Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/17fab3f7-8265-4a02-94d3-4a21987c0492.roa
File:                     17fab3f7-8265-4a02-94d3-4a21987c0492.roa (raw, json)
Hash identifier:          HoMPg6U+8pWjjRlpDwojIHFaUdiJjSY9APlySsxdBfw=
Subject key identifier:   CD:CB:C9:DF:EB:8F:A5:53:28:68:40:3B:8A:02:8C:3C:83:4C:43:65
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1FDA6482203AC4D28C5B7605FD254B089DB0B6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/17fab3f7-8265-4a02-94d3-4a21987c0492.roa
Signing time:             Mon 20 Oct 2025 02:10:08 +0000
ROA not before:           Mon 20 Oct 2025 02:10:08 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.158.204.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:da:64:82:20:3a:c4:d2:8c:5b:76:05:fd:25:4b:08:9d:b0:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 02:10:08 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=c897472577586ff1084ef9a451c352f7759a316871b56859362820d14d309caf, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:25:e3:38:2d:7a:28:ab:c7:52:77:65:09:5d:
                    3d:9e:de:9a:48:03:0e:fc:cf:ef:72:f8:75:b0:11:
                    61:05:96:a8:04:3e:09:af:50:08:49:13:7c:66:51:
                    e8:5e:c5:78:1f:fe:59:21:4d:e8:a2:b9:74:de:a2:
                    40:33:f4:64:8b:41:f0:76:5c:91:9a:7f:d6:38:01:
                    5e:52:f9:f1:bf:a7:6d:15:98:d3:da:93:b2:ad:c8:
                    49:25:bb:b1:67:c8:2f:dd:4a:e7:bb:61:b1:95:5f:
                    d3:ce:d5:39:81:2c:db:59:c9:3c:0d:ea:c9:7b:d3:
                    e3:64:79:29:d2:35:09:93:9c:c9:18:97:80:c6:56:
                    55:3c:6e:e7:da:3b:0a:2d:ff:84:00:b7:cd:25:93:
                    83:ec:03:4e:c6:ef:56:00:5c:be:24:20:59:53:ea:
                    9e:ab:f7:dc:3d:e3:ec:e6:53:48:53:4a:63:0e:81:
                    81:37:eb:94:50:19:4a:35:e1:10:ce:ff:5b:52:13:
                    30:3e:46:2e:26:5d:07:ba:53:b2:0f:f1:ec:28:14:
                    b6:6c:66:7b:fa:5a:8f:0f:7e:64:00:03:f7:d5:f3:
                    8c:65:3e:44:a7:57:69:a7:4e:22:8f:77:33:0b:a2:
                    e1:52:b9:d6:39:9b:4a:cd:46:0c:d9:6f:b3:20:f8:
                    e3:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:CB:C9:DF:EB:8F:A5:53:28:68:40:3B:8A:02:8C:3C:83:4C:43:65
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/17fab3f7-8265-4a02-94d3-4a21987c0492.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.158.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         21:d6:12:19:c4:bb:e8:36:69:61:df:4b:b4:7d:18:48:19:3b:
         6e:85:0d:9f:a6:16:34:13:ff:cf:e9:dc:57:f3:8f:6f:8f:51:
         8b:9e:87:23:12:57:29:83:95:11:31:f6:de:2f:d8:02:5f:d5:
         b8:a8:44:b1:f2:de:7e:3c:0d:22:3b:12:77:df:e7:38:83:48:
