Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9c2206c3-8f65-421f-8906-8b7115fa8718.roa
File:                     9c2206c3-8f65-421f-8906-8b7115fa8718.roa (raw, json)
Hash identifier:          HehHnMO6qMAmr0+8XZo8B4hdSw76tOxktV1eQ3PpmeA=
Subject key identifier:   C4:3B:7E:BF:CB:EF:F7:BA:1F:79:AE:3C:ED:17:6D:FB:EE:11:0B:01
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2EA5AB2D83787D73AEBD949AE20534903B16EA60
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9c2206c3-8f65-421f-8906-8b7115fa8718.roa
Signing time:             Mon 20 Oct 2025 06:31:29 +0000
ROA not before:           Mon 20 Oct 2025 06:31:29 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.138.188.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:a5:ab:2d:83:78:7d:73:ae:bd:94:9a:e2:05:34:90:3b:16:ea:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 06:31:29 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=15d4115ddd1fde03caf338b40bb23f66e1bf6a5026687bb03d9f3f097447218b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:72:05:73:45:f1:a8:17:e5:45:f0:52:06:19:
                    32:d9:8c:c4:4c:a5:91:a7:f0:c8:ac:03:1c:bc:de:
                    8d:58:17:ef:e2:f1:30:f8:ca:01:f6:22:a6:64:42:
                    a6:97:96:39:50:ad:1b:9e:5c:e9:90:67:08:98:8c:
                    ce:12:ec:62:8d:b3:c2:fb:64:af:07:21:a4:24:49:
                    2a:2a:70:02:ad:15:44:62:29:b3:92:81:14:5e:1f:
                    86:9c:b6:71:42:f5:51:b6:94:85:ee:82:43:cd:6a:
                    10:28:64:10:02:fb:a3:7a:bc:0d:b1:51:58:65:cc:
                    4c:1e:aa:6e:c2:70:69:bb:63:56:eb:6c:a9:e9:58:
                    ea:80:da:f8:ef:4a:a2:a1:8f:ce:5f:8f:5c:8d:b9:
                    94:c7:7d:26:2b:45:57:65:37:c1:90:5e:28:24:ea:
                    c9:23:bb:11:2a:57:cf:e9:4d:37:69:08:88:41:74:
                    56:53:15:8c:60:d6:32:52:8f:1c:f6:77:6b:1e:4b:
                    9f:1e:79:3d:2d:2d:43:6a:4e:1e:99:d0:23:42:3e:
                    75:e3:70:d1:c0:d2:16:75:6b:58:30:9a:e6:2c:4b:
                    5c:eb:9e:99:b0:88:bc:96:68:dc:12:36:4a:65:e3:
                    70:8d:b7:75:49:0d:9f:28:e1:5a:8c:a9:2c:ee:7e:
                    a2:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:3B:7E:BF:CB:EF:F7:BA:1F:79:AE:3C:ED:17:6D:FB:EE:11:0B:01
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9c2206c3-8f65-421f-8906-8b7115fa8718.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.138.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3b:db:da:67:99:44:37:1e:18:42:35:ae:4b:a6:83:10:df:f3:
         13:93:6d:ef:d8:08:27:d0:3b:19:05:61:33:4d:a0:7f:98:63:
         e7:d5:97:53:59:37:3d:c8:d8:29:85:4b:b9:22:9d:09:3b:1f:
         5c:70:73:59:95:90:c3:99:c6:08:62:4a:9b:bf:8d:0d:e2:21:
         c2:1a:8a:87:fc:d7:ad:f7:a8:c7:16:8e:99:3f:9a:d6:a7:ea:
         c0:59:2e:bd:f2:ab:98:be:40:71:9f:05:ce:be:98:45:05:fb:
         52:cb:14:72:5e:65:d9:2e:f8:27:cc:7f:9c:24:05:05:61:c2:
         a6:0c:dc:ef:89:6a:64:a1:3e:5c:ef:e7:c6:2d:06:d2:51:2f:
         82:2e:27:97:84:59:4c:18:37:a7:0c:74:af:b1:25:2e:54:bc:
         e8:09:78:d5:6e:c4:ea:b0:d8:0b:67:92:56:9f:05:da:b3:3f:
         56:68:bd:77:57:b8:f5:3c:c3:83:8d:43:17:73:64:2c:ff:75:
         17:0e:f2:41:53:a3:81:ad:bb:ce:91:a2:ac:91:78:40:37:12:
         7e:1d:9c:30:fa:ec:70:4a:f2:3b:ef:d4:7b:4c:ad:3b:83:63:
         36:92:e6:b7:a4:cd:bf:44:7b:6b:45:df:be:06:7a:22:9a:dd:
         f1:3d:67:a8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULqWrLYN4fXOuvZSa4gU0kDsW6mAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDYzMTI5WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AxNWQ0MTE1ZGRkMWZkZTAzY2FmMzM4YjQwYmIyM2Y2NmUx
YmY2YTUwMjY2ODdiYjAzZDlmM2YwOTc0NDcyMThiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8cgVzRfGoF+VF8FIGGTLZjMRMpZGn8MisAxy83o1YF+/i
8TD4ygH2IqZkQqaXljlQrRueXOmQZwiYjM4S7GKNs8L7ZK8HIaQkSSoqcAKtFURi
KbOSgRReH4actnFC9VG2lIXugkPNahAoZBAC+6N6vA2xUVhlzEweqm7CcGm7Y1br
bKnpWOqA2vjvSqKhj85fj1yNuZTHfSYrRVdlN8GQXigk6skjuxEqV8/pTTdpCIhB
dFZTFYxg1jJSjxz2d2seS58eeT0tLUNqTh6Z0CNCPnXjcNHA0hZ1a1gwmuYsS1zr
npmwiLyWaNwSNkpl43CNt3VJDZ8o4VqMqSzufqIZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUxDt+v8vv97ofea487Rdt++4RCwEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzljMjIwNmMzLThmNjUtNDIxZi04OTA2LThiNzExNWZhODcxOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJsirwwDQYJKoZIhvcNAQELBQADggEBADvb2meZRDceGEI1rkumgxDf8xOT
be/YCCfQOxkFYTNNoH+YY+fVl1NZNz3I2CmFS7kinQk7H1xwc1mVkMOZxghiSpu/
jQ3iIcIaiof81633qMcWjpk/mtan6sBZLr3yq5i+QHGfBc6+mEUF+1LLFHJeZdku
+CfMf5wkBQVhwqYM3O+JamShPlzv58YtBtJRL4IuJ5eEWUwYN6cMdK+xJS5UvOgJ
eNVuxOqw2AtnklafBdqzP1ZovXdXuPU8w4ONQxdzZCz/dRcO8kFTo4Gtu86RoqyR
eEA3En4dnDD67HBK8jvv1HtMrTuDYzaS5rekzb9Ee2tF374GeiKa3fE9Z6g=
-----END CERTIFICATE-----