Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3df13c10-9522-4a73-9ac9-be3b2ef2e32a.roa
File:                     3df13c10-9522-4a73-9ac9-be3b2ef2e32a.roa (raw, json)
Hash identifier:          mk04x17oTciPmxypc5gulSdPJAUgWC55BeeXAJJ0kj0=
Subject key identifier:   F1:AF:2F:6A:D7:C9:63:E4:82:5F:8C:FE:F9:FF:04:92:C9:27:FC:37
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       48021E7D093F7A848599A423FD10EE3471D99F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3df13c10-9522-4a73-9ac9-be3b2ef2e32a.roa
Signing time:             Mon 20 Oct 2025 00:30:57 +0000
ROA not before:           Mon 20 Oct 2025 00:30:57 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.138.4.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:02:1e:7d:09:3f:7a:84:85:99:a4:23:fd:10:ee:34:71:d9:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 00:30:57 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=15970221c77e272bd87c8a94f5a534f386676679328999d1b1449fb555082659, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:bd:57:53:7e:45:13:53:1e:2a:b2:48:84:fa:
                    54:5a:5b:1e:db:f7:98:5c:22:d7:9b:f0:e8:0a:f8:
                    2e:90:4b:3b:10:78:22:06:c9:3b:1e:d9:bf:d6:b5:
                    8f:b9:c0:b2:ef:c2:09:4e:40:7b:42:27:c1:17:36:
                    ca:27:d3:c5:68:54:11:c7:70:9a:a6:61:7b:fd:83:
                    2e:60:44:2d:f8:2c:40:62:4f:86:c3:1c:70:d4:8c:
                    9f:56:63:af:87:d5:61:c3:4a:10:31:14:99:88:3e:
                    e3:fb:3e:3f:12:92:07:2a:e1:b9:6b:01:93:9f:32:
                    7a:72:e8:d4:e4:eb:ee:7c:0d:57:5c:67:cc:5a:6e:
                    91:f2:12:34:37:6d:ed:c7:24:f7:de:b7:62:39:05:
                    1b:d4:e8:ac:0a:71:fc:d9:81:6b:a7:23:a5:ff:ef:
                    e0:80:c8:10:42:5e:da:0c:14:a3:fb:7b:f6:b7:e7:
                    b6:99:0d:09:b8:54:36:23:86:d6:51:c1:57:ef:9a:
                    34:92:26:82:c8:0d:81:63:b1:d4:1d:c0:39:f8:39:
                    2a:8b:f6:36:cf:5d:14:55:bf:db:8b:72:33:ff:7a:
                    fc:58:a6:b6:4d:6f:19:44:96:aa:f1:aa:d4:4e:ac:
                    f1:36:34:0b:2d:fe:58:36:37:e1:19:68:36:44:82:
                    2b:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:AF:2F:6A:D7:C9:63:E4:82:5F:8C:FE:F9:FF:04:92:C9:27:FC:37
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3df13c10-9522-4a73-9ac9-be3b2ef2e32a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.138.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2b:a0:69:5e:ca:c8:c8:7f:52:02:bd:19:d6:85:0a:29:6e:9e:
         14:f6:a3:2b:be:c6:bd:2c:99:f7:43:6e:7d:cb:eb:48:6e:85:
         16:44:a7:50:da:b9:42:59:29:9c:33:18:55:28:16:9a:5d:0a:
         c3:96:1d:e8:02:a2:0b:9e:57:ac:f8:42:1d:1c:19:7d:9e:dc:
