Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5ecb9dc0-166e-4535-9e83-21a7126d6a1c.roa
File:                     5ecb9dc0-166e-4535-9e83-21a7126d6a1c.roa (raw, json)
Hash identifier:          KFfEmw9PaVb1pE6NAZaqFz7AQtB5wswF17mx6nVIV+U=
Subject key identifier:   1D:DA:E1:B5:12:2A:DB:F8:F2:E8:AD:3A:AC:0A:BE:BB:DE:86:50:75
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2B0AC515DFA1390BA8CC7348D9776D89D3710FFA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5ecb9dc0-166e-4535-9e83-21a7126d6a1c.roa
Signing time:             Sun 19 Oct 2025 03:00:38 +0000
ROA not before:           Sun 19 Oct 2025 03:00:38 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.138.24.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:0a:c5:15:df:a1:39:0b:a8:cc:73:48:d9:77:6d:89:d3:71:0f:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 19 03:00:38 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=6bc7a0e83715c260e649eeb8d97f2f5d2e4ec562568140fcd6514198da14b82e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:44:67:39:dd:d7:5e:22:e4:b4:21:78:b8:d5:
                    99:4e:8b:42:bc:d7:dd:9d:cb:c3:ff:af:bf:07:91:
                    bc:7a:3d:ce:66:52:dc:5d:e8:c4:f8:d0:9e:46:df:
                    64:73:d7:0f:7f:a4:db:d0:95:72:32:c3:6b:b5:61:
                    e3:30:46:79:cf:f8:b4:81:7d:60:3a:9b:eb:4e:1c:
                    d9:60:22:d1:9c:19:a3:4e:ae:ae:42:2e:ca:51:89:
                    50:9d:75:aa:36:ba:d6:7e:6e:7f:ee:c8:ac:8e:10:
                    b4:58:d6:6b:36:43:3f:04:59:cc:98:88:5b:d5:cf:
                    e7:cf:15:21:ed:b2:6b:50:66:3e:43:b5:6f:0e:b1:
                    86:f8:9d:68:ff:cf:9f:84:42:eb:a5:8e:88:2b:5c:
                    e5:4e:e2:15:18:24:71:89:4d:98:40:f2:f8:fc:e9:
                    fa:a8:d2:92:91:d1:8d:21:04:fa:4c:05:97:a7:7e:
                    bb:42:d3:4a:f6:ac:c0:d3:a0:9e:56:3e:58:d4:f7:
                    7a:32:21:e8:b5:05:35:c2:46:b8:0e:c2:c1:c1:72:
                    38:5c:25:a7:fa:fe:e4:35:45:e7:ac:85:22:e5:12:
                    d3:9d:a7:e5:f2:b8:86:32:82:63:17:38:fd:ef:3e:
                    87:c9:12:3a:f7:0e:7b:8f:90:8d:38:93:5a:8b:f9:
                    a0:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:DA:E1:B5:12:2A:DB:F8:F2:E8:AD:3A:AC:0A:BE:BB:DE:86:50:75
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5ecb9dc0-166e-4535-9e83-21a7126d6a1c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.138.24.0/23

    Signature Algorithm: sha256WithRSAEncryption
         22:3a:06:3c:df:88:bd:7e:c8:d0:97:67:57:1c:ef:cf:37:4d:
         34:4b:75:01:30:4f:46:ea:3f:6b:69:bf:a5:98:4c:13:f3:9e:
         3f:ba:10:33:e6:08:bf:cf:08:0d:df:b5:ae:f7:5d:11:41:62:
         f5:5e:11:1e:1d:47:3c:ce:40:5e:d0:53:03:98:95:ff:83:0d:
         1b:c6:3c:08:bc:07:54:48:2f:f8:c5:b7:e8:59:18:44:5b:ac:
         d5:a1:d1:10:e7:45:cd:be:4d:26:a4:73:e4:53:c1:8d:19:8a:
         1b:f3:33:46:e0:3d:b1:c1:24:98:4d:47:e2:f3:41:84:f5:35:
         bb:fb:52:5b:85:fc:c3:9b:4e:6a:53:2b:0e:2e:38:cf:e7:98:
         a6:11:8f:9e:dd:8c:e0:f0:1b:6c:88:39:0b:66:fd:a4:1a:6e:
         23:bb:4c:29:ae:49:88:8d:d2:55:0a:f9:d6:7d:7b:be:f3:be:
         71:40:b8:0e:a6:cf:15:49:fe:24:86:c5:6a:1e:71:fa:ca:e2:
         c6:98:fa:ba:7d:97:d7:bd:d2:f2:d3:ef:c0:71:65:b9:18:43:
         53:e8:ae:2f:92:fc:8c:96:80:d7:5f:75:73:63:15:fd:6f:4c:
         83:c5:dd:07:84:ef:d7:aa:b7:22:37:c9:41:8c:3a:cf:e4:1a:
         e7:11:07:fe
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKwrFFd+hOQuozHNI2XdtidNxD/owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE5MDMwMDM4WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A2YmM3YTBlODM3MTVjMjYwZTY0OWVlYjhkOTdmMmY1ZDJl
NGVjNTYyNTY4MTQwZmNkNjUxNDE5OGRhMTRiODJlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCjRGc53ddeIuS0IXi41ZlOi0K8192dy8P/r78Hkbx6Pc5m
Utxd6MT40J5G32Rz1w9/pNvQlXIyw2u1YeMwRnnP+LSBfWA6m+tOHNlgItGcGaNO
rq5CLspRiVCddao2utZ+bn/uyKyOELRY1ms2Qz8EWcyYiFvVz+fPFSHtsmtQZj5D
tW8OsYb4nWj/z5+EQuuljogrXOVO4hUYJHGJTZhA8vj86fqo0pKR0Y0hBPpMBZen
frtC00r2rMDToJ5WPljU93oyIei1BTXCRrgOwsHBcjhcJaf6/uQ1ReeshSLlEtOd
p+XyuIYygmMXOP3vPofJEjr3DnuPkI04k1qL+aC1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHdrhtRIq2/jy6K06rAq+u96GUHUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzVlY2I5ZGMwLTE2NmUtNDUzNS05ZTgzLTIxYTcxMjZkNmExYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFsihgwDQYJKoZIhvcNAQELBQADggEBACI6BjzfiL1+yNCXZ1cc7883TTRL
dQEwT0bqP2tpv6WYTBPznj+6EDPmCL/PCA3fta73XRFBYvVeER4dRzzOQF7QUwOY
lf+DDRvGPAi8B1RIL/jFt+hZGERbrNWh0RDnRc2+TSakc+RTwY0ZihvzM0bgPbHB
JJhNR+LzQYT1Nbv7UluF/MObTmpTKw4uOM/nmKYRj57djODwG2yIOQtm/aQabiO7
TCmuSYiN0lUK+dZ9e77zvnFAuA6mzxVJ/iSGxWoecfrK4saY+rp9l9e90vLT78Bx
ZbkYQ1Pori+S/IyWgNdfdXNjFf1vTIPF3QeE79eqtyI3yUGMOs/kGucRB/4=
-----END CERTIFICATE-----