         b6:1a:e9:a5:5e:37:2d:63:4a:5b:93:58:69:1e:a2:97:93:cc:
         62:50:17:af:72:3a:f1:ae:1a:cb:84:da:2b:6f:06:e4:94:bd:
         ac:03:bf:ed:d0:d5:3c:3a:fd:30:09:4f:9a:1e:bd:e3:58:b9:
         a3:37:c3:d4:be:cc:11:d2:de:00:28:1e:4d:60:81:7d:6a:83:
         65:9d:57:5f:03:36:a8:65:46:f0:43:25:83:65:26:f6:4e:b1:
         3c:5d:bb:32:fe:f0:36:23:51:11:8d:6b:fa:5f:75:18:f5:d1:
         26:31:1b:58:cf:a0:d6:0b:2a:15:c7:d9:68:5f:dc:50:94:4a:
         4e:08:dd:35:0c:2d:57:6a:d6:08:a9:74:85:19:be:7f:6e:be:
         31:e0:e0:60:2e:f5:e0:7c:f1:05:75:f0:7e:20:23:e1:09:38:
         8f:73:6f:23:b7:8c:45:17:f2:ee:3d:f0:1b:ff:7a:c9:ed:ed:
         d7:62:7e:0c
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgITH9pkgiA6xNKMW3YF/SVLCJ2wtjANBgkqhkiG9w0BAQsF
ADA9MTswOQYDVQQDEzI2ZWQ4OGNhZDExZmVhYzc3NDQ5ZjAxOGQ0MmJlMzU4ZWIz
NzEwN2RiZThjYjcxZDBhNzAeFw0yNTEwMjAwMjEwMDhaFw0yNTExMjQyMzU5NTla
MHoxSTBHBgNVBAUTQGM4OTc0NzI1Nzc1ODZmZjEwODRlZjlhNDUxYzM1MmY3NzU5
YTMxNjg3MWI1Njg1OTM2MjgyMGQxNGQzMDljYWYxLTArBgNVBAMTJGIyNWM5NzBm
LWQ4MTMtNDQ1Yy1iZmUyLTYyNjY4NTE4Yzg3ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKQl4zgteiirx1J3ZQldPZ7emkgDDvzP73L4dbARYQWWqAQ+
Ca9QCEkTfGZR6F7FeB/+WSFN6KK5dN6iQDP0ZItB8HZckZp/1jgBXlL58b+nbRWY
09qTsq3ISSW7sWfIL91K57thsZVf087VOYEs21nJPA3qyXvT42R5KdI1CZOcyRiX
gMZWVTxu59o7Ci3/hAC3zSWTg+wDTsbvVgBcviQgWVPqnqv33D3j7OZTSFNKYw6B
gTfrlFAZSjXhEM7/W1ITMD5GLiZdB7pTsg/x7CgUtmxme/pajw9+ZAAD99XzjGU+
RKdXaadOIo93Mwui4VK51jmbSs1GDNlvsyD4440CAwEAAaOCArEwggKtMB0GA1Ud
DgQWBBTNy8nf64+lUyhoQDuKAow8g0xDZTAfBgNVHSMEGDAWgBQQXdeNVXhAq0Nd
vRUhII8p+kk/rjAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHg
BggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2Fy
aW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMv
MmEyNDY5NDctMmQ2Mi00YTZjLWJhMDUtODcxODdmMDA5OWIyLzFiYTMwMmI4LThk
YWItNDkxZC1iOWVkLWQ3YzkyZDAzMGQ4Mi82ZWQ4OGNhZDExZmVhYzc3NDQ5ZjAx
OGQ0MmJlMzU4ZWIzNzEwN2RiZThjYjcxZDBhNy5jZXIwgZ4GCCsGAQUFBwELBIGR
MIGOMIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8yMGFhMzI5Yi1mYzUyLTRjNjEtYmY1My0wOTcy
NWMwNDI5NDIvMTdmYWIzZjctODI2NS00YTAyLTk0ZDMtNGEyMTk4N2MwNDkyLnJv
YTCBiAYDVR0fBIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0
LTIuYW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMt
MDk3MjVjMDQyOTQyL19xeDNSSjhCalVLLU5ZNnpjUWZiNk10eDBLYy5jcmwwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAmyezDANBgkqhkiG9w0BAQsFAAOCAQEAIdYSGcS76DZpYd9LtH0YSBk7boUN
n6YWNBP/z+ncV/OPb49Ri56HIxJXKYOVETH23i/YAl/VuKhEsfLefjwNIjsSd9/n
OINIthrppV43LWNKW5NYaR6il5PMYlAXr3I68a4ay4TaK28G5JS9rAO/7dDVPDr9
MAlPmh6941i5ozfD1L7MEdLeACgeTWCBfWqDZZ1XXwM2qGVG8EMlg2Um9k6xPF27
Mv7wNiNREY1r+l91GPXRJjEbWM+g1gsqFcfZaF/cUJRKTgjdNQwtV2rWCKl0hRm+
f26+MeDgYC714HzxBXXwfiAj4Qk4j3NvI7eMRRfy7j3wG/96ye3t12J+DA==
-----END CERTIFICATE-----