Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/23f9fd5d-e71c-4c3a-a21a-0d767b6a3268.roa
File:                     23f9fd5d-e71c-4c3a-a21a-0d767b6a3268.roa (raw, json)
Hash identifier:          b35UQXMJv+VMJRzrjw2mME9imNYlBkVWz4CVXiDR6KI=
Subject key identifier:   5C:5C:B7:A5:22:31:DD:77:EC:25:E0:71:49:55:37:8F:22:44:2F:7A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4A36E422D4E2315A3BFF64ADF82198F25C5CD954
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/23f9fd5d-e71c-4c3a-a21a-0d767b6a3268.roa
Signing time:             Mon 20 Oct 2025 04:32:28 +0000
ROA not before:           Mon 20 Oct 2025 04:32:28 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.139.128.0/20 maxlen: 20
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:36:e4:22:d4:e2:31:5a:3b:ff:64:ad:f8:21:98:f2:5c:5c:d9:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 04:32:28 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=c10d03266ba2c810e242e8a6c3ca1a2823dbce4095a6cf5a62d1d5ee03c0a34f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:66:60:1d:98:80:f0:d2:1c:a1:d9:2b:66:51:
                    cd:20:70:3d:5b:1a:15:a2:2e:46:04:0d:4e:ea:19:
                    1d:8b:88:2d:e0:21:12:5f:d5:3d:9a:44:18:42:15:
                    21:7f:d4:d7:26:4b:80:52:2e:5b:e6:50:2d:b9:9f:
                    ce:cf:ae:0d:ac:ab:f5:13:97:35:52:fc:b1:66:fd:
                    3e:c9:ad:c2:4a:11:b6:9f:9b:2a:5c:69:b4:ff:24:
                    af:92:2a:28:c8:2d:8c:0c:05:d2:e7:d8:61:68:d5:
                    26:45:b1:c3:92:b6:c0:e8:eb:c3:84:61:6b:19:51:
                    ea:ba:76:90:9b:f4:2f:33:db:db:44:13:45:3a:65:
                    eb:01:a2:db:e8:d4:2a:8a:2c:62:3b:bf:7c:54:a0:
                    b5:76:12:7b:77:ce:ec:18:dd:bc:9c:ad:cf:f5:37:
                    24:0a:6d:40:c4:71:8d:1a:04:ac:ac:bf:84:70:3a:
                    a9:37:0a:9a:af:29:10:eb:9e:bf:15:d1:fe:92:25:
                    2e:d7:3d:8b:05:40:3b:24:6a:e5:a7:14:11:d1:af:
                    d2:fb:30:f9:6b:e3:2c:21:a5:7b:12:0d:79:f2:9a:
                    fc:eb:f3:63:af:6d:9a:93:36:d2:46:9f:34:16:60:
                    11:ff:9c:e5:3a:80:35:c5:bd:98:af:06:57:87:ae:
                    55:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:5C:B7:A5:22:31:DD:77:EC:25:E0:71:49:55:37:8F:22:44:2F:7A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/23f9fd5d-e71c-4c3a-a21a-0d767b6a3268.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.139.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         56:2d:68:1e:dc:e2:f9:87:bd:a2:2b:d7:76:45:2e:9e:69:53:
         77:13:26:39:0e:37:a3:f8:a7:49:cd:05:56:00:23:6e:eb:8d:
         3a:b6:2c:4b:f9:89:80:6f:6d:34:09:36:63:cb:f0:ee:f2:a2:
         17:5f:9c:eb:ef:ec:29:7f:55:0b:96:83:b8:39:d9:a4:fb:e0:
         4a:20:7a:8e:a2:8c:12:e0:27:56:e1:78:85:5e:b8:06:4f:55:
         1c:35:4b:dd:b8:e4:54:4e:86:0b:cc:ff:6a:b0:0a:6c:cf:10:
         bf:3f:f6:88:f5:40:64:00:a9:95:9b:fd:3e:b6:0d:37:15:cb:
         e9:21:6c:a1:89:13:bc:45:bb:91:6a:8c:e9:f8:24:fc:ec:8b:
         c9:10:df:40:b3:56:87:57:59:86:c2:e2:52:2e:0a:bc:c0:2b:
         62:06:9a:0a:b0:5f:ad:c8:ad:93:fd:9b:2b:cf:e5:a2:8a:3c:
         f4:d4:27:a9:9d:f8:69:4b:09:12:42:aa:5f:a4:08:3e:c5:e3:
         47:a0:83:ea:4a:c3:07:6c:6b:b3:d7:42:d3:fd:3f:cc:bb:05:
         76:42:b2:53:e1:57:4d:ad:bc:25:82:a4:6f:af:af:8f:6a:49:
         e0:15:cb:45:1e:65:89:80:d1:fb:67:f0:27:2e:ef:5f:c1:c3:
         39:57:92:3a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSjbkItTiMVo7/2St+CGY8lxc2VQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDQzMjI4WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BjMTBkMDMyNjZiYTJjODEwZTI0MmU4YTZjM2NhMWEyODIz
ZGJjZTQwOTVhNmNmNWE2MmQxZDVlZTAzYzBhMzRmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDIZmAdmIDw0hyh2StmUc0gcD1bGhWiLkYEDU7qGR2LiC3g
IRJf1T2aRBhCFSF/1NcmS4BSLlvmUC25n87Prg2sq/UTlzVS/LFm/T7JrcJKEbaf
mypcabT/JK+SKijILYwMBdLn2GFo1SZFscOStsDo68OEYWsZUeq6dpCb9C8z29tE
E0U6ZesBotvo1CqKLGI7v3xUoLV2Ent3zuwY3bycrc/1NyQKbUDEcY0aBKysv4Rw
Oqk3CpqvKRDrnr8V0f6SJS7XPYsFQDskauWnFBHRr9L7MPlr4ywhpXsSDXnymvzr
82OvbZqTNtJGnzQWYBH/nOU6gDXFvZivBleHrlU9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUXFy3pSIx3XfsJeBxSVU3jyJEL3owHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzIzZjlmZDVkLWU3MWMtNGMzYS1hMjFhLTBkNzY3YjZhMzI2OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBARsi4AwDQYJKoZIhvcNAQELBQADggEBAFYtaB7c4vmHvaIr13ZFLp5pU3cT
JjkON6P4p0nNBVYAI27rjTq2LEv5iYBvbTQJNmPL8O7yohdfnOvv7Cl/VQuWg7g5
2aT74Eogeo6ijBLgJ1bheIVeuAZPVRw1S9245FROhgvM/2qwCmzPEL8/9oj1QGQA
qZWb/T62DTcVy+khbKGJE7xFu5FqjOn4JPzsi8kQ30CzVodXWYbC4lIuCrzAK2IG
mgqwX63IrZP9myvP5aKKPPTUJ6md+GlLCRJCql+kCD7F40egg+pKwwdsa7PXQtP9
P8y7BXZCslPhV02tvCWCpG+vr49qSeAVy0UeZYmA0ftn8Ccu71/BwzlXkjo=
-----END CERTIFICATE-----