:04:a6:55:d0:d9:8b:9a:
         80:98:ca:f6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNxA7DJwpsUV4VJGn97vQVDIMBegwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDAzMTQ5WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A5NDFmMGNkNTk1NDlmNDBhYWI1ODVhYTAzNjNjNTA4YzAy
NTA1ODA1YTdmZGQyZjZlZmJmYmFiYTQ0Mjk3YTMyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9xZmeKZD7jO3W9IGy5U9Z7d5DkSPJvNzQO6FHlNMzWQpI
4+9Zm/8KDdCTLYaA+cD0v1X6vJW9ybz3lxTAsl6jNjmdswzM/mc1IKnsadEVZXy2
PcFAfIPVxxWQVpVj5Xdl73VdmhuZOqsjZhwnWUQvW5Jpc166AvZ11fkx4srhMMId
uS32oesdHKwS8wWpnp5UTLvDMB5vuC3L+N/hnwMEAiHWABkb/xGIBq03VyVRFo4i
oARL5lUxNWpR3AAeBxOIvbtw0/708YjPxJT0dBhrnIDGq646/Qv2wwX4H160PH7H
pAKw6HerBuTyXHfES6NYj5UMOfolB6vl28NdzUpJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUSsqpYRq48TgD+ow0Vv9hKlZeNqcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JiZTgwNWM4LTZmMjMtNGM0NS05ODdiLWE3ODYzODJhMDM4OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJsnmgwDQYJKoZIhvcNAQELBQADggEBAADjLwBcG1tUz81kuN3ydtToxzYc
9yt67BMCGpFMAHmKCo+xRjCUcqHsVJm09202baSbcmDpkKbJ+/WnjodBjjPIZgJ2
ZuAhRVJWIy1xcm03AwnMKxGYJGDNTFkCnLh7Ow6STMZ3e5qtoPKcZEBS8EYbrh3h
B+TgH7Zc412oL27uaV7Fr0Hv8SkLI7NHbPy303l7y6f0jHdXONBkGnKBs72SckCO
aFF511q81IYPTNVC0FLFOKbrDEnDWd7QXDTKV3j3n/1K+5ECpd69YzAnKaUfEwwj
G7+1Hd3mnJzYuNGeaaD8SSf/HbnjohctMxLRpz6833gNBKZV0NmLmoCYyvY=
-----END CERTIFICATE-----