Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/21c30612-e417-404c-852a-11fe1157b5f6.roa
File:                     21c30612-e417-404c-852a-11fe1157b5f6.roa (raw, json)
Hash identifier:          H0mh+kYiqmlPGC/yeHJkycCqvSnEVRVlCI0GJpB1fiM=
Subject key identifier:   6A:36:F5:B9:06:F5:9E:82:A5:FC:00:DD:3F:70:64:D7:FA:9A:86:0A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6D0FD4246B07759A4C5B990932A2D4C9679BC339
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/21c30612-e417-404c-852a-11fe1157b5f6.roa
Signing time:             Mon 20 Oct 2025 00:50:55 +0000
ROA not before:           Mon 20 Oct 2025 00:50:55 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.158.254.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:0f:d4:24:6b:07:75:9a:4c:5b:99:09:32:a2:d4:c9:67:9b:c3:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 00:50:55 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=acdaf62f0c01819076fa7551bd0803ceb6edfcaa474b4f92f59c76c675f4e2df, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:d1:61:77:2f:0c:d5:09:38:bf:5f:12:e9:23:
                    41:f5:4c:d0:33:7d:ea:cc:fb:0a:ab:d2:2b:f3:df:
                    f6:d8:b2:bf:0b:d4:e7:45:03:61:01:3c:0b:0d:a0:
                    f8:f8:7b:92:d0:99:74:fd:63:b0:f9:6a:81:8c:c6:
                    97:19:0d:39:e0:75:ff:be:b9:ce:f1:7e:68:ed:6b:
                    62:4d:fd:2d:77:75:23:e9:bd:8e:9c:94:24:c8:89:
                    a8:b8:ef:09:2a:e9:e5:02:46:11:b9:7f:83:6e:8c:
                    31:e8:85:6d:c8:5c:2d:f4:a2:a3:1d:c8:de:f3:44:
                    6d:48:d5:73:13:00:6e:0e:b9:61:a1:6c:a1:35:12:
                    f8:9d:74:01:b3:8b:d9:dc:a7:a2:77:99:24:48:35:
                    04:9c:f6:6f:cd:f0:33:e1:7a:86:c5:cd:5b:ee:c5:
                    35:4d:91:e3:7f:40:dd:51:0b:ea:d8:de:9e:68:0a:
                    54:7e:a9:09:ed:6d:f2:05:9e:d5:c8:bd:be:ac:62:
                    e6:38:4c:a4:b8:9b:3e:a1:3c:21:52:80:74:3a:5b:
                    72:a7:f7:4a:3a:50:fa:70:50:30:6d:ea:77:17:ac:
                    7b:7f:01:5e:4c:45:69:14:04:8b:96:37:a8:cf:aa:
                    35:f9:6c:ec:a4:1f:7c:2d:3a:15:b2:53:9d:37:23:
                    86:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:36:F5:B9:06:F5:9E:82:A5:FC:00:DD:3F:70:64:D7:FA:9A:86:0A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/21c30612-e417-404c-852a-11fe1157b5f6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.158.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:9c:44:23:18:fe:1c:55:f0:8d:72:04:36:de:fa:82:f2:19:
         24:7e:35:b4:2a:dd:2e:ec:21:6c:ad:89:34:f9:b5:2f:c6:9a:
         49:14:cf:47:64:7f:14:dc:6d:00:bf:a5:f8:87:91:32:a7:ee:
         a8:9a:e7:db:18:70:d3:26:27:29:b8:30:9a:ca:a5:1f:ed:e1:
         b7:5c:09:6e:1d:0c:e5:73:f5:b5:55:e1:fb:6e:2b:cc:07:f9:
         e2:88:1e:3e:8b:b8:ba:49:8a:e4:5a:7d:be:63:be:38:cc:11:
         c2:51:95:ab:78:a1:c4:49:0a:d9:3d:5b:be:18:b3:95:73:d5:
         0b:75:21:58:67:d4:04:30:4f:34:97:7d:a3:28:53:a8:c9:10:
         b3:1f:89:00:89:2b:3a:ae:d4:7a:60:93:91:45:92:ee:3d:35:
         d3:8c:1a:7e:e0:5a:8e:85:a4:33:55:76:bb:5b:1f:3f:f8:de:
         f6:ee:1d:35:1f:d9:f9:2f:79:06:3e:56:f8:a2:5a:92:96:ca:
         c9:6a:b2:c1:40:c7:6e:dd:03:b7:0f:b7:40:83:ec:16:07:dd:
         ef:07:d9:6c:2d:49:15:2a:64:75:47:a7:7b:cb:c1:f6:e0:a1:
         c3:4d:af:e4:67:62:36:37:02:81:f8:1b:a1:ff:bc:0a:fa:0a:
         68:d4:b9:de
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbQ/UJGsHdZpMW5kJMqLUyWebwzkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDA1MDU1WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BhY2RhZjYyZjBjMDE4MTkwNzZmYTc1NTFiZDA4MDNjZWI2
ZWRmY2FhNDc0YjRmOTJmNTljNzZjNjc1ZjRlMmRmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDk0WF3LwzVCTi/XxLpI0H1TNAzferM+wqr0ivz3/bYsr8L
1OdFA2EBPAsNoPj4e5LQmXT9Y7D5aoGMxpcZDTngdf++uc7xfmjta2JN/S13dSPp
vY6clCTIiai47wkq6eUCRhG5f4NujDHohW3IXC30oqMdyN7zRG1I1XMTAG4OuWGh
bKE1EviddAGzi9ncp6J3mSRINQSc9m/N8DPheobFzVvuxTVNkeN/QN1RC+rY3p5o
ClR+qQntbfIFntXIvb6sYuY4TKS4mz6hPCFSgHQ6W3Kn90o6UPpwUDBt6ncXrHt/
AV5MRWkUBIuWN6jPqjX5bOykH3wtOhWyU503I4bVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUajb1uQb1noKl/ADdP3Bk1/qahgowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzIxYzMwNjEyLWU0MTctNDA0Yy04NTJhLTExZmUxMTU3YjVmNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsnv4wDQYJKoZIhvcNAQELBQADggEBABmcRCMY/hxV8I1yBDbe+oLyGSR+
NbQq3S7sIWytiTT5tS/GmkkUz0dkfxTcbQC/pfiHkTKn7qia59sYcNMmJym4MJrK
pR/t4bdcCW4dDOVz9bVV4ftuK8wH+eKIHj6LuLpJiuRafb5jvjjMEcJRlat4ocRJ
Ctk9W74Ys5Vz1Qt1IVhn1AQwTzSXfaMoU6jJELMfiQCJKzqu1Hpgk5FFku49NdOM
Gn7gWo6FpDNVdrtbHz/43vbuHTUf2fkveQY+VviiWpKWyslqssFAx27dA7cPt0CD
7BYH3e8H2WwtSRUqZHVHp3vLwfbgocNNr+RnYjY3AoH4G6H/vAr6CmjUud4=
-----END CERTIFICATE-----