Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/20e781e0-39cc-4ea9-8443-bd8124c8588f.roa
File:                     20e781e0-39cc-4ea9-8443-bd8124c8588f.roa (raw, json)
Hash identifier:          yh6a5EtY0AAsC68YM+pX5nTYydarpxmLcEkvzqVB0Jk=
Subject key identifier:   62:3B:7D:15:1C:30:03:BE:69:A9:D9:33:2F:33:F2:0F:A0:21:DC:38
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1C51DBEE2C26376355E5E37258355535047A035E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/20e781e0-39cc-4ea9-8443-bd8124c8588f.roa
Signing time:             Sun 19 Oct 2025 02:10:07 +0000
ROA not before:           Sun 19 Oct 2025 02:10:07 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.138.191.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:51:db:ee:2c:26:37:63:55:e5:e3:72:58:35:55:35:04:7a:03:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 19 02:10:07 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=6254808f69435090ce70265594599f7f4668958b56ea49221ef3fbd4ab82d053, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:45:fc:39:c0:62:31:f7:a8:49:f5:00:67:df:
                    a7:38:dd:0f:7a:00:ec:1a:41:13:17:81:d4:5b:f9:
                    46:0f:e8:59:30:22:fd:8a:da:30:89:81:a2:08:33:
                    84:88:5e:66:5e:1e:d8:9b:9b:58:49:ca:dd:32:f5:
                    a3:e1:dc:8e:0e:ce:64:20:e7:72:03:24:24:0a:ce:
                    b8:81:42:34:58:6b:c4:49:a2:ca:77:cb:30:a8:65:
                    24:df:ac:fc:bf:17:91:34:fe:1e:ab:75:86:5b:bf:
                    ba:ae:53:85:92:b0:2c:c6:5a:47:72:40:e7:7f:c9:
                    62:4a:e5:c7:65:22:75:78:c5:c3:e3:d2:60:7b:8f:
                    15:a3:67:39:90:f5:8e:b0:37:80:35:9c:65:da:80:
                    6c:b3:ff:13:af:2b:79:76:4e:11:6d:b4:4e:df:34:
                    93:80:86:ae:c0:d3:66:58:00:ab:52:70:85:ea:6e:
                    69:f0:75:3b:90:ca:35:f7:b3:60:58:9e:ad:e0:f7:
                    d0:7f:b6:4d:47:ac:4a:ae:61:32:58:50:94:34:c6:
                    53:43:e1:40:d0:8d:41:c2:a2:63:68:c5:ea:c8:df:
                    08:91:2a:7e:4e:3f:d7:12:8b:5e:0d:7d:6c:6a:1d:
                    76:b2:70:59:ce:e5:58:a5:e2:ed:d8:53:de:5c:89:
                    ef:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:3B:7D:15:1C:30:03:BE:69:A9:D9:33:2F:33:F2:0F:A0:21:DC:38
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/20e781e0-39cc-4ea9-8443-bd8124c8588f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.138.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:68:91:35:ee:75:61:63:55:fe:82:0f:2d:cb:4b:e3:5e:fc:
         f5:27:8d:f3:e7:47:0e:01:4c:41:6b:f6:51:9c:a6:ea:5d:39:
         e0:65:31:7f:e4:6c:7a:b0:07:0d:b3:5d:22:e2:15:c9:76:7f:
         e5:73:dd:3b:c9:00:39:f0:c6:a4:bf:e1:55:ea:7f:78:8c:63:
         57:3c:3e:39:cf:ef:36:1d:7f:bc:ac:28:f0:6e:0f:65:a7:0f:
         1f:3a:28:88:11:56:dc:0a:83:89:3e:08:5e:62:10:6b:50:06:
         49:73:ec:02:ba:44:79:77:a6:37:89:9a:95:30:4f:fa:bb:8d:
         95:fa:d3:f6:3a:54:70:3a:b6:a4:80:61:27:d7:91:2f:d0:a0:
         a4:3c:69:24:5a:18:24:ff:6a:f1:31:a5:b9:42:e0:35:fe:7a:
         74:b5:8c:02:e7:56:27:f2:d6:35:95:f8:7f:d8:09:e0:e4:76:
         14:36:82:42:1b:81:1d:5d:db:53:58:be:64:a2:8a:a1:b4:23:
         be:dd:83:d8:b5:55:d1:77:ee:b0:58:63:cb:ec:64:94:69:a5:
         16:68:aa:84:b4:0a:44:4b:73:8d:a7:f5:55:47:71:04:8a:bb:
         d8:13:ca:13:ae:e6:25:2b:1b:af:a4:79:5a:65:d5:bc:95:23:
         3c:e2:5b:e6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHFHb7iwmN2NV5eNyWDVVNQR6A14wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE5MDIxMDA3WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A2MjU0ODA4ZjY5NDM1MDkwY2U3MDI2NTU5NDU5OWY3ZjQ2
Njg5NThiNTZlYTQ5MjIxZWYzZmJkNGFiODJkMDUzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDURfw5wGIx96hJ9QBn36c43Q96AOwaQRMXgdRb+UYP6Fkw
Iv2K2jCJgaIIM4SIXmZeHtibm1hJyt0y9aPh3I4OzmQg53IDJCQKzriBQjRYa8RJ
osp3yzCoZSTfrPy/F5E0/h6rdYZbv7quU4WSsCzGWkdyQOd/yWJK5cdlInV4xcPj
0mB7jxWjZzmQ9Y6wN4A1nGXagGyz/xOvK3l2ThFttE7fNJOAhq7A02ZYAKtScIXq
bmnwdTuQyjX3s2BYnq3g99B/tk1HrEquYTJYUJQ0xlND4UDQjUHComNoxerI3wiR
Kn5OP9cSi14NfWxqHXaycFnO5Vil4u3YU95cie81AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYjt9FRwwA75pqdkzLzPyD6Ah3DgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzIwZTc4MWUwLTM5Y2MtNGVhOS04NDQzLWJkODEyNGM4NTg4Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsir8wDQYJKoZIhvcNAQELBQADggEBAIxokTXudWFjVf6CDy3LS+Ne/PUn
jfPnRw4BTEFr9lGcpupdOeBlMX/kbHqwBw2zXSLiFcl2f+Vz3TvJADnwxqS/4VXq
f3iMY1c8PjnP7zYdf7ysKPBuD2WnDx86KIgRVtwKg4k+CF5iEGtQBklz7AK6RHl3
pjeJmpUwT/q7jZX60/Y6VHA6tqSAYSfXkS/QoKQ8aSRaGCT/avExpblC4DX+enS1
jALnVify1jWV+H/YCeDkdhQ2gkIbgR1d21NYvmSiiqG0I77dg9i1VdF37rBYY8vs
ZJRppRZoqoS0CkRLc42n9VVHcQSKu9gTyhOu5iUrG6+keVpl1byVIzziW+Y=
-----END CERTIFICATE-----