Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d839a94f-f014-4e59-9d15-f2a3b23060fa.roa
File:                     d839a94f-f014-4e59-9d15-f2a3b23060fa.roa (raw, json)
Hash identifier:          Z8Li/CgrVpBBTNqh+4d9hqqrxnmqoKX1bF84WgBSDOc=
Subject key identifier:   F4:3D:B0:0D:24:D6:A1:41:89:C3:5A:94:DD:B1:5F:6C:67:2A:BC:34
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       346223A2B98A61D2A4EA8562F4338F864A0DCD62
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d839a94f-f014-4e59-9d15-f2a3b23060fa.roa
Signing time:             Mon 20 Oct 2025 03:22:18 +0000
ROA not before:           Mon 20 Oct 2025 03:22:18 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.156.44.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:62:23:a2:b9:8a:61:d2:a4:ea:85:62:f4:33:8f:86:4a:0d:cd:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 03:22:18 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=4ca6a4dbb3129a7020835e29f403a447ec3336d1773af45a9c9b8f44d5dcc9f2, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:16:e0:63:27:18:50:4c:10:a9:05:11:83:0c:
                    42:db:10:20:a9:b9:aa:18:53:35:48:b3:8d:5b:98:
                    b1:37:d4:92:7e:b6:87:b0:37:2d:39:8a:52:2f:51:
                    fc:e5:e1:37:e9:87:40:cf:85:b7:15:a0:6c:ee:1b:
                    69:69:91:9b:0d:71:ac:e3:56:49:99:d7:bf:51:6e:
                    75:d9:5e:a4:d3:df:f8:83:41:14:07:e9:97:76:64:
                    10:1b:ec:b6:9f:37:fb:25:22:91:e5:44:78:4e:63:
                    7a:9c:85:b3:1f:27:ab:b9:a2:cd:7b:2b:b1:de:61:
                    95:a9:94:4d:db:a9:2e:24:64:73:4c:8b:04:0e:b6:
                    db:e2:00:60:2d:92:d0:f9:e2:81:33:73:1d:b2:f8:
                    17:0a:4b:97:d0:92:0e:7b:f6:51:ba:47:d6:d7:2a:
                    99:cb:9d:7d:af:a7:27:b1:34:84:c7:f0:d2:b5:ae:
                    68:37:ee:4e:04:70:2d:be:58:e5:dc:15:74:84:56:
                    f9:48:58:a4:5f:a3:58:d2:77:c5:cb:ef:5d:49:db:
                    49:15:7b:5e:10:03:49:89:ea:c2:4d:3f:36:5e:62:
                    02:63:3e:18:c8:09:75:75:92:b2:a2:3a:21:ef:8c:
                    42:dd:d5:dc:65:ea:bd:f8:ec:31:01:33:b9:1b:cc:
                    a6:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:3D:B0:0D:24:D6:A1:41:89:C3:5A:94:DD:B1:5F:6C:67:2A:BC:34
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d839a94f-f014-4e59-9d15-f2a3b23060fa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.156.44.0/23

    Signature Algorithm: sha256WithRSAEncryption
         72:38:c7:74:a4:d5:c9:da:5a:10:2a:70:11:df:51:7b:c6:e8:
         7e:dd:28:ed:cb:41:46:d8:5e:13:a6:7d:98:9f:6d:3e:17:8d:
         e5:21:d6:c6:ba:94:89:08:e7:14:65:b9:9d:21:e3:13:63:27:
         a5:f5:5b:05:96:bd:f7:2b:c8:19:f1:a0:75:45:32:c5:27:8b:
         b2:17:72:eb:0b:4d:f8:10:dc:f2:b6:c0:77:98:71:8b:2a:c2:
         23:92:dc:8a:80:19:42:98:15:9b:d6:08:2f:d5:c0:b1:7e:3c:
         62:4f:67:8c:c9:14:25:90:de:a5:9b:57:64:b0:52:1c:01:fb:
         e1:02:a1:ec:54:74:d4:ca:b1:62:25:6c:38:74:d0:b8:40:4a:
         cf:be:2e:81:6b:bd:c1:ef:61:70:c3:0c:fe:ef:1d:7e:de:ec:
         f6:a9:fd:49:2e:f7:37:a3:cf:12:64:4c:17:bd:02:08:d3:e6:
         12:cb:8f:50:a2:82:b3:20:75:5a:2b:dc:fe:4e:0a:d8:97:c2:
         ec:2f:70:3f:33:18:16:4d:d2:6e:b6:d0:4d:92:de:30:63:79:
         be:5f:76:cd:4b:8d:95:1f:f0:5c:75:2e:f5:71:77:17:6c:85:
         c2:da:f2:c2:af:e9:00:36:aa:9b:9f:60:53:0d:cd:46:ef:57:
         91:52:00:d1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNGIjormKYdKk6oVi9DOPhkoNzWIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDMyMjE4WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A0Y2E2YTRkYmIzMTI5YTcwMjA4MzVlMjlmNDAzYTQ0N2Vj
MzMzNmQxNzczYWY0NWE5YzliOGY0NGQ1ZGNjOWYyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzFuBjJxhQTBCpBRGDDELbECCpuaoYUzVIs41bmLE31JJ+
toewNy05ilIvUfzl4Tfph0DPhbcVoGzuG2lpkZsNcazjVkmZ179RbnXZXqTT3/iD
QRQH6Zd2ZBAb7LafN/slIpHlRHhOY3qchbMfJ6u5os17K7HeYZWplE3bqS4kZHNM
iwQOttviAGAtktD54oEzcx2y+BcKS5fQkg579lG6R9bXKpnLnX2vpyexNITH8NK1
rmg37k4EcC2+WOXcFXSEVvlIWKRfo1jSd8XL711J20kVe14QA0mJ6sJNPzZeYgJj
PhjICXV1krKiOiHvjELd1dxl6r347DEBM7kbzKaZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU9D2wDSTWoUGJw1qU3bFfbGcqvDQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q4MzlhOTRmLWYwMTQtNGU1OS05ZDE1LWYyYTNiMjMwNjBmYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFsnCwwDQYJKoZIhvcNAQELBQADggEBAHI4x3Sk1cnaWhAqcBHfUXvG6H7d
KO3LQUbYXhOmfZifbT4XjeUh1sa6lIkI5xRluZ0h4xNjJ6X1WwWWvfcryBnxoHVF
MsUni7IXcusLTfgQ3PK2wHeYcYsqwiOS3IqAGUKYFZvWCC/VwLF+PGJPZ4zJFCWQ
3qWbV2SwUhwB++ECoexUdNTKsWIlbDh00LhASs++LoFrvcHvYXDDDP7vHX7e7Pap
/Uku9zejzxJkTBe9AgjT5hLLj1CigrMgdVor3P5OCtiXwuwvcD8zGBZN0m620E2S
3jBjeb5fds1LjZUf8Fx1LvVxdxdshcLa8sKv6QA2qpufYFMNzUbvV5FSANE=
-----END CERTIFICATE-----