Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/af2ec907-ffb6-4c22-a884-4c64b9f09a12.roa
File:                     af2ec907-ffb6-4c22-a884-4c64b9f09a12.roa (raw, json)
Hash identifier:          0CMDVU0xLLGo0qY3+Rk/MCnjm5r6sfkyfJuahDbGDao=
Subject key identifier:   18:4A:63:8B:42:8B:A2:8D:FF:6D:0E:B7:1D:4B:13:EB:09:98:23:85
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2125F82A5FB6E91FDB1F89E08B1E2DDEABBB3EE1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/af2ec907-ffb6-4c22-a884-4c64b9f09a12.roa
Signing time:             Sat 15 Nov 2025 00:10:04 +0000
ROA not before:           Sat 15 Nov 2025 00:10:04 +0000
ROA not after:            Sat 20 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.175.48.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:25:f8:2a:5f:b6:e9:1f:db:1f:89:e0:8b:1e:2d:de:ab:bb:3e:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 15 00:10:04 2025 GMT
            Not After : Dec 20 23:59:59 2025 GMT
        Subject: serialNumber=921f18f34fde6cbb1824125f10caba399a73d3c6efe4a6306af0388ed8ff88a4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:d0:f6:17:5d:01:5f:3e:89:b6:7a:f3:5b:5f:
                    f7:1b:09:40:93:a3:91:48:89:0b:91:93:db:4b:de:
                    49:13:d1:26:1a:88:eb:62:bd:c3:c6:e9:7d:fe:1b:
                    63:e3:ea:e2:d0:18:5c:0e:6e:d8:82:d7:bb:ae:55:
                    9a:1f:f4:2c:df:35:0c:a8:37:3c:dd:a3:e2:32:41:
                    9b:c2:3d:f0:d3:42:e8:32:23:04:39:62:5c:e5:e8:
                    1f:45:5f:8e:67:60:16:fa:7b:68:0e:ad:70:ad:26:
                    c2:3f:d8:de:bb:17:fb:41:52:33:02:e0:ce:f4:ad:
                    13:0d:16:f8:3f:b7:d3:8a:26:c1:83:78:1d:d0:dc:
                    1e:8c:bd:e1:6c:a9:1a:45:df:c0:c5:c3:4a:9f:a1:
                    50:77:e0:bc:26:fc:a2:5c:77:46:4e:cb:77:01:d9:
                    c3:5c:95:f7:67:bc:13:4f:f9:73:8b:e8:f9:7d:55:
                    79:79:9d:ac:1b:b8:12:7d:ca:4b:49:2a:f8:94:27:
                    ed:d6:9e:30:49:17:b7:b2:1a:73:67:d7:d9:e6:64:
                    fd:2d:68:6d:4f:91:50:59:4b:94:3c:f2:ee:bd:62:
                    68:f8:a2:c6:b4:16:b8:39:53:80:b7:c9:30:47:e9:
                    37:e0:9b:24:a3:9f:02:41:23:16:9a:fe:21:9f:c2:
                    ad:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:4A:63:8B:42:8B:A2:8D:FF:6D:0E:B7:1D:4B:13:EB:09:98:23:85
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/af2ec907-ffb6-4c22-a884-4c64b9f09a12.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.175.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         37:a5:94:8b:26:8e:78:fa:24:60:da:97:0d:af:6c:d9:96:1b:
         f2:3f:81:16:fa:ff:de:79:e5:df:90:c4:9f:82:99:73:0e:88:
         0b:72:74:d6:8f:0d:ee:92:84:48:f8:a7:3d:63:b9:38:ae:01:
         fa:2c:ef:af:3d:68:da:c6:51:42:a2:70:53:86:2d:5d:71:c0:
         31:58:d7:3f:df:6e:fd:ec:08:fa:75:af:05:32:49:9d:93:2b:
         bf:85:e7:f1:8a:5c:61:54:f4:0c:e3:0b:ef:66:8b:1b:92:e6:
         b4:04:5d:d0:6f:e9:6e:4f:b7:9c:2f:8b:ab:dd:8a:00:bb:47:
         0f:46:cb:28:00:d5:bf:9b:3b:90:66:73:ab:8a:dd:48:5c:a7:
         d3:d2:1f:d9:48:21:f1:30:42:3c:ea:8a:d8:4d:c1:a9:22:c5:
         b2:5b:1a:7f:cc:9a:ad:76:70:a2:d4:d1:26:0a:b4:22:bd:4e:
         21:b8:ed:ea:b6:3c:46:8b:db:e3:4f:73:4a:e1:fc:2d:88:84:
         d2:2d:ab:6b:10:5e:a6:4f:bb:57:da:55:4b:94:6d:89:c3:4f:
         a9:35:cc:e0:ec:0b:f6:9f:36:d3:ff:e0:a1:5e:61:ef:48:a9:
         18:5e:3f:1b:7c:5f:69:f7:a1:41:46:e5:b2:6e:99:d1:9d:56:
         f5:c7:5e:90
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUISX4Kl+26R/bH4ngix4t3qu7PuEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTE1MDAxMDA0WhcNMjUxMjIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A5MjFmMThmMzRmZGU2Y2JiMTgyNDEyNWYxMGNhYmEzOTlh
NzNkM2M2ZWZlNGE2MzA2YWYwMzg4ZWQ4ZmY4OGE0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/0PYXXQFfPom2evNbX/cbCUCTo5FIiQuRk9tL3kkT0SYa
iOtivcPG6X3+G2Pj6uLQGFwObtiC17uuVZof9CzfNQyoNzzdo+IyQZvCPfDTQugy
IwQ5Ylzl6B9FX45nYBb6e2gOrXCtJsI/2N67F/tBUjMC4M70rRMNFvg/t9OKJsGD
eB3Q3B6MveFsqRpF38DFw0qfoVB34Lwm/KJcd0ZOy3cB2cNclfdnvBNP+XOL6Pl9
VXl5nawbuBJ9yktJKviUJ+3WnjBJF7eyGnNn19nmZP0taG1PkVBZS5Q88u69Ymj4
osa0Frg5U4C3yTBH6TfgmySjnwJBIxaa/iGfwq0RAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUGEpji0KLoo3/bQ63HUsT6wmYI4UwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FmMmVjOTA3LWZmYjYtNGMyMi1hODg0LTRjNjRiOWYwOWExMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJsrzAwDQYJKoZIhvcNAQELBQADggEBADellIsmjnj6JGDalw2vbNmWG/I/
gRb6/9555d+QxJ+CmXMOiAtydNaPDe6ShEj4pz1juTiuAfos7689aNrGUUKicFOG
LV1xwDFY1z/fbv3sCPp1rwUySZ2TK7+F5/GKXGFU9AzjC+9mixuS5rQEXdBv6W5P
t5wvi6vdigC7Rw9GyygA1b+bO5Bmc6uK3Uhcp9PSH9lIIfEwQjzqithNwakixbJb
Gn/Mmq12cKLU0SYKtCK9TiG47eq2PEaL2+NPc0rh/C2IhNItq2sQXqZPu1faVUuU
bYnDT6k1zODsC/afNtP/4KFeYe9IqRhePxt8X2n3oUFG5bJumdGdVvXHXpA=
-----END CERTIFICATE-----