Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d5a08960-c255-4646-bd3b-dd8b42fbcb39.roa
File:                     d5a08960-c255-4646-bd3b-dd8b42fbcb39.roa (raw, json)
Hash identifier:          zlg8d63dNHOztaYdIZM8dM58+9tUuxjtcJm66tOw+5M=
Subject key identifier:   53:D2:D2:C7:84:C1:70:D3:4C:31:7E:5A:89:35:3A:84:22:F6:33:B6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0B831290C846D107C5879C39B6B9E16E08D5E980
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d5a08960-c255-4646-bd3b-dd8b42fbcb39.roa
Signing time:             Sun 19 Oct 2025 02:42:06 +0000
ROA not before:           Sun 19 Oct 2025 02:42:06 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.138.156.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:83:12:90:c8:46:d1:07:c5:87:9c:39:b6:b9:e1:6e:08:d5:e9:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 19 02:42:06 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=edca16ba4465c524c8f29a679eefe09b87a3f9f822018899d509d2c2c69b5017, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:f7:54:8a:cc:b6:71:64:0b:f1:8a:d7:54:a2:
                    34:c6:d7:c6:bc:b8:db:96:1b:82:4e:0f:44:b5:f3:
                    b5:b9:49:08:d8:8a:a8:a8:5a:b4:87:7f:e5:a2:3c:
                    70:d3:eb:73:63:49:b3:6a:37:f5:b0:1e:25:53:ec:
                    fe:9f:b6:49:21:30:9d:b0:e0:2d:8c:3f:37:1e:9c:
                    2e:70:29:ba:51:f1:71:81:06:ef:2d:a5:a8:b8:53:
                    a7:67:a5:8f:7b:21:92:4a:67:2c:e4:e7:bf:7a:f3:
                    c4:24:52:29:94:86:e1:da:a2:2b:4b:f9:27:87:64:
                    2c:4b:d8:25:b8:d8:90:77:e3:72:06:69:c0:2d:ed:
                    7e:19:be:04:49:e9:86:07:53:95:d6:0f:6e:82:61:
                    ce:cd:16:73:fe:3d:78:8e:7a:90:46:9c:25:31:92:
                    f0:96:0d:30:09:8e:55:0c:de:ce:40:73:35:ec:97:
                    ed:75:a8:8c:7b:26:a3:82:1a:fc:64:3e:79:f6:9e:
                    31:df:8f:5e:28:32:2f:dd:1b:6c:96:a6:9c:71:9a:
                    75:42:80:b6:48:4d:e5:47:dc:80:0c:94:11:d7:fe:
                    51:5b:00:30:53:0a:b5:97:ec:11:65:1e:d0:29:b9:
                    3d:6e:0b:64:7d:48:65:82:3e:50:58:19:04:16:62:
                    3a:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:D2:D2:C7:84:C1:70:D3:4C:31:7E:5A:89:35:3A:84:22:F6:33:B6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d5a08960-c255-4646-bd3b-dd8b42fbcb39.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.138.156.0/23

    Signature Algorithm: sha256WithRSAEncryption
         13:d7:1d:ae:09:f4:07:44:18:34:f4:6b:62:4a:48:45:8d:cc:
         b3:eb:0b:cc:af:b8:90:f2:dc:4d:76:3c:9c:ae:27:a9:78:88:
         75:dd:0a:74:61:80:f4:2a:5b:8f:1d:08:3a:74:60:c7:24:80:
         c2:6b:40:dd:aa:13:b5:18:d9:5b:1e:8e:34:e0:e4:de:d6:b6:
         f2:d5:7b:32:34:b5:7b:e7:64:68:65:b2:bc:37:b5:cc:28:c0:
         a1:74:9e:85:ea:da:da:2f:2d:2f:32:4f:fa:31:2d:80:d8:b1:
         03:94:79:4b:ef:54:b4:5f:3c:c2:5f:3e:a4:91:86:11:ef:31:
         88:f7:a2:e7:86:65:a2:21:f7:c9:c1:f1:a5:6f:46:2e:61:c8:
         e0:42:ea:5e:fb:3c:7d:6b:ed:6f:7f:c9:d6:75:27:c9:e5:35:
         64:47:cb:66:98:d2:32:b9:f5:5d:6a:50:25:4b:1d:e9:f2:ae:
         2c:c9:0f:b5:f5:49:21:05:28:ae:fc:5b:13:37:44:0f:af:78:
         77:ab:a4:a2:71:f9:27:b3:ad:0d:dd:77:5f:9b:79:b4:75:ae:
         49:68:9d:39:03:01:e3:29:1c:6c:bc:dc:a4:df:12:8f:30:ad:
         e3:2d:08:3b:33:f7:4c:4b:d4:29:76:01:a1:15:1d:5d:a6:e8:
         94:9b:56:7c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUC4MSkMhG0QfFh5w5trnhbgjV6YAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE5MDI0MjA2WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BlZGNhMTZiYTQ0NjVjNTI0YzhmMjlhNjc5ZWVmZTA5Yjg3
YTNmOWY4MjIwMTg4OTlkNTA5ZDJjMmM2OWI1MDE3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC191SKzLZxZAvxitdUojTG18a8uNuWG4JOD0S187W5SQjY
iqioWrSHf+WiPHDT63NjSbNqN/WwHiVT7P6ftkkhMJ2w4C2MPzcenC5wKbpR8XGB
Bu8tpai4U6dnpY97IZJKZyzk579688QkUimUhuHaoitL+SeHZCxL2CW42JB343IG
acAt7X4ZvgRJ6YYHU5XWD26CYc7NFnP+PXiOepBGnCUxkvCWDTAJjlUM3s5AczXs
l+11qIx7JqOCGvxkPnn2njHfj14oMi/dG2yWppxxmnVCgLZITeVH3IAMlBHX/lFb
ADBTCrWX7BFlHtApuT1uC2R9SGWCPlBYGQQWYjrjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUU9LSx4TBcNNMMX5aiTU6hCL2M7YwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q1YTA4OTYwLWMyNTUtNDY0Ni1iZDNiLWRkOGI0MmZiY2IzOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFsipwwDQYJKoZIhvcNAQELBQADggEBABPXHa4J9AdEGDT0a2JKSEWNzLPr
C8yvuJDy3E12PJyuJ6l4iHXdCnRhgPQqW48dCDp0YMckgMJrQN2qE7UY2VsejjTg
5N7WtvLVezI0tXvnZGhlsrw3tcwowKF0noXq2tovLS8yT/oxLYDYsQOUeUvvVLRf
PMJfPqSRhhHvMYj3oueGZaIh98nB8aVvRi5hyOBC6l77PH1r7W9/ydZ1J8nlNWRH
y2aY0jK59V1qUCVLHenyrizJD7X1SSEFKK78WxM3RA+veHerpKJx+SezrQ3dd1+b
ebR1rklonTkDAeMpHGy83KTfEo8wreMtCDsz90xL1Cl2AaEVHV2m6JSbVnw=
-----END CERTIFICATE-----