Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f8168978-c981-4d25-b95e-17a33f858c3a.roa
File:                     f8168978-c981-4d25-b95e-17a33f858c3a.roa (raw, json)
Hash identifier:          uxKqJTzyG9Pj5AM3Ure15UIdC3WHm4YgOnLdgWRkFgY=
Subject key identifier:   90:1E:BD:68:80:7C:F0:D1:24:E2:DE:C3:1E:C2:05:50:70:B3:08:5F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3AC510EB69C6A4A7B33565DEBB6ABD9E52AFF1E9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f8168978-c981-4d25-b95e-17a33f858c3a.roa
Signing time:             Mon 20 Oct 2025 03:12:06 +0000
ROA not before:           Mon 20 Oct 2025 03:12:06 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.138.24.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:c5:10:eb:69:c6:a4:a7:b3:35:65:de:bb:6a:bd:9e:52:af:f1:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 03:12:06 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=33ee0c7c9cbb098411e7c45124243d1f5f3b1c6926144908760715977dbc8375, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:a2:1b:93:cb:e9:83:6f:78:d4:fa:e4:55:8c:
                    1a:a8:4f:59:1c:50:c2:b4:39:54:12:2c:f2:90:38:
                    6e:1b:53:95:9e:90:c5:1f:4a:52:5a:16:b2:19:aa:
                    34:f4:9a:7d:9b:e2:dc:9d:ff:1b:4b:79:64:13:78:
                    0c:ee:11:53:77:f8:ad:77:43:61:70:db:c5:68:73:
                    8d:5d:15:ab:9b:97:d1:0c:27:66:6c:eb:be:7d:27:
                    ea:c4:f5:5a:22:3b:4d:3b:f3:d6:b2:d5:55:27:c3:
                    6a:c7:b2:b6:49:5c:5f:b1:00:dc:33:64:01:cc:e9:
                    fe:79:15:f5:91:b8:3d:c2:45:0d:51:82:e8:9d:ef:
                    a7:c8:7d:b8:9c:ce:3a:9e:6b:00:06:c6:13:8f:c5:
                    ba:3d:6e:f1:48:e1:c6:d1:ab:09:8a:fc:c1:43:7b:
                    6d:6f:4f:fc:27:62:06:d2:b0:8c:3b:ed:ba:e7:dc:
                    73:e9:16:ec:20:c5:b8:b0:2e:15:dd:50:44:6b:cf:
                    ae:02:7e:8a:04:98:63:ab:b3:70:28:5f:97:74:30:
                    33:68:db:7e:b1:cb:ec:e2:2b:18:71:a2:37:b6:3d:
                    60:e4:0d:94:61:4b:44:3d:de:ce:f4:19:3e:f5:9d:
                    fd:51:6a:46:99:c7:ff:a7:66:46:90:a9:de:5d:8f:
                    c5:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:1E:BD:68:80:7C:F0:D1:24:E2:DE:C3:1E:C2:05:50:70:B3:08:5F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f8168978-c981-4d25-b95e-17a33f858c3a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.138.24.0/21

    Signature Algorithm: sha256WithRSAEncryption
         b1:a8:c5:c2:1c:07:cf:03:fe:29:a2:43:c1:23:41:11:f6:5d:
         f5:b6:a5:3c:36:51:3f:09:17:68:49:6b:3e:54:44:e9:35:32:
         4a:b8:86:c5:37:d3:74:d6:dc:c1:6d:bc:b7:cf:85:bd:82:b2:
         f8:40:38:32:27:8b:82:30:b2:e5:87:87:e7:35:16:42:49:1b:
         ed:80:9d:a1:bc:e9:d6:be:bd:ee:54:31:5f:64:be:95:20:e9:
         cb:be:6d:ec:f8:35:29:3c:69:ee:a9:bf:0c:36:e2:a8:3e:2c:
         a6:3d:f3:76:e5:a0:73:bf:aa:5a:4b:57:df:09:81:ea:95:20:
         6c:0d:69:4f:21:4e:22:1e:87:d9:9d:87:19:81:99:66:d1:e6:
         37:e1:85:a6:bb:1e:97:c7:82:df:e9:50:e0:f5:7e:2f:c6:eb:
         16:2a:c2:3e:af:fc:fe:12:c8:a3:4a:86:4c:dd:f4:cf:f4:08:
         80:51:fb:87:50:27:af:fa:44:06:d0:3e:7a:b3:19:27:22:6f:
         c3:f7:04:4d:b8:d5:85:af:bb:0e:34:ed:2b:dc:b7:67:c2:c6:
         65:d7:10:51:28:10:b4:d9:b5:6e:91:96:0d:cf:29:8b:cb:dd:
         40:69:bb:b3:c6:02:25:6b:d1:72:c4:d3:52:20:d5:ff:28:93:
         6e:5c:7b:ca
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOsUQ62nGpKezNWXeu2q9nlKv8ekwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDMxMjA2WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AzM2VlMGM3YzljYmIwOTg0MTFlN2M0NTEyNDI0M2QxZjVm
M2IxYzY5MjYxNDQ5MDg3NjA3MTU5NzdkYmM4Mzc1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDYohuTy+mDb3jU+uRVjBqoT1kcUMK0OVQSLPKQOG4bU5We
kMUfSlJaFrIZqjT0mn2b4tyd/xtLeWQTeAzuEVN3+K13Q2Fw28Voc41dFaubl9EM
J2Zs6759J+rE9VoiO00789ay1VUnw2rHsrZJXF+xANwzZAHM6f55FfWRuD3CRQ1R
guid76fIfbiczjqeawAGxhOPxbo9bvFI4cbRqwmK/MFDe21vT/wnYgbSsIw77brn
3HPpFuwgxbiwLhXdUERrz64CfooEmGOrs3AoX5d0MDNo236xy+ziKxhxoje2PWDk
DZRhS0Q93s70GT71nf1RakaZx/+nZkaQqd5dj8U9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUkB69aIB88NEk4t7DHsIFUHCzCF8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Y4MTY4OTc4LWM5ODEtNGQyNS1iOTVlLTE3YTMzZjg1OGMzYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANsihgwDQYJKoZIhvcNAQELBQADggEBALGoxcIcB88D/imiQ8EjQRH2XfW2
pTw2UT8JF2hJaz5UROk1Mkq4hsU303TW3MFtvLfPhb2CsvhAODIni4IwsuWHh+c1
FkJJG+2AnaG86da+ve5UMV9kvpUg6cu+bez4NSk8ae6pvww24qg+LKY983bloHO/
qlpLV98JgeqVIGwNaU8hTiIeh9mdhxmBmWbR5jfhhaa7HpfHgt/pUOD1fi/G6xYq
wj6v/P4SyKNKhkzd9M/0CIBR+4dQJ6/6RAbQPnqzGScib8P3BE241YWvuw407Svc
t2fCxmXXEFEoELTZtW6Rlg3PKYvL3UBpu7PGAiVr0XLE01Ig1f8ok25ce8o=
-----END CERTIFICATE-----