Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/01354fe9-49d5-499b-a144-8b84e3c52446.roa
File:                     01354fe9-49d5-499b-a144-8b84e3c52446.roa (raw, json)
Hash identifier:          3UqWsMuR4WElUDiFnQd5nZVdw1MCKLsSo4ykKs0lg0U=
Subject key identifier:   7E:CC:4B:00:BA:00:8A:85:5B:D2:49:EB:85:7C:3F:0F:BC:40:29:E4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5C238EE6C024694D9D058783F65F595AF9C23132
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/01354fe9-49d5-499b-a144-8b84e3c52446.roa
Signing time:             Mon 20 Oct 2025 06:10:49 +0000
ROA not before:           Mon 20 Oct 2025 06:10:49 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.158.224.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:23:8e:e6:c0:24:69:4d:9d:05:87:83:f6:5f:59:5a:f9:c2:31:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 06:10:49 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=5db321a6b58d5f440fd3f2bac09b9df41888bec5672ac682bdca34f82b9cdc11, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:08:54:7d:18:12:1d:c0:e2:0f:d3:3f:73:b3:
                    2b:28:54:6c:e7:29:ab:15:f3:fb:73:af:71:65:19:
                    10:b6:bf:0e:d4:88:1a:07:56:6c:00:8b:6d:68:5c:
                    c3:fe:bf:61:b1:31:8c:56:8d:ef:12:26:d2:0d:e6:
                    78:c5:fd:8d:e9:cf:bf:ae:e0:9a:f4:ff:9a:28:21:
                    61:96:8e:67:62:0a:6e:26:4c:48:ea:ba:34:f6:af:
                    f7:6f:95:29:d8:09:1b:83:9c:4c:22:02:a4:7d:88:
                    3b:41:3b:a3:16:4f:02:d7:d8:65:3c:3c:dd:8e:92:
                    19:5a:e5:ea:ff:38:6a:ba:94:bd:df:87:43:01:e7:
                    ab:fd:21:8e:f7:59:75:a8:99:b7:4e:c2:1a:a5:d4:
                    0c:ae:db:95:80:0d:d8:18:68:f2:0d:e4:5d:33:e1:
                    2e:7e:a5:e2:8a:12:0a:6c:db:e8:75:97:d6:1c:ca:
                    c1:bd:30:84:4d:04:22:d9:cb:93:66:b3:b8:e5:ee:
                    aa:87:f7:13:ee:c6:a2:6a:bd:74:a0:d7:e1:6d:ee:
                    4f:58:0b:b5:89:a5:a3:6d:d3:19:f6:39:b5:c1:0e:
                    a1:23:a4:e2:fc:fe:e2:01:19:96:22:65:09:c4:d0:
                    6c:3c:04:7d:b6:60:bb:6c:95:d7:87:80:28:3b:f7:
                    e6:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:CC:4B:00:BA:00:8A:85:5B:D2:49:EB:85:7C:3F:0F:BC:40:29:E4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/01354fe9-49d5-499b-a144-8b84e3c52446.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.158.224.0/23

    Signature Algorithm: sha256WithRSAEncryption
         af:22:42:30:ac:9a:15:81:26:71:07:c2:49:2e:47:d8:d9:bc:
         bc:cb:0a:f6:01:7d:32:71:7b:3d:8a:c3:7b:3a:71:57:5c:5e:
         9c:3e:ec:d5:ab:d4:b5:b0:bd:07:39:2e:25:fe:4d:90:70:9e:
         d1:69:3f:60:9a:32:41:63:c9:3f:77:29:fa:50:73:a2:b3:34:
         7b:87:7d:c3:ce:28:c8:fe:3b:ee:f3:73:ae:8b:d3:90:e0:e0:
         e1:74:98:c6:fc:00:4e:db:09:6f:38:96:20:76:92:08:94:67:
         a6:8d:eb:b5:83:85:b8:f1:fd:74:ec:fa:22:a4:7c:38:26:a6:
         a4:68:b9:1a:2f:d9:9e:82:9a:32:e6:0e:1c:44:f4:89:6f:88:
         f5:fd:06:df:52:c2:dc:74:d2:c7:a8:9c:37:f5:e5:38:c9:e2:
         ff:83:a2:ef:70:d3:44:66:b1:2f:6d:24:e0:a5:1d:fe:c2:b2:
         7f:8c:e2:a2:27:be:af:c4:04:48:f1:ce:c7:bb:0e:97:1b:40:
         46:84:7a:04:2b:7c:dc:64:74:c2:9d:74:d1:87:12:fd:ec:56:
         23:09:e9:47:8e:0c:4c:c9:84:a4:2c:8c:17:ce:14:9f:45:21:
         2b:3d:55:3a:fb:1f:8c:3e:ca:93:39:1f:5f:59:9a:70:f4:dd:
         ea:e5:7f:06
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXCOO5sAkaU2dBYeD9l9ZWvnCMTIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDYxMDQ5WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A1ZGIzMjFhNmI1OGQ1ZjQ0MGZkM2YyYmFjMDliOWRmNDE4
ODhiZWM1NjcyYWM2ODJiZGNhMzRmODJiOWNkYzExMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDpCFR9GBIdwOIP0z9zsysoVGznKasV8/tzr3FlGRC2vw7U
iBoHVmwAi21oXMP+v2GxMYxWje8SJtIN5njF/Y3pz7+u4Jr0/5ooIWGWjmdiCm4m
TEjqujT2r/dvlSnYCRuDnEwiAqR9iDtBO6MWTwLX2GU8PN2Okhla5er/OGq6lL3f
h0MB56v9IY73WXWombdOwhql1Ayu25WADdgYaPIN5F0z4S5+peKKEgps2+h1l9Yc
ysG9MIRNBCLZy5Nms7jl7qqH9xPuxqJqvXSg1+Ft7k9YC7WJpaNt0xn2ObXBDqEj
pOL8/uIBGZYiZQnE0Gw8BH22YLtsldeHgCg79+ZhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUfsxLALoAioVb0knrhXw/D7xAKeQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzAxMzU0ZmU5LTQ5ZDUtNDk5Yi1hMTQ0LThiODRlM2M1MjQ0Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFsnuAwDQYJKoZIhvcNAQELBQADggEBAK8iQjCsmhWBJnEHwkkuR9jZvLzL
CvYBfTJxez2Kw3s6cVdcXpw+7NWr1LWwvQc5LiX+TZBwntFpP2CaMkFjyT93KfpQ
c6KzNHuHfcPOKMj+O+7zc66L05Dg4OF0mMb8AE7bCW84liB2kgiUZ6aN67WDhbjx
/XTs+iKkfDgmpqRouRov2Z6CmjLmDhxE9IlviPX9Bt9Swtx00seonDf15TjJ4v+D
ou9w00RmsS9tJOClHf7Csn+M4qInvq/EBEjxzse7DpcbQEaEegQrfNxkdMKddNGH
Ev3sViMJ6UeODEzJhKQsjBfOFJ9FISs9VTr7H4w+ypM5H19ZmnD03erlfwY=
-----END CERTIFICATE-----