Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0318ee56-d641-4263-b186-304284babaf9.roa
File:                     0318ee56-d641-4263-b186-304284babaf9.roa (raw, json)
Hash identifier:          Bfz5vwuTjDH99te51oDoY8xz79UROJWNczz3aZuKEnc=
Subject key identifier:   4E:F8:E8:95:0C:8D:02:F9:8C:65:5F:8C:DA:04:90:FE:64:6C:20:89
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       26F94F72241131F83F07DC3B782F494A79B1B966
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0318ee56-d641-4263-b186-304284babaf9.roa
Signing time:             Sun 19 Oct 2025 02:51:32 +0000
ROA not before:           Sun 19 Oct 2025 02:51:32 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.139.221.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:f9:4f:72:24:11:31:f8:3f:07:dc:3b:78:2f:49:4a:79:b1:b9:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 19 02:51:32 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=dc76a11c730ea62866c209444f59a13151a20947deaf860c0208330874dd6996, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:3e:bd:47:8f:bd:21:d8:e3:43:fb:bc:39:cf:
                    cd:19:c5:9e:10:9f:15:8d:14:f6:29:4d:38:2e:2b:
                    c9:2a:09:97:b9:cc:a7:64:15:df:f5:fb:3a:a0:a4:
                    7b:2c:28:ee:ef:f2:9b:78:33:a8:e4:7c:b0:84:67:
                    eb:68:bf:3f:6a:a6:2f:cd:df:37:e4:f8:45:1c:f4:
                    01:41:2a:00:0b:e6:42:18:d6:4d:8e:51:9b:bd:8c:
                    67:41:44:92:35:b2:e0:65:84:dc:38:d4:85:76:cb:
                    f2:8a:8a:0e:9a:db:f9:e4:77:60:cc:d8:3b:3f:1e:
                    f2:fd:de:88:4d:20:a0:69:05:21:8f:ee:90:7d:b7:
                    3f:24:3f:b0:ec:fd:ef:2a:5c:1f:44:06:69:ba:a9:
                    a5:3e:57:4e:ab:3e:b5:07:28:ff:8b:39:28:92:26:
                    86:08:f9:eb:1e:22:ee:16:5b:f6:7b:6e:38:35:f9:
                    18:a0:fa:6d:25:db:ea:55:fa:70:32:0f:79:b8:ef:
                    45:ed:b2:c4:ed:c7:ff:dc:96:cd:c1:c5:bf:03:5a:
                    7a:7b:f3:59:89:17:f9:2a:d2:4f:9e:fd:d2:eb:1f:
                    da:b9:c3:9a:86:ce:45:04:26:3c:55:fe:56:dc:f9:
                    f3:30:a0:94:5f:db:b6:6c:c8:92:f9:c2:eb:86:fe:
                    61:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:F8:E8:95:0C:8D:02:F9:8C:65:5F:8C:DA:04:90:FE:64:6C:20:89
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0318ee56-d641-4263-b186-304284babaf9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.139.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:bc:e2:6d:f1:20:9c:66:e8:e1:8f:50:d8:b4:be:4b:6d:00:
         04:ab:64:30:2a:8d:4b:ea:f4:64:5e:56:d2:1f:97:16:e9:8e:
         2a:e8:80:a2:57:56:84:1e:fb:90:65:1d:b4:13:b2:a6:a7:3e:
         94:4b:b2:5e:3d:32:fb:d7:04:e4:ee:e5:70:1f:8f:37:79:b2:
         33:a9:07:5c:05:6f:1d:27:59:aa:ab:be:37:2f:76:c1:58:a6:
         56:9b:6c:cf:57:56:47:dc:b6:88:cc:dc:81:ef:41:35:10:6a:
         fe:fb:8c:a6:51:c0:35:45:8c:07:24:9c:b4:17:4e:d7:7b:c5:
         97:19:c5:1d:a0:e6:c5:e7:58:e0:22:9c:19:49:dc:8e:f7:72:
         aa:ba:e2:69:96:af:35:88:e1:1c:2d:9f:7f:d4:2d:62:33:40:
         99:b8:60:af:3a:38:e6:f1:1e:48:e8:61:c0:c7:a8:60:e1:ae:
         21:16:d5:5f:96:d5:02:8a:1f:2c:9c:c1:6d:6c:3a:d7:15:36:
         7e:9f:b5:ab:5c:31:6f:3d:2a:35:93:ed:6e:4f:b4:2d:9d:d5:
         21:ee:db:49:d6:f2:57:fc:2c:57:84:ad:8c:2d:98:ae:a6:5b:
         8e:af:04:b1:25:bd:47:48:04:b8:98:d3:a9:07:b8:c4:52:e5:
         d4:81:77:59
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJvlPciQRMfg/B9w7eC9JSnmxuWYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE5MDI1MTMyWhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BkYzc2YTExYzczMGVhNjI4NjZjMjA5NDQ0ZjU5YTEzMTUx
YTIwOTQ3ZGVhZjg2MGMwMjA4MzMwODc0ZGQ2OTk2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0Pr1Hj70h2OND+7w5z80ZxZ4QnxWNFPYpTTguK8kqCZe5
zKdkFd/1+zqgpHssKO7v8pt4M6jkfLCEZ+tovz9qpi/N3zfk+EUc9AFBKgAL5kIY
1k2OUZu9jGdBRJI1suBlhNw41IV2y/KKig6a2/nkd2DM2Ds/HvL93ohNIKBpBSGP
7pB9tz8kP7Ds/e8qXB9EBmm6qaU+V06rPrUHKP+LOSiSJoYI+eseIu4WW/Z7bjg1
+Rig+m0l2+pV+nAyD3m470XtssTtx//cls3Bxb8DWnp781mJF/kq0k+e/dLrH9q5
w5qGzkUEJjxV/lbc+fMwoJRf27ZsyJL5wuuG/mEpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTvjolQyNAvmMZV+M2gSQ/mRsIIkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzAzMThlZTU2LWQ2NDEtNDI2My1iMTg2LTMwNDI4NGJhYmFmOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsi90wDQYJKoZIhvcNAQELBQADggEBAKq84m3xIJxm6OGPUNi0vkttAASr
ZDAqjUvq9GReVtIflxbpjirogKJXVoQe+5BlHbQTsqanPpRLsl49MvvXBOTu5XAf
jzd5sjOpB1wFbx0nWaqrvjcvdsFYplabbM9XVkfctojM3IHvQTUQav77jKZRwDVF
jAcknLQXTtd7xZcZxR2g5sXnWOAinBlJ3I73cqq64mmWrzWI4Rwtn3/ULWIzQJm4
YK86OObxHkjoYcDHqGDhriEW1V+W1QKKHyycwW1sOtcVNn6ftatcMW89KjWT7W5P
tC2d1SHu20nW8lf8LFeErYwtmK6mW46vBLElvUdIBLiY06kHuMRS5dSBd1k=
-----END CERTIFICATE-----