Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/70d6251e-8714-4601-b095-d9ae0c987172.roa
File:                     70d6251e-8714-4601-b095-d9ae0c987172.roa (raw, json)
Hash identifier:          g3x6bukiV8XjSfEvZux9XjLisnLg84B2A30/HqZi7R0=
Subject key identifier:   73:CF:E8:B3:4F:3A:E4:AD:B0:6F:7B:8E:94:71:79:C9:EB:A9:1F:57
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6DC8EBFFA2BC3D9E6ACE28DA0FA531EDF1A2EA93
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/70d6251e-8714-4601-b095-d9ae0c987172.roa
Signing time:             Sun 19 Oct 2025 02:30:16 +0000
ROA not before:           Sun 19 Oct 2025 02:30:16 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.139.150.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:c8:eb:ff:a2:bc:3d:9e:6a:ce:28:da:0f:a5:31:ed:f1:a2:ea:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 19 02:30:16 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=3be30113f7aea92a85e1f3335d96b2bba93824e8876b25155a39a291430b7f29, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:69:de:a8:04:56:f6:3d:7c:3d:9c:9c:51:cd:
                    6e:ba:58:55:5c:36:d8:d7:47:c1:fb:31:14:0d:61:
                    3d:33:ce:f5:67:73:31:b4:b0:b1:bb:2c:f7:ad:f3:
                    24:4b:d7:cf:63:29:f2:cd:9e:22:3d:99:7a:58:06:
                    b3:88:e5:e9:52:06:a7:0a:3a:d3:c6:f2:0e:3a:e1:
                    89:fa:5f:cf:44:e0:1e:ac:dc:23:5c:66:b4:ac:06:
                    b3:ef:ec:3e:75:10:13:0e:8c:dc:72:c2:bd:eb:d3:
                    32:4c:8b:82:ef:bc:6e:c5:6d:2b:62:d9:a3:44:37:
                    8a:38:16:40:7d:72:46:76:b8:09:b7:53:b1:d1:83:
                    d5:ba:14:c9:d3:8a:16:af:b6:e0:3c:d4:07:06:ab:
                    99:78:b4:e5:bc:76:b4:7f:9d:12:d0:fd:e8:43:b4:
                    71:56:15:67:a1:72:56:2e:ab:6a:d6:d9:b8:42:09:
                    a9:b4:7d:31:ce:1f:3c:0a:10:6b:a8:7d:0a:de:8a:
                    fb:3c:82:98:21:a9:82:7c:4e:4d:8f:1f:23:22:7e:
                    4b:c1:18:5e:f1:76:b0:65:82:34:c9:46:56:ac:9e:
                    dd:b2:a2:2b:7b:25:0a:df:2e:4e:a5:b5:c3:bd:f6:
                    d5:f8:23:84:dd:db:94:83:e5:79:9b:df:af:2f:97:
                    f9:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:CF:E8:B3:4F:3A:E4:AD:B0:6F:7B:8E:94:71:79:C9:EB:A9:1F:57
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/70d6251e-8714-4601-b095-d9ae0c987172.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.139.150.0/23

    Signature Algorithm: sha256WithRSAEncryption
         89:be:94:46:d5:95:d5:7b:a3:7a:47:00:cf:e3:87:fa:3a:f3:
         4b:34:d8:66:6e:7c:46:a5:1d:24:84:66:c6:8d:3e:13:0b:51:
         d1:10:39:c3:a6:24:7c:87:03:6f:ce:24:9d:54:ab:a6:5d:b6:
         0d:06:fc:b5:4e:0a:02:f1:7b:62:14:c2:8d:cb:7e:f2:fd:05:
         70:4b:92:44:ab:78:98:6f:22:c7:94:04:83:e3:22:76:8a:6d:
         e9:ed:e1:37:b3:86:ce:32:d3:3e:6e:68:44:b0:3b:52:7b:18:
         a3:e5:22:d4:71:78:1e:44:b6:cc:6a:d6:3c:49:b9:8d:3e:56:
         b2:bb:99:22:76:f0:9e:6d:35:d6:f2:d1:58:99:53:7c:c4:1b:
         9c:80:e6:6a:8b:33:75:b8:ac:e5:a1:21:aa:c9:51:38:10:d7:
         c6:eb:eb:00:bc:c8:00:95:79:ff:a5:8d:be:1a:bf:9e:12:97:
         e9:d4:fb:d9:ab:73:37:52:12:6e:7f:7d:e3:d5:06:78:24:30:
         e7:70:a0:34:6e:8d:fe:2f:fa:b8:31:10:3f:1a:cd:57:0a:5e:
         fa:0d:bf:19:d0:89:1c:4a:65:88:82:ca:86:fa:7b:dd:9d:67:
         bd:1b:75:fd:43:8f:f4:fb:bd:44:0b:bc:c8:70:66:06:e3:33:
         01:6d:77:34
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbcjr/6K8PZ5qzijaD6Ux7fGi6pMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE5MDIzMDE2WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0AzYmUzMDExM2Y3YWVhOTJhODVlMWYzMzM1ZDk2YjJiYmE5
MzgyNGU4ODc2YjI1MTU1YTM5YTI5MTQzMGI3ZjI5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDSad6oBFb2PXw9nJxRzW66WFVcNtjXR8H7MRQNYT0zzvVn
czG0sLG7LPet8yRL189jKfLNniI9mXpYBrOI5elSBqcKOtPG8g464Yn6X89E4B6s
3CNcZrSsBrPv7D51EBMOjNxywr3r0zJMi4LvvG7FbSti2aNEN4o4FkB9ckZ2uAm3
U7HRg9W6FMnTihavtuA81AcGq5l4tOW8drR/nRLQ/ehDtHFWFWehclYuq2rW2bhC
Cam0fTHOHzwKEGuofQreivs8gpghqYJ8Tk2PHyMifkvBGF7xdrBlgjTJRlasnt2y
oit7JQrfLk6ltcO99tX4I4Td25SD5Xmb368vl/lDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUc8/os0865K2wb3uOlHF5yeupH1cwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzcwZDYyNTFlLTg3MTQtNDYwMS1iMDk1LWQ5YWUwYzk4NzE3Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFsi5YwDQYJKoZIhvcNAQELBQADggEBAIm+lEbVldV7o3pHAM/jh/o680s0
2GZufEalHSSEZsaNPhMLUdEQOcOmJHyHA2/OJJ1Uq6Zdtg0G/LVOCgLxe2IUwo3L
fvL9BXBLkkSreJhvIseUBIPjInaKbent4Tezhs4y0z5uaESwO1J7GKPlItRxeB5E
tsxq1jxJuY0+VrK7mSJ28J5tNdby0ViZU3zEG5yA5mqLM3W4rOWhIarJUTgQ18br
6wC8yACVef+ljb4av54Sl+nU+9mrczdSEm5/fePVBngkMOdwoDRujf4v+rgxED8a
zVcKXvoNvxnQiRxKZYiCyob6e92dZ70bdf1Dj/T7vUQLvMhwZgbjMwFtdzQ=
-----END CERTIFICATE-----