Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/eb00a821-44c5-4b2e-a1d0-39b5d0e5e69e.roa
File:                     eb00a821-44c5-4b2e-a1d0-39b5d0e5e69e.roa (raw, json)
Hash identifier:          9fs8DkrYCwPxqbdVeo3O/ujgdQZkikd1sSXGgLzyJ4g=
Subject key identifier:   C7:75:67:12:DA:B3:B6:4D:EA:D1:D0:31:79:E6:6E:81:58:E7:B7:78
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       196D3188A865990081A5910FA5501F00DFBE84F5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/eb00a821-44c5-4b2e-a1d0-39b5d0e5e69e.roa
Signing time:             Sun 19 Oct 2025 00:51:35 +0000
ROA not before:           Sun 19 Oct 2025 00:51:35 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.139.140.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:6d:31:88:a8:65:99:00:81:a5:91:0f:a5:50:1f:00:df:be:84:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 19 00:51:35 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=7dfdcaa149a5e210a37d7ffa680110652b9ee90a8c4260e8003f9ac2020a3521, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:82:5f:17:2e:3f:d8:fc:fd:5d:9f:8b:16:96:
                    26:87:d3:33:7e:5f:8e:62:16:e3:f2:f1:42:40:1c:
                    9d:eb:69:95:e1:c2:3e:c5:ae:02:fb:d7:5c:03:1d:
                    07:92:48:87:38:7c:51:12:ce:e0:f5:c0:64:54:53:
                    cd:43:6d:01:79:25:cf:bc:e9:bc:b9:c4:7f:48:3d:
                    6f:ae:e4:fa:34:1e:76:38:57:76:62:ce:b9:2f:ad:
                    e0:cf:3f:f4:b2:68:18:6e:97:67:45:e9:96:b3:77:
                    44:34:12:4e:89:6e:1a:39:1e:4c:0d:88:b8:19:e4:
                    46:e3:47:a0:71:d7:9a:37:41:73:08:d0:fe:d4:25:
                    68:48:5f:e8:cf:25:a0:eb:37:5e:9d:63:c3:7c:af:
                    db:33:96:b3:e0:6a:4b:69:7d:37:b7:c0:bd:cc:02:
                    4d:4b:f8:a9:ef:67:e9:dc:33:78:b0:5d:16:5c:ec:
                    3e:50:3c:4d:05:b7:62:1e:1b:30:ee:20:ad:21:ec:
                    de:7b:b5:ce:c5:74:79:97:96:3e:2b:a3:83:57:c6:
                    29:dd:7d:51:06:e9:03:4e:76:ac:21:01:11:94:40:
                    4a:c8:59:bc:5c:cd:8d:9e:85:d6:ee:32:63:49:2a:
                    e7:69:45:4f:50:8f:bd:04:fd:89:4d:53:ce:7b:be:
                    bd:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:75:67:12:DA:B3:B6:4D:EA:D1:D0:31:79:E6:6E:81:58:E7:B7:78
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/eb00a821-44c5-4b2e-a1d0-39b5d0e5e69e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.139.140.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0a:77:8f:ac:02:93:61:59:a8:50:9b:e1:2e:61:7a:f4:8a:39:
         56:27:16:1c:87:2a:1b:32:d7:9a:12:ad:07:6e:81:08:95:00:
         55:87:7a:01:12:16:22:9a:87:42:2f:fd:d1:ab:01:eb:93:ce:
         8f:73:ec:88:6f:47:f8:f3:99:f1:84:dd:05:9a:3c:c8:f1:3f:
         39:9f:33:3d:18:6d:7c:94:d3:1f:85:65:7c:93:59:ec:d9:69:
         46:e9:78:db:3b:29:46:3f:b9:e3:de:d2:37:9e:96:64:2b:12:
         4a:9d:bc:bf:46:99:87:0d:78:aa:39:1f:93:ce:c0:36:5b:87:
         07:9a:04:4c:6d:84:b8:80:09:91:01:d3:78:2d:b9:c8:f9:5c:
         51:b7:5a:12:d0:b9:ad:32:be:6f:2c:44:fa:9b:43:59:19:b1:
         72:4f:ae:a3:21:b3:fd:53:f3:8e:a8:86:8b:ab:74:be:72:6a:
         79:21:6b:b8:f1:b4:58:cf:25:29:9b:b4:6a:00:a1:48:20:07:
         39:f5:19:9f:54:b7:9f:b7:f5:7a:27:db:7e:da:b5:da:c5:54:
         dd:68:f6:09:a4:0f:08:10:17:0c:0d:23:d0:bf:4a:c7:b1:f1:
         e9:89:d4:73:ad:4e:63:11:25:9f:a9:fa:55:43:47:df:8d:b4:
         82:d7:ad:9b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGW0xiKhlmQCBpZEPpVAfAN++hPUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE5MDA1MTM1WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZGZkY2FhMTQ5YTVlMjEwYTM3ZDdmZmE2ODAxMTA2NTJi
OWVlOTBhOGM0MjYwZTgwMDNmOWFjMjAyMGEzNTIxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDTgl8XLj/Y/P1dn4sWliaH0zN+X45iFuPy8UJAHJ3raZXh
wj7FrgL711wDHQeSSIc4fFESzuD1wGRUU81DbQF5Jc+86by5xH9IPW+u5Po0HnY4
V3ZizrkvreDPP/SyaBhul2dF6Zazd0Q0Ek6Jbho5HkwNiLgZ5EbjR6Bx15o3QXMI
0P7UJWhIX+jPJaDrN16dY8N8r9szlrPgaktpfTe3wL3MAk1L+KnvZ+ncM3iwXRZc
7D5QPE0Ft2IeGzDuIK0h7N57tc7FdHmXlj4ro4NXxindfVEG6QNOdqwhARGUQErI
WbxczY2ehdbuMmNJKudpRU9Qj70E/YlNU857vr01AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUx3VnEtqztk3q0dAxeeZugVjnt3gwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ViMDBhODIxLTQ0YzUtNGIyZS1hMWQwLTM5YjVkMGU1ZTY5ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFsi4wwDQYJKoZIhvcNAQELBQADggEBAAp3j6wCk2FZqFCb4S5hevSKOVYn
FhyHKhsy15oSrQdugQiVAFWHegESFiKah0Iv/dGrAeuTzo9z7IhvR/jzmfGE3QWa
PMjxPzmfMz0YbXyU0x+FZXyTWezZaUbpeNs7KUY/uePe0jeelmQrEkqdvL9GmYcN
eKo5H5POwDZbhweaBExthLiACZEB03gtucj5XFG3WhLQua0yvm8sRPqbQ1kZsXJP
rqMhs/1T846ohourdL5yankha7jxtFjPJSmbtGoAoUggBzn1GZ9Ut5+39Xon237a
tdrFVN1o9gmkDwgQFwwNI9C/Ssex8emJ1HOtTmMRJZ+p+lVDR9+NtILXrZs=
-----END CERTIFICATE-----