Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d6b8812f-1285-4b28-94df-c4f4f481d73f.roa
File:                     d6b8812f-1285-4b28-94df-c4f4f481d73f.roa (raw, json)
Hash identifier:          m+EWVEjzTOD/jvfdF8mu/EJYvmRCzDZehAVIalUk4PM=
Subject key identifier:   9F:4B:1B:7E:9A:E5:04:8D:FD:1E:74:BD:19:B9:5C:DF:1F:22:E9:9D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3FF717705DA25197BBBE9F575F7C4B13118C5619
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d6b8812f-1285-4b28-94df-c4f4f481d73f.roa
Signing time:             Mon 20 Oct 2025 06:30:20 +0000
ROA not before:           Mon 20 Oct 2025 06:30:20 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.158.97.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:f7:17:70:5d:a2:51:97:bb:be:9f:57:5f:7c:4b:13:11:8c:56:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 06:30:20 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=2ecbf81255e7d7593877ac29bda66e0af040dad6f9d5883d60e459d2af93c587, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:ac:93:15:0f:87:db:0d:a0:91:e8:58:91:04:
                    06:1c:53:c5:b1:21:a1:7e:92:76:d4:fd:0e:29:01:
                    45:35:68:67:c9:04:51:35:9e:75:00:92:0e:02:43:
                    1f:d6:9e:99:41:d5:9f:3c:f6:6a:ac:60:76:dd:c4:
                    d5:ee:f6:07:04:c1:1a:42:d0:34:27:57:11:e9:40:
                    ba:76:f5:51:f6:a7:2e:e3:4d:8e:3f:c9:f2:88:5a:
                    b3:9d:97:ae:1e:42:7a:19:3e:22:7f:2a:c6:88:39:
                    4f:b9:6b:38:e3:30:bc:46:80:5b:98:7b:b5:d3:2a:
                    f7:17:32:c9:c0:5b:02:b1:1c:9d:3b:7f:40:bd:6a:
                    e2:bb:32:41:5d:46:48:ba:4c:27:f2:68:52:b6:b7:
                    ac:c7:dd:c4:af:a5:61:9d:07:ed:99:53:54:74:96:
                    cc:00:78:97:d7:91:ea:f8:26:43:e7:de:46:0e:d4:
                    93:24:6a:d0:a0:c2:fc:30:6f:5b:15:86:82:9b:52:
                    8b:08:1e:80:cd:be:fa:ea:30:31:aa:c3:77:4f:d1:
                    b8:b2:92:2d:5e:92:67:b6:64:0e:43:35:b4:a0:55:
                    df:4e:d1:99:cf:d4:ba:3e:98:58:8c:10:65:73:65:
                    5d:d0:00:d6:39:a4:df:24:05:70:49:88:47:f3:ef:
                    3c:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:4B:1B:7E:9A:E5:04:8D:FD:1E:74:BD:19:B9:5C:DF:1F:22:E9:9D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d6b8812f-1285-4b28-94df-c4f4f481d73f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.158.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:a9:76:b9:a6:b9:6a:ef:62:17:d0:f2:6c:d4:a4:69:9f:4c:
         af:47:cb:0f:74:8e:f5:b4:b6:e0:c6:38:ba:39:90:e6:c8:77:
         2f:5b:de:7d:e4:f4:8d:23:3b:64:57:28:34:50:81:71:ae:26:
         e3:ed:bf:af:92:aa:95:45:42:77:d5:cd:49:67:20:55:20:f4:
         20:00:06:a9:e0:68:e1:0b:be:c5:29:f5:4c:6e:0f:52:27:85:
         5d:7f:5f:b7:7c:70:a8:75:74:ba:d6:f9:9f:39:95:fc:a7:b5:
         42:3f:77:63:fb:f4:65:b1:5a:fd:04:1c:2c:18:29:02:46:24:
         d0:b4:b8:6a:c7:42:99:52:20:99:b7:cd:74:14:bf:09:29:fe:
         fc:6f:e2:d6:1b:bb:9c:5c:d2:1f:48:fc:f3:04:c5:d9:a4:f9:
         e8:7d:8d:9e:2c:71:c2:de:c4:b0:bc:1f:0d:a1:a6:18:85:16:
         ca:2f:d1:6e:61:32:9b:3b:b4:f4:c4:f8:29:26:ba:be:02:98:
         c1:3b:71:f3:e7:7c:9c:92:b6:ac:58:0e:9c:ff:66:6b:ba:e8:
         05:6d:c2:e2:24:d7:ca:0c:3c:4d:93:2c:41:92:50:29:c8:ce:
         98:d2:65:d2:b1:f4:31:f6:f4:93:b5:a6:c1:ee:d7:13:eb:06:
         c2:62:e6:4b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUP/cXcF2iUZe7vp9XX3xLExGMVhkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDYzMDIwWhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AyZWNiZjgxMjU1ZTdkNzU5Mzg3N2FjMjliZGE2NmUwYWYw
NDBkYWQ2ZjlkNTg4M2Q2MGU0NTlkMmFmOTNjNTg3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDCrJMVD4fbDaCR6FiRBAYcU8WxIaF+knbU/Q4pAUU1aGfJ
BFE1nnUAkg4CQx/WnplB1Z889mqsYHbdxNXu9gcEwRpC0DQnVxHpQLp29VH2py7j
TY4/yfKIWrOdl64eQnoZPiJ/KsaIOU+5azjjMLxGgFuYe7XTKvcXMsnAWwKxHJ07
f0C9auK7MkFdRki6TCfyaFK2t6zH3cSvpWGdB+2ZU1R0lswAeJfXker4JkPn3kYO
1JMkatCgwvwwb1sVhoKbUosIHoDNvvrqMDGqw3dP0biyki1ekme2ZA5DNbSgVd9O
0ZnP1Lo+mFiMEGVzZV3QANY5pN8kBXBJiEfz7zzNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUn0sbfprlBI39HnS9Gblc3x8i6Z0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q2Yjg4MTJmLTEyODUtNGIyOC05NGRmLWM0ZjRmNDgxZDczZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsnmEwDQYJKoZIhvcNAQELBQADggEBAH+pdrmmuWrvYhfQ8mzUpGmfTK9H
yw90jvW0tuDGOLo5kObIdy9b3n3k9I0jO2RXKDRQgXGuJuPtv6+SqpVFQnfVzUln
IFUg9CAABqngaOELvsUp9UxuD1InhV1/X7d8cKh1dLrW+Z85lfyntUI/d2P79GWx
Wv0EHCwYKQJGJNC0uGrHQplSIJm3zXQUvwkp/vxv4tYbu5xc0h9I/PMExdmk+eh9
jZ4sccLexLC8Hw2hphiFFsov0W5hMps7tPTE+Ckmur4CmME7cfPnfJyStqxYDpz/
Zmu66AVtwuIk18oMPE2TLEGSUCnIzpjSZdKx9DH29JO1psHu1xPrBsJi5ks=
-----END CERTIFICATE-----