Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bfc96253-86ba-46ce-bee1-764de3747b75.roa
File:                     bfc96253-86ba-46ce-bee1-764de3747b75.roa (raw, json)
Hash identifier:          fHXdGBlpQBhQs/Ts5n5Y0xswqH/SfvsOv7JQulO3TYQ=
Subject key identifier:   AA:94:FD:2F:8A:85:C4:4A:26:E2:6B:4D:0F:28:4D:FB:D6:73:7B:2B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       391D35FC9D226B4733808C03B5284EBCDFC02C72
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bfc96253-86ba-46ce-bee1-764de3747b75.roa
Signing time:             Sun 19 Oct 2025 03:00:43 +0000
ROA not before:           Sun 19 Oct 2025 03:00:43 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.139.98.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:1d:35:fc:9d:22:6b:47:33:80:8c:03:b5:28:4e:bc:df:c0:2c:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 19 03:00:43 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=29f285abe0d45ac96337c8240dd2095b5799f1c41ce1ae4a8755db695dd04aa7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:92:51:40:13:3b:9a:38:bb:4f:c7:a0:53:47:
                    c1:c0:7d:08:1b:25:42:72:36:08:77:f2:90:4b:10:
                    e3:fd:18:7d:2f:7f:9f:27:f6:54:88:b1:46:3e:98:
                    3e:7f:79:76:4c:fb:ea:6b:85:14:ab:89:25:f8:00:
                    96:6d:a3:59:6a:02:58:6d:93:35:bc:fb:de:dc:e5:
                    7a:0b:dc:bf:a4:12:ae:c9:5a:56:7e:d5:5d:48:37:
                    8f:bd:f7:1b:d0:9d:2c:b1:d8:dd:79:8c:72:ae:d7:
                    6d:c7:a0:b7:9c:3a:85:fd:e4:b7:c5:45:98:79:1e:
                    6d:88:e7:f8:5e:3e:01:9b:67:a1:32:4a:f4:0c:91:
                    62:92:80:3c:30:37:72:08:dd:07:83:7c:22:5d:32:
                    94:ae:44:23:7e:f1:dc:ff:f6:30:b1:dc:6e:21:4a:
                    e4:53:5a:3d:00:cc:df:07:53:21:83:ea:e7:0b:91:
                    c4:c8:e8:b5:a1:a5:ff:d6:45:4f:79:6d:f4:24:f9:
                    e5:b3:86:08:60:55:3a:28:8c:fc:25:96:c1:20:9d:
                    33:eb:f5:4b:fe:37:bc:d6:01:b0:2a:07:c8:21:7d:
                    62:17:f3:73:67:38:62:ba:ff:48:f2:fd:64:23:cd:
                    bc:ae:a4:23:ff:0d:28:5c:4f:4e:59:5b:32:85:00:
                    80:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:94:FD:2F:8A:85:C4:4A:26:E2:6B:4D:0F:28:4D:FB:D6:73:7B:2B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bfc96253-86ba-46ce-bee1-764de3747b75.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.139.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:78:fa:b3:69:69:30:a6:bc:cd:3d:89:e0:07:5f:5b:f0:eb:
         74:8f:7e:71:f1:cc:fb:66:9d:2b:44:be:86:fc:d6:76:a7:b5:
         ee:ac:e6:73:21:62:b3:d1:1b:91:91:14:54:23:dc:8d:6b:53:
         4d:c8:97:3b:d8:f5:d9:11:7d:25:da:0f:09:c2:2a:50:55:af:
         04:81:03:b5:e3:7c:94:44:32:70:9d:4a:6f:17:5a:fc:76:55:
         e7:dd:96:86:1b:78:68:e7:43:36:42:0a:1f:64:2e:af:08:21:
         fa:8f:5b:9b:7f:af:5f:ed:59:f9:10:90:91:0b:37:42:ee:d2:
         84:ed:d0:0b:77:0b:2f:75:55:b3:e6:c7:7a:34:89:52:24:0e:
         5e:8f:41:8c:81:84:a8:df:8c:ae:e5:00:51:9e:fd:aa:7f:27:
         fc:11:34:4c:3b:ec:d3:24:f5:66:e7:f9:cb:31:3c:34:86:05:
         bb:47:2f:42:42:c0:61:27:a3:d8:ba:b7:e3:b9:f4:67:d5:dc:
         d4:aa:3e:7d:42:19:9d:9f:d2:06:d9:c7:9c:04:ae:a5:21:aa:
         a4:36:21:cb:6e:7e:5a:6f:9c:79:29:bd:c7:48:80:38:b1:fe:
         0b:81:b2:58:d2:e1:19:d7:b9:e1:0f:b7:87:94:f4:89:f3:ae:
         6a:10:93:6e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOR01/J0ia0czgIwDtShOvN/ALHIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE5MDMwMDQzWhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0AyOWYyODVhYmUwZDQ1YWM5NjMzN2M4MjQwZGQyMDk1YjU3
OTlmMWM0MWNlMWFlNGE4NzU1ZGI2OTVkZDA0YWE3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvklFAEzuaOLtPx6BTR8HAfQgbJUJyNgh38pBLEOP9GH0v
f58n9lSIsUY+mD5/eXZM++prhRSriSX4AJZto1lqAlhtkzW8+97c5XoL3L+kEq7J
WlZ+1V1IN4+99xvQnSyx2N15jHKu123HoLecOoX95LfFRZh5Hm2I5/hePgGbZ6Ey
SvQMkWKSgDwwN3II3QeDfCJdMpSuRCN+8dz/9jCx3G4hSuRTWj0AzN8HUyGD6ucL
kcTI6LWhpf/WRU95bfQk+eWzhghgVToojPwllsEgnTPr9Uv+N7zWAbAqB8ghfWIX
83NnOGK6/0jy/WQjzbyupCP/DShcT05ZWzKFAIA/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUqpT9L4qFxEom4mtNDyhN+9ZzeyswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JmYzk2MjUzLTg2YmEtNDZjZS1iZWUxLTc2NGRlMzc0N2I3NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsi2IwDQYJKoZIhvcNAQELBQADggEBAEB4+rNpaTCmvM09ieAHX1vw63SP
fnHxzPtmnStEvob81nante6s5nMhYrPRG5GRFFQj3I1rU03IlzvY9dkRfSXaDwnC
KlBVrwSBA7XjfJREMnCdSm8XWvx2VefdloYbeGjnQzZCCh9kLq8IIfqPW5t/r1/t
WfkQkJELN0Lu0oTt0At3Cy91VbPmx3o0iVIkDl6PQYyBhKjfjK7lAFGe/ap/J/wR
NEw77NMk9Wbn+csxPDSGBbtHL0JCwGEno9i6t+O59GfV3NSqPn1CGZ2f0gbZx5wE
rqUhqqQ2IctuflpvnHkpvcdIgDix/guBsljS4RnXueEPt4eU9InzrmoQk24=
-----END CERTIFICATE-----