Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e5552d1e-2285-4c94-81ee-477225a9f63f.roa
File:                     e5552d1e-2285-4c94-81ee-477225a9f63f.roa (raw, json)
Hash identifier:          elX2n4UeBDvuAKaNsI/i7HipjeiUA+Rk1VHV4X9ieZ4=
Subject key identifier:   4D:31:A3:E7:FB:7F:23:F1:E6:C8:A9:FF:E2:5F:EE:D9:7A:4F:72:27
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3F67B411E3B04F2F88A554EC7786CF1955A5F592
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e5552d1e-2285-4c94-81ee-477225a9f63f.roa
Signing time:             Mon 20 Oct 2025 01:51:05 +0000
ROA not before:           Mon 20 Oct 2025 01:51:05 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.139.168.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:67:b4:11:e3:b0:4f:2f:88:a5:54:ec:77:86:cf:19:55:a5:f5:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 01:51:05 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=5161240a824625e966cf7dcce9afab297201ce7535ba0ca609c12914caa1c334, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:08:3f:bc:b2:cc:a0:b7:75:61:c9:e4:bc:14:
                    87:d1:4c:e7:5f:aa:7c:d4:f0:5d:71:00:6e:db:0c:
                    79:89:59:fc:55:10:72:be:de:ea:84:24:fc:86:01:
                    98:06:3b:e5:71:86:24:ea:bb:91:0f:57:91:4f:eb:
                    13:58:c0:a0:8b:9c:b4:e6:13:69:44:e5:ac:d2:03:
                    27:06:d2:54:59:c2:d9:79:75:70:43:50:38:14:08:
                    04:85:0c:33:9f:32:88:2f:8c:d7:47:88:71:15:69:
                    14:bc:13:ad:30:69:e9:e6:be:dd:d1:7b:dd:19:89:
                    5f:b3:0f:31:ed:1e:40:9d:09:1b:b9:d3:e5:8d:1d:
                    e2:8d:ae:8c:6c:61:a6:27:02:1f:8f:f9:e3:6e:80:
                    4e:1b:5f:c8:55:54:8c:ea:c5:57:03:4d:c7:6c:85:
                    b8:7c:88:93:0a:45:55:a6:30:3b:a9:73:83:8b:af:
                    44:b5:10:46:36:c3:ed:06:53:68:7b:e6:f0:8a:bd:
                    23:b0:14:ac:87:90:d2:14:84:cf:64:2f:d2:f7:24:
                    c3:9c:4f:1b:08:8b:f1:3d:06:ce:f1:ff:e7:a2:a8:
                    f3:d3:b8:f8:05:87:ca:1d:11:92:69:65:c1:d1:7e:
                    53:b9:a4:7b:7e:65:7a:74:b0:f9:01:43:a1:f8:c6:
                    01:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:31:A3:E7:FB:7F:23:F1:E6:C8:A9:FF:E2:5F:EE:D9:7A:4F:72:27
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e5552d1e-2285-4c94-81ee-477225a9f63f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.139.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         76:13:8c:4a:65:f5:2c:bd:79:24:3a:fc:3f:a2:c4:6b:6e:b3:
         63:8b:cc:be:43:b9:c1:6e:90:0f:0d:d6:e3:40:6d:9d:1b:df:
         4c:3c:46:a5:c7:3e:89:e0:af:35:f4:74:d7:7e:7d:10:d6:1d:
         fa:72:9f:d8:45:15:e5:65:02:50:1c:3b:29:71:93:13:75:f2:
         a6:b7:b4:19:14:0f:61:89:f5:dd:b9:2f:c1:5d:49:4f:c4:2a:
         a3:6a:87:3a:d0:09:fe:14:0c:eb:ad:b8:0e:e0:e0:79:3c:55:
         24:ab:10:7f:a9:0c:b8:21:c7:b2:8d:ad:12:43:3c:df:b3:d8:
         a4:f7:d4:7e:ed:09:e1:fd:04:c4:72:9c:e7:ae:41:e6:fe:a0:
         d8:3f:50:59:a3:df:80:af:48:00:8c:1b:80:32:24:f0:97:4a:
         37:73:e4:24:f8:54:11:d5:cf:2f:28:42:26:07:3c:6d:8f:5a:
         13:8b:d3:af:93:f8:97:12:ca:15:8a:0b:0f:60:b3:90:57:bc:
         7e:83:ce:3e:21:e1:1e:62:cd:5f:66:73:ba:cf:cb:68:22:f6:
         2b:5c:d3:8a:30:d3:f4:7b:3d:7c:1e:d9:2c:db:99:67:87:e6:
         b2:2c:59:32:1b:49:0a:32:2f:0e:81:de:a5:83:68:bf:2f:73:
         e8:c3:c7:91
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUP2e0EeOwTy+IpVTsd4bPGVWl9ZIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDE1MTA1WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A1MTYxMjQwYTgyNDYyNWU5NjZjZjdkY2NlOWFmYWIyOTcy
MDFjZTc1MzViYTBjYTYwOWMxMjkxNGNhYTFjMzM0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9CD+8ssygt3VhyeS8FIfRTOdfqnzU8F1xAG7bDHmJWfxV
EHK+3uqEJPyGAZgGO+VxhiTqu5EPV5FP6xNYwKCLnLTmE2lE5azSAycG0lRZwtl5
dXBDUDgUCASFDDOfMogvjNdHiHEVaRS8E60waenmvt3Re90ZiV+zDzHtHkCdCRu5
0+WNHeKNroxsYaYnAh+P+eNugE4bX8hVVIzqxVcDTcdshbh8iJMKRVWmMDupc4OL
r0S1EEY2w+0GU2h75vCKvSOwFKyHkNIUhM9kL9L3JMOcTxsIi/E9Bs7x/+eiqPPT
uPgFh8odEZJpZcHRflO5pHt+ZXp0sPkBQ6H4xgE/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTTGj5/t/I/HmyKn/4l/u2XpPcicwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2U1NTUyZDFlLTIyODUtNGM5NC04MWVlLTQ3NzIyNWE5ZjYzZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJsi6gwDQYJKoZIhvcNAQELBQADggEBAHYTjEpl9Sy9eSQ6/D+ixGtus2OL
zL5DucFukA8N1uNAbZ0b30w8RqXHPongrzX0dNd+fRDWHfpyn9hFFeVlAlAcOylx
kxN18qa3tBkUD2GJ9d25L8FdSU/EKqNqhzrQCf4UDOutuA7g4Hk8VSSrEH+pDLgh
x7KNrRJDPN+z2KT31H7tCeH9BMRynOeuQeb+oNg/UFmj34CvSACMG4AyJPCXSjdz
5CT4VBHVzy8oQiYHPG2PWhOL06+T+JcSyhWKCw9gs5BXvH6Dzj4h4R5izV9mc7rP
y2gi9itc04ow0/R7PXwe2SzbmWeH5rIsWTIbSQoyLw6B3qWDaL8vc+jDx5E=
-----END CERTIFICATE-----