Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bf163e3c-8d3f-4f9c-909b-1fe794fc5ee0.roa
File:                     bf163e3c-8d3f-4f9c-909b-1fe794fc5ee0.roa (raw, json)
Hash identifier:          ri+fe1mgY7BWFqmUK/k4fNJNSuent3mXGDl8DMOXzJI=
Subject key identifier:   86:0C:64:93:1A:78:2A:24:5D:01:C4:D4:2B:96:5A:19:E3:C5:CF:3C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3DADE178E73B5A5A87422F847D13BFF05727840C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bf163e3c-8d3f-4f9c-909b-1fe794fc5ee0.roa
Signing time:             Mon 20 Oct 2025 02:41:50 +0000
ROA not before:           Mon 20 Oct 2025 02:41:50 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.138.160.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:ad:e1:78:e7:3b:5a:5a:87:42:2f:84:7d:13:bf:f0:57:27:84:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 02:41:50 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=f9740d7bd6132a5a6944ebcdefb5ddfd8738226c98302b9fd2ceaf3a239cfe4d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:75:36:07:30:68:40:73:bc:00:0f:d7:cb:a4:
                    e7:a4:07:78:de:09:1e:3b:35:51:65:37:b6:14:d7:
                    94:5a:84:89:4d:13:95:cc:80:d5:c5:3d:25:4f:3f:
                    38:13:9f:36:b3:44:7c:55:b2:1c:e5:eb:5e:e0:1e:
                    6b:af:dd:64:01:77:bf:fe:8d:12:b5:3e:1f:3d:da:
                    b9:60:e4:eb:d9:8b:47:c9:b9:cc:61:a7:8c:df:8f:
                    45:5d:61:56:dd:6c:e6:30:b9:ca:06:27:1a:5e:a6:
                    26:46:fa:a5:29:70:66:39:8d:e8:41:44:60:b9:3c:
                    51:cf:05:bc:e2:89:b2:c1:19:bb:f5:7b:0e:4d:a3:
                    8d:9e:a3:5f:46:b9:21:5d:63:b3:3f:94:eb:1c:3d:
                    0a:74:4f:2c:1d:31:38:5b:72:43:44:5f:60:33:b4:
                    ff:c2:47:b5:06:87:d2:06:3e:b0:84:9b:33:9d:67:
                    7b:3b:e1:45:80:90:08:02:da:74:cb:b9:25:58:72:
                    f8:3a:de:ce:79:ab:ea:af:77:45:7a:a7:ed:a0:40:
                    29:93:82:fc:ed:44:a0:44:9c:83:35:ea:6f:bb:05:
                    df:21:47:45:fa:17:4b:97:3f:29:63:12:60:23:7e:
                    e1:ab:37:c2:56:e9:04:48:63:12:6c:64:b1:23:bf:
                    e6:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:0C:64:93:1A:78:2A:24:5D:01:C4:D4:2B:96:5A:19:E3:C5:CF:3C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bf163e3c-8d3f-4f9c-909b-1fe794fc5ee0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.138.160.0/21

    Signature Algorithm: sha256WithRSAEncryption
         bd:24:77:ee:7f:d6:49:20:d9:6a:f0:b0:a7:91:67:84:f6:dd:
         a2:2f:8c:94:ee:03:38:47:44:d8:0f:98:42:fb:b2:d1:7e:d5:
         92:d5:b9:d4:f3:3b:ec:d5:09:97:9a:e3:04:47:aa:cd:9e:06:
         62:fd:03:7c:94:66:c2:96:8b:fd:dd:0f:98:b6:0a:ba:59:5d:
         04:13:71:39:0c:2e:43:b8:38:a4:b6:cb:e9:23:8a:b5:0e:f4:
         d0:4d:1c:ed:11:94:ac:7d:c5:1e:64:c8:2a:9e:33:38:63:5b:
         17:7e:be:47:99:2a:8e:e4:e8:bf:bb:01:b7:d1:00:f1:04:d8:
         73:c9:f8:07:86:47:14:94:6a:a7:cc:f2:6b:0b:3a:80:d9:4e:
         88:66:1d:16:3d:aa:9b:de:e5:03:ad:1c:34:55:de:f6:b9:7e:
         80:5a:36:b6:81:b2:f4:7f:cd:ff:ef:df:4b:1b:da:aa:c1:7a:
         fe:aa:92:f0:9b:62:fc:a4:cf:d6:7c:c7:4e:9c:ab:51:ff:2f:
         9a:d5:a9:95:17:fe:f8:5b:de:ea:fe:2a:df:7b:ab:1b:49:91:
         b9:51:58:fe:e7:85:2f:5c:41:12:57:09:5f:80:96:64:75:83:
         45:c6:f2:1e:53:ab:7c:86:72:50:ba:93:e1:b6:db:62:29:27:
         5f:a0:a9:24
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPa3heOc7WlqHQi+EfRO/8FcnhAwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDI0MTUwWhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BmOTc0MGQ3YmQ2MTMyYTVhNjk0NGViY2RlZmI1ZGRmZDg3
MzgyMjZjOTgzMDJiOWZkMmNlYWYzYTIzOWNmZTRkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCsdTYHMGhAc7wAD9fLpOekB3jeCR47NVFlN7YU15RahIlN
E5XMgNXFPSVPPzgTnzazRHxVshzl617gHmuv3WQBd7/+jRK1Ph892rlg5OvZi0fJ
ucxhp4zfj0VdYVbdbOYwucoGJxpepiZG+qUpcGY5jehBRGC5PFHPBbziibLBGbv1
ew5No42eo19GuSFdY7M/lOscPQp0TywdMThbckNEX2AztP/CR7UGh9IGPrCEmzOd
Z3s74UWAkAgC2nTLuSVYcvg63s55q+qvd0V6p+2gQCmTgvztRKBEnIM16m+7Bd8h
R0X6F0uXPyljEmAjfuGrN8JW6QRIYxJsZLEjv+YHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUhgxkkxp4KiRdAcTUK5ZaGePFzzwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JmMTYzZTNjLThkM2YtNGY5Yy05MDliLTFmZTc5NGZjNWVlMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANsiqAwDQYJKoZIhvcNAQELBQADggEBAL0kd+5/1kkg2WrwsKeRZ4T23aIv
jJTuAzhHRNgPmEL7stF+1ZLVudTzO+zVCZea4wRHqs2eBmL9A3yUZsKWi/3dD5i2
CrpZXQQTcTkMLkO4OKS2y+kjirUO9NBNHO0RlKx9xR5kyCqeMzhjWxd+vkeZKo7k
6L+7AbfRAPEE2HPJ+AeGRxSUaqfM8msLOoDZTohmHRY9qpve5QOtHDRV3va5foBa
NraBsvR/zf/v30sb2qrBev6qkvCbYvykz9Z8x06cq1H/L5rVqZUX/vhb3ur+Kt97
qxtJkblRWP7nhS9cQRJXCV+AlmR1g0XG8h5Tq3yGclC6k+G222IpJ1+gqSQ=
-----END CERTIFICATE-----