Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7348f0df-6f19-40d6-9e42-976e31c31105.roa
File:                     7348f0df-6f19-40d6-9e42-976e31c31105.roa (raw, json)
Hash identifier:          XDPM++j2oZU/gWBqsoFSPzP7A9dfOKvosKL+Bipc3d8=
Subject key identifier:   D5:63:B9:5A:BC:C2:5F:75:A4:A5:7D:6A:F7:68:8C:91:7D:D3:E1:81
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5424FBB9F8618606661523AF3448B12110522AFF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7348f0df-6f19-40d6-9e42-976e31c31105.roa
Signing time:             Mon 20 Oct 2025 05:22:12 +0000
ROA not before:           Mon 20 Oct 2025 05:22:12 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.158.110.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:24:fb:b9:f8:61:86:06:66:15:23:af:34:48:b1:21:10:52:2a:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 05:22:12 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=ce98afb70ec6b7a233ffacadcb8ada257e29a463bf4a10432bc6f550110e369c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:13:5e:7f:ab:67:88:7d:d7:88:5c:9c:3c:36:
                    55:1f:2a:b7:0f:14:a0:68:56:b5:de:72:39:95:ab:
                    73:ca:78:ab:87:31:2e:a1:d8:59:ba:5d:7f:d4:90:
                    9c:e2:96:76:be:bb:f2:29:2a:64:14:e8:fa:b7:63:
                    3c:bb:39:1e:fd:ad:f7:f8:c8:45:8a:22:99:c3:b3:
                    ec:a9:e5:f3:c0:d9:22:36:c4:8d:91:4b:9d:83:b1:
                    c2:7c:ad:ea:e4:c4:92:52:e4:43:6f:5e:42:53:cf:
                    14:d0:b8:fe:fc:c1:ed:1a:e6:d8:f6:db:de:94:82:
                    8c:c0:aa:55:ba:70:3f:a6:4f:73:cb:ca:c2:fe:3f:
                    74:f3:0e:24:47:4f:cd:24:1b:aa:0b:2c:70:e2:42:
                    78:07:f3:e9:22:15:5c:07:b2:73:58:9f:71:ad:b9:
                    bf:e4:b4:2b:e8:f1:6b:e0:e8:2c:5f:a5:1d:a0:0a:
                    55:c1:04:1a:aa:db:c8:74:d1:79:1e:c2:37:bb:14:
                    8c:af:60:2d:09:88:33:f3:79:83:3c:59:11:63:f6:
                    09:c8:57:f7:d0:68:0b:73:03:1c:38:43:bf:f5:6a:
                    f0:70:8e:81:01:6a:12:0c:e9:48:7b:da:0f:e4:bf:
                    99:81:b9:b7:97:c5:20:b4:a2:69:f5:21:25:5c:54:
                    5f:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:63:B9:5A:BC:C2:5F:75:A4:A5:7D:6A:F7:68:8C:91:7D:D3:E1:81
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7348f0df-6f19-40d6-9e42-976e31c31105.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.158.110.0/23

    Signature Algorithm: sha256WithRSAEncryption
         60:70:af:a1:b3:15:ba:83:f7:e9:69:2c:ae:fc:96:a2:68:f3:
         ca:fb:0b:73:08:24:10:86:82:61:9a:0e:11:0c:4e:18:4e:f6:
         c6:af:cc:70:fd:76:c4:96:65:dd:d7:99:c0:b5:c6:7c:09:dc:
         54:7b:28:72:ed:01:48:5b:1e:39:ba:11:8e:11:13:1e:ea:1b:
         31:c3:95:37:ee:e0:0e:d7:50:e9:ad:a7:c5:61:ea:c3:05:75:
         30:ed:8e:a6:93:6f:fd:3a:0b:d9:1d:bb:19:5f:f4:84:6d:eb:
         1b:46:96:7c:fc:ea:45:04:7f:08:eb:4a:7e:02:d2:f5:69:36:
         45:c5:b9:36:61:b6:30:9f:81:fb:e9:64:e1:4e:21:e2:9f:47:
         84:4c:4b:e3:61:2a:1a:a9:07:14:d7:eb:f3:42:38:3f:94:5d:
         f2:8e:c8:6f:77:97:75:97:00:63:be:59:e3:e4:41:b9:7b:a9:
         01:9f:c9:40:e2:dc:66:5b:7c:a7:e6:bb:29:51:db:c2:a0:b7:
         ed:f1:42:b6:77:65:52:20:a0:89:bd:ec:80:f2:e0:6f:71:45:
         4f:a2:71:2f:d9:40:24:4d:6a:b2:e3:3d:72:ab:67:1b:67:95:
         a9:47:28:e1:de:de:1e:95:0e:ba:22:51:50:3d:63:4e:7b:5e:
         96:02:ba:16
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVCT7ufhhhgZmFSOvNEixIRBSKv8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDUyMjEyWhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BjZTk4YWZiNzBlYzZiN2EyMzNmZmFjYWRjYjhhZGEyNTdl
MjlhNDYzYmY0YTEwNDMyYmM2ZjU1MDExMGUzNjljMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCwE15/q2eIfdeIXJw8NlUfKrcPFKBoVrXecjmVq3PKeKuH
MS6h2Fm6XX/UkJzilna+u/IpKmQU6Pq3Yzy7OR79rff4yEWKIpnDs+yp5fPA2SI2
xI2RS52DscJ8rerkxJJS5ENvXkJTzxTQuP78we0a5tj2296UgozAqlW6cD+mT3PL
ysL+P3TzDiRHT80kG6oLLHDiQngH8+kiFVwHsnNYn3Gtub/ktCvo8Wvg6CxfpR2g
ClXBBBqq28h00Xkewje7FIyvYC0JiDPzeYM8WRFj9gnIV/fQaAtzAxw4Q7/1avBw
joEBahIM6Uh72g/kv5mBubeXxSC0omn1ISVcVF/PAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU1WO5WrzCX3WkpX1q92iMkX3T4YEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzczNDhmMGRmLTZmMTktNDBkNi05ZTQyLTk3NmUzMWMzMTEwNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFsnm4wDQYJKoZIhvcNAQELBQADggEBAGBwr6GzFbqD9+lpLK78lqJo88r7
C3MIJBCGgmGaDhEMThhO9savzHD9dsSWZd3XmcC1xnwJ3FR7KHLtAUhbHjm6EY4R
Ex7qGzHDlTfu4A7XUOmtp8Vh6sMFdTDtjqaTb/06C9kduxlf9IRt6xtGlnz86kUE
fwjrSn4C0vVpNkXFuTZhtjCfgfvpZOFOIeKfR4RMS+NhKhqpBxTX6/NCOD+UXfKO
yG93l3WXAGO+WePkQbl7qQGfyUDi3GZbfKfmuylR28Kgt+3xQrZ3ZVIgoIm97IDy
4G9xRU+icS/ZQCRNarLjPXKrZxtnlalHKOHe3h6VDroiUVA9Y057XpYCuhY=
-----END CERTIFICATE-----