Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d9aa4846-9f4b-4c12-a23a-5d31b2b37d5a.roa
File:                     d9aa4846-9f4b-4c12-a23a-5d31b2b37d5a.roa (raw, json)
Hash identifier:          V6M7tyrTQGsMFZYkTU295hPjV+qrlUWHDr+seXYDEDY=
Subject key identifier:   60:75:CB:95:8B:23:87:21:AA:39:00:6E:C9:00:91:A0:63:7A:5C:5B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2127041E37B9584AFF9EFE82D4EB4348CE363C47
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d9aa4846-9f4b-4c12-a23a-5d31b2b37d5a.roa
Signing time:             Sun 19 Oct 2025 01:50:46 +0000
ROA not before:           Sun 19 Oct 2025 01:50:46 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.139.132.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:27:04:1e:37:b9:58:4a:ff:9e:fe:82:d4:eb:43:48:ce:36:3c:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 19 01:50:46 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=ea26e7323826dce1442cef8fff49d32e2ec21dc70e15f43ae2325db884a6f72a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:6a:e5:c2:da:f3:47:21:81:9e:78:f9:40:1e:
                    3f:b2:a7:7d:64:df:22:8d:76:46:e2:3e:80:88:47:
                    ce:bb:27:9e:1e:b5:0d:66:d5:4a:8d:a7:82:f8:2e:
                    16:27:10:16:b7:b5:5e:d9:72:0b:52:a3:f9:ed:35:
                    f8:df:70:4d:c4:16:c1:5b:06:6e:6c:36:37:4f:59:
                    60:05:43:d4:85:04:6f:a2:68:c4:a6:13:d5:ea:f3:
                    10:34:d5:f7:e0:ac:4f:a0:20:d6:a1:87:60:36:a4:
                    b9:12:af:ee:d7:d2:48:fc:f9:40:ca:35:a7:e2:5f:
                    0b:0e:b7:90:90:bb:86:28:ba:74:0f:1f:35:e6:4c:
                    bd:1c:2b:a0:6b:16:2f:78:b6:26:74:10:7a:c8:38:
                    aa:a1:23:ec:a0:24:57:88:4c:1e:a9:33:5e:96:5b:
                    8c:30:20:64:a8:54:71:50:59:fe:a8:93:c5:82:41:
                    2b:dc:b1:45:88:03:6d:3b:75:7d:09:06:66:5f:99:
                    b3:ad:ec:54:f5:4d:b7:77:1c:8e:5e:54:3c:65:e1:
                    f9:d8:f4:cb:0b:bd:75:46:46:7a:06:cc:76:02:53:
                    fb:9a:b3:57:71:ea:75:0a:12:c5:53:00:75:f8:cb:
                    9f:a8:15:63:54:e1:be:78:35:36:b7:3c:19:84:7d:
                    ea:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:75:CB:95:8B:23:87:21:AA:39:00:6E:C9:00:91:A0:63:7A:5C:5B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d9aa4846-9f4b-4c12-a23a-5d31b2b37d5a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.139.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c9:01:ad:ee:6d:64:5d:c9:40:79:72:63:9c:f7:ce:b9:2e:5f:
         f2:30:59:e9:7c:5f:db:c6:8b:4f:f5:42:e6:dc:41:c6:98:f3:
         e4:d2:5c:52:be:e1:e3:e5:a4:0d:66:8a:7f:b0:8f:9a:8d:52:
         62:aa:63:96:d1:6f:7e:eb:73:6f:43:f6:ed:04:57:dd:8f:d0:
         ab:de:2a:4f:ee:f6:42:bd:37:27:8e:d0:d2:dc:ec:26:e7:a5:
         a4:fb:51:17:0d:59:41:1e:c2:3f:4f:83:68:94:ca:ea:e8:a8:
         9e:46:4d:b7:3a:49:c9:77:6b:5b:30:84:b8:7e:1a:db:df:8c:
         ea:d0:03:f5:a2:40:33:b9:3d:56:e8:1c:36:75:04:50:a4:ac:
         d9:25:05:07:55:dd:03:c5:fa:1a:3d:fb:6a:85:56:df:d1:99:
         43:bb:21:60:f1:d1:cb:50:60:15:be:75:40:0b:21:77:6f:55:
         bb:23:e1:50:3b:18:bd:0d:ba:ad:0c:63:d7:0d:e1:d3:69:fe:
         34:f2:75:7f:d2:c5:1a:31:cb:3f:5f:5e:45:89:53:73:29:7b:
         30:e1:28:12:0f:0f:5f:6d:ff:0f:82:9f:b9:1a:13:76:9b:bf:
         5d:90:50:8b:12:8f:01:90:ed:ce:fd:8f:0c:f0:5b:9e:1c:a9:
         ce:79:39:5d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIScEHje5WEr/nv6C1OtDSM42PEcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE5MDE1MDQ2WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BlYTI2ZTczMjM4MjZkY2UxNDQyY2VmOGZmZjQ5ZDMyZTJl
YzIxZGM3MGUxNWY0M2FlMjMyNWRiODg0YTZmNzJhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDYauXC2vNHIYGeePlAHj+yp31k3yKNdkbiPoCIR867J54e
tQ1m1UqNp4L4LhYnEBa3tV7ZcgtSo/ntNfjfcE3EFsFbBm5sNjdPWWAFQ9SFBG+i
aMSmE9Xq8xA01ffgrE+gINahh2A2pLkSr+7X0kj8+UDKNafiXwsOt5CQu4YounQP
HzXmTL0cK6BrFi94tiZ0EHrIOKqhI+ygJFeITB6pM16WW4wwIGSoVHFQWf6ok8WC
QSvcsUWIA207dX0JBmZfmbOt7FT1Tbd3HI5eVDxl4fnY9MsLvXVGRnoGzHYCU/ua
s1dx6nUKEsVTAHX4y5+oFWNU4b54NTa3PBmEfephAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYHXLlYsjhyGqOQBuyQCRoGN6XFswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q5YWE0ODQ2LTlmNGItNGMxMi1hMjNhLTVkMzFiMmIzN2Q1YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsi4QwDQYJKoZIhvcNAQELBQADggEBAMkBre5tZF3JQHlyY5z3zrkuX/Iw
Wel8X9vGi0/1QubcQcaY8+TSXFK+4ePlpA1min+wj5qNUmKqY5bRb37rc29D9u0E
V92P0KveKk/u9kK9NyeO0NLc7CbnpaT7URcNWUEewj9Pg2iUyuroqJ5GTbc6Scl3
a1swhLh+GtvfjOrQA/WiQDO5PVboHDZ1BFCkrNklBQdV3QPF+ho9+2qFVt/RmUO7
IWDx0ctQYBW+dUALIXdvVbsj4VA7GL0Nuq0MY9cN4dNp/jTydX/SxRoxyz9fXkWJ
U3MpezDhKBIPD19t/w+Cn7kaE3abv12QUIsSjwGQ7c79jwzwW54cqc55OV0=
-----END CERTIFICATE-----