Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/95376f01-1b9c-4029-a621-57e489a0d69f.roa
File:                     95376f01-1b9c-4029-a621-57e489a0d69f.roa (raw, json)
Hash identifier:          UZtVhZR/wD1wq+f/89X9FsAOyKMnB862YEw/QNzrMGg=
Subject key identifier:   9B:39:A4:93:51:5A:4B:09:36:A8:F5:B5:2F:69:4E:CB:5B:76:53:A8
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2F89A52E6DDFE4FB642E5D40B10D72B4840A9F5F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/95376f01-1b9c-4029-a621-57e489a0d69f.roa
Signing time:             Mon 20 Oct 2025 04:41:27 +0000
ROA not before:           Mon 20 Oct 2025 04:41:27 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.158.122.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:89:a5:2e:6d:df:e4:fb:64:2e:5d:40:b1:0d:72:b4:84:0a:9f:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 04:41:27 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=61e02ff538fbcde3cfe39237e992504b12f19ee5c2bf2bd006a84bab96f49f54, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:a5:10:35:80:75:4a:b7:9c:2e:99:62:6c:63:
                    6d:8b:42:09:0f:7a:58:83:d8:26:e6:44:b8:aa:8d:
                    01:eb:28:83:6d:c5:94:96:49:09:72:b9:6c:ad:c6:
                    c1:df:d3:9b:9a:bb:67:5d:2d:1b:1d:a2:94:d7:49:
                    57:89:37:34:4b:72:43:3a:26:d2:61:26:fb:3a:92:
                    0d:ac:49:df:38:4e:88:5a:ac:9d:00:de:98:ee:15:
                    03:df:20:35:f1:2a:7b:c2:55:65:45:57:71:f2:8a:
                    bc:10:f3:65:d1:85:df:d2:1d:76:5d:73:67:8f:79:
                    8c:30:1a:48:13:87:97:85:2c:90:3a:c0:8c:f7:32:
                    16:24:fd:6d:86:e5:8f:a3:03:1d:88:3f:8b:13:56:
                    34:44:50:52:b1:50:82:24:09:26:c1:b9:24:c2:56:
                    ef:e9:eb:6b:92:d5:a9:e9:1f:ae:c7:95:8c:9f:5e:
                    af:b6:b1:6c:a6:98:8f:1a:4c:bf:04:07:88:32:14:
                    00:2e:fb:0e:7e:9e:da:4e:16:c8:da:16:9e:4e:26:
                    cb:ee:6c:b1:2a:0a:2a:ec:2c:bb:35:0c:3c:a8:56:
                    2b:be:e5:1a:0d:51:85:ef:e3:16:da:ad:ef:d6:52:
                    f4:db:e6:8f:c3:6b:fd:10:74:12:4c:4d:0d:d0:40:
                    a9:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:39:A4:93:51:5A:4B:09:36:A8:F5:B5:2F:69:4E:CB:5B:76:53:A8
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/95376f01-1b9c-4029-a621-57e489a0d69f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.158.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8b:19:c3:97:82:1f:0c:ae:18:4f:1c:9e:0b:9f:ea:6e:3d:54:
         dc:65:c3:ab:5f:3c:ec:ce:4e:8d:12:6f:f8:27:0c:dd:43:aa:
         d1:1e:9b:60:4c:bc:8a:c8:a5:a7:47:6a:2e:3f:ad:32:ca:73:
         d5:32:a6:43:3f:62:38:81:d9:f0:c7:17:f1:8b:8f:5d:d5:6e:
         34:33:f9:1c:0d:19:8e:21:c9:db:b4:fc:4d:dc:92:1e:bd:a0:
         1d:96:6d:e7:43:6c:20:52:de:23:66:c0:c1:85:ff:91:c6:46:
         3d:48:75:0b:2b:6c:33:7b:53:25:d4:c3:c5:b4:10:1f:87:b8:
         3e:8d:40:84:46:b9:21:c5:e9:dc:e4:54:62:1a:49:15:b9:33:
         8e:59:9e:58:54:96:da:b5:eb:c4:41:cd:ac:10:92:92:fd:64:
         a0:66:df:82:b9:ae:9e:ab:98:3e:4c:30:3e:2f:81:01:53:59:
         4a:0f:bc:fd:7a:7a:37:a3:cd:12:4e:52:19:2f:cf:22:5f:10:
         00:fe:0f:8b:73:ee:ad:22:3f:6a:a1:a4:f3:f9:38:32:a8:93:
         7f:ce:b4:06:cd:74:ae:d1:07:2f:83:20:7e:1a:27:06:a5:02:
         87:19:c3:9a:e6:f9:1d:18:36:bd:12:b5:2a:7f:a4:90:0b:82:
         64:be:dd:52
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUL4mlLm3f5PtkLl1AsQ1ytIQKn18wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDQ0MTI3WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MWUwMmZmNTM4ZmJjZGUzY2ZlMzkyMzdlOTkyNTA0YjEy
ZjE5ZWU1YzJiZjJiZDAwNmE4NGJhYjk2ZjQ5ZjU0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDIpRA1gHVKt5wumWJsY22LQgkPeliD2CbmRLiqjQHrKINt
xZSWSQlyuWytxsHf05uau2ddLRsdopTXSVeJNzRLckM6JtJhJvs6kg2sSd84Toha
rJ0A3pjuFQPfIDXxKnvCVWVFV3HyirwQ82XRhd/SHXZdc2ePeYwwGkgTh5eFLJA6
wIz3MhYk/W2G5Y+jAx2IP4sTVjREUFKxUIIkCSbBuSTCVu/p62uS1anpH67HlYyf
Xq+2sWymmI8aTL8EB4gyFAAu+w5+ntpOFsjaFp5OJsvubLEqCirsLLs1DDyoViu+
5RoNUYXv4xbare/WUvTb5o/Da/0QdBJMTQ3QQKn3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUmzmkk1FaSwk2qPW1L2lOy1t2U6gwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk1Mzc2ZjAxLTFiOWMtNDAyOS1hNjIxLTU3ZTQ4OWEwZDY5Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFsnnowDQYJKoZIhvcNAQELBQADggEBAIsZw5eCHwyuGE8cnguf6m49VNxl
w6tfPOzOTo0Sb/gnDN1DqtEem2BMvIrIpadHai4/rTLKc9UypkM/YjiB2fDHF/GL
j13VbjQz+RwNGY4hydu0/E3ckh69oB2WbedDbCBS3iNmwMGF/5HGRj1IdQsrbDN7
UyXUw8W0EB+HuD6NQIRGuSHF6dzkVGIaSRW5M45ZnlhUltq168RBzawQkpL9ZKBm
34K5rp6rmD5MMD4vgQFTWUoPvP16ejejzRJOUhkvzyJfEAD+D4tz7q0iP2qhpPP5
ODKok3/OtAbNdK7RBy+DIH4aJwalAocZw5rm+R0YNr0StSp/pJALgmS+3VI=
-----END CERTIFICATE-----