         10:e9:ce:07:d5:85:65:65:f6:bb:78:40:8f:34:37:cb:ec:c2:
         0b:51:0a:a2:45:7b:9f:de:d5:de:eb:c1:3f:c3:8a:37:39:98:
         1f:c4:58:89:85:e4:e9:43:08:a5:b6:20:3f:36:1d:a7:42:62:
         fa:07:99:95:8e:2c:1f:cc:4c:17:0a:6e:ad:25:75:e5:23:2e:
         1d:72:a6:f6:2d:b7:7e:e7:3b:43:e6:2f:60:ad:af:18:2e:cf:
         0d:b9:0d:21:a3:64:6f:68:de:93:32:6d:55:6a:68:58:be:e3:
         a2:04:4e:f9:51:ec:1c:4b:de:17:f0:9a:a0:5d:db:9b:26:e2:
         8e:8b:56:f8:ae:48:71:16:f8:da:81:4e:fe:72:66:4b:c1:6a:
         1e:52:9d:ce:8c:15:b3:16:d8:dd:6e:36:24:6c:da:9e:ef:4d:
         bd:1d:b2:a6:9e:5e:27:77:49:80:a8:5a:f4:75:f3:04:71:dd:
         6b:1f:eb:cb
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgITSAIefQk/eoSFmaQj/RDuNHHZnzANBgkqhkiG9w0BAQsF
ADA9MTswOQYDVQQDEzI2ZWQ4OGNhZDExZmVhYzc3NDQ5ZjAxOGQ0MmJlMzU4ZWIz
NzEwN2RiZThjYjcxZDBhNzAeFw0yNTEwMjAwMDMwNTdaFw0yNTExMjQyMzU5NTla
MHoxSTBHBgNVBAUTQDE1OTcwMjIxYzc3ZTI3MmJkODdjOGE5NGY1YTUzNGYzODY2
NzY2NzkzMjg5OTlkMWIxNDQ5ZmI1NTUwODI2NTkxLTArBgNVBAMTJGIyNWM5NzBm
LWQ4MTMtNDQ1Yy1iZmUyLTYyNjY4NTE4Yzg3ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAM29V1N+RRNTHiqySIT6VFpbHtv3mFwi15vw6Ar4LpBLOxB4
IgbJOx7Zv9a1j7nAsu/CCU5Ae0InwRc2yifTxWhUEcdwmqZhe/2DLmBELfgsQGJP
hsMccNSMn1Zjr4fVYcNKEDEUmYg+4/s+PxKSByrhuWsBk58yenLo1OTr7nwNV1xn
zFpukfISNDdt7cck9963YjkFG9TorApx/NmBa6cjpf/v4IDIEEJe2gwUo/t79rfn
tpkNCbhUNiOG1lHBV++aNJImgsgNgWOx1B3AOfg5Kov2Ns9dFFW/24tyM/96/Fim
tk1vGUSWqvGq1E6s8TY0Cy3+WDY34RloNkSCK38CAwEAAaOCArEwggKtMB0GA1Ud
DgQWBBTxry9q18lj5IJfjP75/wSSySf8NzAfBgNVHSMEGDAWgBQQXdeNVXhAq0Nd
vRUhII8p+kk/rjAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHg
BggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2Fy
aW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMv
MmEyNDY5NDctMmQ2Mi00YTZjLWJhMDUtODcxODdmMDA5OWIyLzFiYTMwMmI4LThk
YWItNDkxZC1iOWVkLWQ3YzkyZDAzMGQ4Mi82ZWQ4OGNhZDExZmVhYzc3NDQ5ZjAx
OGQ0MmJlMzU4ZWIzNzEwN2RiZThjYjcxZDBhNy5jZXIwgZ4GCCsGAQUFBwELBIGR
MIGOMIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8yMGFhMzI5Yi1mYzUyLTRjNjEtYmY1My0wOTcy
NWMwNDI5NDIvM2RmMTNjMTAtOTUyMi00YTczLTlhYzktYmUzYjJlZjJlMzJhLnJv
YTCBiAYDVR0fBIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0
LTIuYW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMt
MDk3MjVjMDQyOTQyL19xeDNSSjhCalVLLU5ZNnpjUWZiNk10eDBLYy5jcmwwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAmyKBDANBgkqhkiG9w0BAQsFAAOCAQEAK6BpXsrIyH9SAr0Z1oUKKW6eFPaj
K77GvSyZ90NufcvrSG6FFkSnUNq5QlkpnDMYVSgWml0Kw5Yd6AKiC55XrPhCHRwZ
fZ7cEOnOB9WFZWX2u3hAjzQ3y+zCC1EKokV7n97V3uvBP8OKNzmYH8RYiYXk6UMI
pbYgPzYdp0Ji+geZlY4sH8xMFwpurSV15SMuHXKm9i23fuc7Q+YvYK2vGC7PDbkN
IaNkb2jekzJtVWpoWL7jogRO+VHsHEveF/CaoF3bmybijotW+K5IcRb42oFO/nJm
S8FqHlKdzowVsxbY3W42JGzanu9NvR2ypp5eJ3dJgKha9HXzBHHdax/ryw==
-----END CERTIFICATE-----