Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/76a50aba-928d-40ed-ae93-1599ac7b1001.roa
File:                     76a50aba-928d-40ed-ae93-1599ac7b1001.roa (raw, json)
Hash identifier:          nMdbW9JjldTSaZ6vPgM8//eYL/GKxgtxDeBnTwA7FmM=
Subject key identifier:   18:4B:C0:50:6C:A4:11:17:E7:A4:47:41:CE:B5:F9:20:9A:C6:AD:94
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4371206D49F97F44FAD1DEB9B10984AE0DCA2DE4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/76a50aba-928d-40ed-ae93-1599ac7b1001.roa
Signing time:             Sun 19 Oct 2025 02:31:06 +0000
ROA not before:           Sun 19 Oct 2025 02:31:06 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.138.210.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:71:20:6d:49:f9:7f:44:fa:d1:de:b9:b1:09:84:ae:0d:ca:2d:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 19 02:31:06 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=6be9d5b34a718f654347564eb8afe9bfd6324458d0676e1f42dce25bd87643da, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:d0:76:65:1a:db:d0:8c:36:5c:6b:70:e4:0f:
                    f7:57:d4:74:11:3f:16:1e:50:cd:e8:a1:32:50:65:
                    44:33:f8:8e:b4:cf:23:7c:c7:40:29:47:76:78:90:
                    1d:bb:79:bd:f5:ec:48:be:17:c6:dc:09:70:e0:3a:
                    32:66:c0:56:7e:c7:8a:dc:c5:65:2b:10:4e:19:8c:
                    4d:8e:66:4f:4f:8e:fe:44:dd:6f:ee:11:bf:27:c6:
                    14:9e:d1:f8:17:11:31:f1:90:ac:17:ed:7e:0b:53:
                    d3:5f:1c:8a:aa:ef:85:75:d2:e1:a4:a4:ef:48:7c:
                    6f:ae:24:db:29:9a:fc:53:ca:16:56:90:9f:85:e0:
                    c1:0c:20:23:74:63:1e:21:0c:e1:a6:91:6a:51:2b:
                    58:ff:47:fb:bd:3f:e8:0a:aa:43:78:68:27:86:58:
                    4c:7c:47:ca:32:c7:94:b6:8d:6e:4c:8d:5f:22:b1:
                    68:38:92:5f:42:a9:b6:7c:e3:91:00:bd:3a:c6:ed:
                    8d:e7:ba:b1:82:b0:b9:17:30:80:38:9d:2d:5b:e2:
                    94:42:75:48:9f:48:ac:4b:2e:41:1f:70:b0:d9:10:
                    8c:82:52:08:93:9a:02:ad:41:5e:03:a9:53:63:3c:
                    b1:8e:69:19:82:15:ec:5f:64:cf:8d:9e:ac:cd:5b:
                    f0:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:4B:C0:50:6C:A4:11:17:E7:A4:47:41:CE:B5:F9:20:9A:C6:AD:94
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/76a50aba-928d-40ed-ae93-1599ac7b1001.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.138.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c3:a7:c4:0b:87:9d:ff:ce:9f:73:32:1a:ba:2e:98:81:1f:7b:
         e9:1e:23:cc:5a:70:19:99:7e:cf:54:ec:d0:9d:58:9c:57:bc:
         e6:fe:d2:aa:d5:49:44:2f:4b:ce:2f:cd:49:d5:e1:39:f3:5c:
         89:64:3a:41:54:d2:fb:cc:f1:8f:93:19:33:02:1d:1a:99:42:
         c5:26:e3:72:cc:35:e5:9b:2a:27:c9:53:8a:56:26:ac:9b:bb:
         2d:25:4b:2d:ec:00:d9:5a:30:9c:bb:e3:3a:ca:f3:2f:7b:c0:
         a3:1d:6e:f3:cd:17:9b:7c:8c:45:e3:ca:9d:e4:9d:d0:de:07:
         ac:2f:b8:e0:07:57:d6:d0:0e:08:68:d0:d5:d6:f2:88:e0:51:
         33:dc:25:3f:e0:3a:0a:61:d7:e9:f9:98:71:5b:a5:78:8b:ac:
         90:a4:04:fd:1f:bc:a3:d4:07:6f:7f:be:60:67:ab:51:2c:20:
         b3:3b:5a:a1:72:3d:d1:e3:64:1a:9d:52:eb:d5:6a:97:b2:07:
         1c:5e:c1:d1:75:71:f3:df:90:91:83:78:11:8e:07:29:13:8c:
         ec:12:ae:70:a2:03:63:9f:fa:5c:31:44:ec:8b:3a:a3:a6:0e:
         c4:a3:b1:b6:62:de:0c:65:7e:95:74:8a:5f:03:75:54:52:3b:
         84:21:97:71
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQ3EgbUn5f0T60d65sQmErg3KLeQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE5MDIzMTA2WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A2YmU5ZDViMzRhNzE4ZjY1NDM0NzU2NGViOGFmZTliZmQ2
MzI0NDU4ZDA2NzZlMWY0MmRjZTI1YmQ4NzY0M2RhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDS0HZlGtvQjDZca3DkD/dX1HQRPxYeUM3ooTJQZUQz+I60
zyN8x0ApR3Z4kB27eb317Ei+F8bcCXDgOjJmwFZ+x4rcxWUrEE4ZjE2OZk9Pjv5E
3W/uEb8nxhSe0fgXETHxkKwX7X4LU9NfHIqq74V10uGkpO9IfG+uJNspmvxTyhZW
kJ+F4MEMICN0Yx4hDOGmkWpRK1j/R/u9P+gKqkN4aCeGWEx8R8oyx5S2jW5MjV8i
sWg4kl9CqbZ845EAvTrG7Y3nurGCsLkXMIA4nS1b4pRCdUifSKxLLkEfcLDZEIyC
UgiTmgKtQV4DqVNjPLGOaRmCFexfZM+NnqzNW/BxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUGEvAUGykERfnpEdBzrX5IJrGrZQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzc2YTUwYWJhLTkyOGQtNDBlZC1hZTkzLTE1OTlhYzdiMTAwMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsitIwDQYJKoZIhvcNAQELBQADggEBAMOnxAuHnf/On3MyGroumIEfe+ke
I8xacBmZfs9U7NCdWJxXvOb+0qrVSUQvS84vzUnV4TnzXIlkOkFU0vvM8Y+TGTMC
HRqZQsUm43LMNeWbKifJU4pWJqybuy0lSy3sANlaMJy74zrK8y97wKMdbvPNF5t8
jEXjyp3kndDeB6wvuOAHV9bQDgho0NXW8ojgUTPcJT/gOgph1+n5mHFbpXiLrJCk
BP0fvKPUB29/vmBnq1EsILM7WqFyPdHjZBqdUuvVapeyBxxewdF1cfPfkJGDeBGO
BykTjOwSrnCiA2Of+lwxROyLOqOmDsSjsbZi3gxlfpV0il8DdVRSO4Qhl3E=
-----END CERTIFICATE-----