Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b68a1146-c5de-41f3-9376-ccf5d116168b.roa
File:                     b68a1146-c5de-41f3-9376-ccf5d116168b.roa (raw, json)
Hash identifier:          3gcRlmhdDm7QQHeUsjR/DnLAVTfdxQYDHudeSch+u3c=
Subject key identifier:   2C:F8:0E:1F:9E:F3:9F:B5:D0:07:52:EB:2B:5C:9A:B0:FC:8B:A7:80
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5D4F90DB8F3C14102563B95C837C161B14BD3637
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b68a1146-c5de-41f3-9376-ccf5d116168b.roa
Signing time:             Sun 19 Oct 2025 02:01:00 +0000
ROA not before:           Sun 19 Oct 2025 02:01:00 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.138.118.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:4f:90:db:8f:3c:14:10:25:63:b9:5c:83:7c:16:1b:14:bd:36:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 19 02:01:00 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=65a74b3260418ddcaf49d0bdc93436aa603ced453a16617fbfd7dbcfbcd75298, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:eb:14:9f:c0:b7:49:fe:1d:4f:e1:15:32:47:
                    a8:56:28:1e:18:04:18:36:fe:7b:92:65:e4:d2:60:
                    d3:e6:c5:c0:52:ca:3e:f2:2a:dc:9b:b3:49:83:c8:
                    61:5e:ad:5a:3c:48:09:ac:75:97:58:55:35:e9:de:
                    06:34:4b:15:c2:af:f9:90:37:a3:9d:88:dd:f1:9f:
                    fe:df:53:c4:c8:04:75:f1:6a:4b:23:f7:c0:be:88:
                    dd:e0:3d:84:8c:b3:4f:82:c0:c2:2b:3e:9d:f9:f2:
                    a4:d8:31:93:58:3f:76:13:7a:fd:6d:ed:db:2b:bb:
                    9e:77:db:6f:f3:9b:18:a1:94:90:95:2c:fa:0c:0b:
                    15:87:80:5e:dc:9e:bd:82:d8:ea:65:a2:3b:89:f5:
                    32:5b:e1:cb:91:2f:9f:1e:d5:f0:95:ed:c3:7e:2d:
                    7e:09:c7:5c:6a:a5:e4:ff:47:0d:76:4e:00:f7:8f:
                    9c:aa:7c:f6:aa:d1:ac:1f:2a:76:ba:84:27:8e:ed:
                    53:e7:a1:e5:73:53:31:3f:9f:fb:90:12:9a:ee:ef:
                    46:8c:29:25:86:a9:ce:50:65:96:45:55:3a:0d:36:
                    a5:08:20:50:3c:cc:9c:e2:43:ea:fb:71:ac:07:96:
                    02:11:b4:ef:1e:77:1a:45:22:89:77:08:0a:96:10:
                    03:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:F8:0E:1F:9E:F3:9F:B5:D0:07:52:EB:2B:5C:9A:B0:FC:8B:A7:80
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b68a1146-c5de-41f3-9376-ccf5d116168b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.138.118.0/23

    Signature Algorithm: sha256WithRSAEncryption
         59:4a:25:22:b3:4f:3e:c4:8a:cd:13:73:bc:2e:9d:dd:a3:39:
         f8:aa:7b:fc:fc:0c:c6:2c:29:34:50:1f:0f:c1:3e:37:36:be:
         94:cb:0b:f0:e3:17:50:7a:bc:1b:96:7c:ea:4d:ff:f1:7a:7d:
         a3:f8:fa:7d:11:bb:96:9b:12:54:dc:54:c6:40:8e:07:69:40:
         72:e4:c0:5d:4c:bf:7b:c5:6c:ac:ec:64:10:8d:be:15:a5:d5:
         4e:64:fa:b9:3d:a2:95:97:37:98:44:81:fa:02:a5:98:3e:00:
         3d:7f:5d:06:52:aa:c7:24:b2:6b:29:37:7e:89:27:2d:56:fd:
         cb:a9:be:6c:22:db:c3:01:a3:8c:f9:c4:bd:97:af:c9:09:fa:
         db:6c:77:50:94:d1:8b:1e:62:d1:6e:8f:f2:6b:8e:37:60:b5:
         48:fc:a9:72:86:92:ca:78:e8:d0:55:94:10:16:1b:a2:f2:59:
         3f:98:4d:37:89:46:e0:2a:58:b9:d1:c0:e6:2c:74:cf:63:11:
         55:34:b3:f1:68:c0:57:ef:3b:f4:6b:ce:43:80:48:e7:b6:0b:
         46:91:0f:c0:31:0e:e2:6a:90:7a:44:58:8a:63:71:6f:05:a8:
         da:48:f1:d8:a5:4b:ef:7a:ba:b5:f7:f2:25:f0:66:2e:10:72:
         22:f2:62:33
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXU+Q2488FBAlY7lcg3wWGxS9NjcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE5MDIwMTAwWhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A2NWE3NGIzMjYwNDE4ZGRjYWY0OWQwYmRjOTM0MzZhYTYw
M2NlZDQ1M2ExNjYxN2ZiZmQ3ZGJjZmJjZDc1Mjk4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDS6xSfwLdJ/h1P4RUyR6hWKB4YBBg2/nuSZeTSYNPmxcBS
yj7yKtybs0mDyGFerVo8SAmsdZdYVTXp3gY0SxXCr/mQN6OdiN3xn/7fU8TIBHXx
aksj98C+iN3gPYSMs0+CwMIrPp358qTYMZNYP3YTev1t7dsru55322/zmxihlJCV
LPoMCxWHgF7cnr2C2OplojuJ9TJb4cuRL58e1fCV7cN+LX4Jx1xqpeT/Rw12TgD3
j5yqfPaq0awfKna6hCeO7VPnoeVzUzE/n/uQEpru70aMKSWGqc5QZZZFVToNNqUI
IFA8zJziQ+r7cawHlgIRtO8edxpFIol3CAqWEAOLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQULPgOH57zn7XQB1LrK1yasPyLp4AwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I2OGExMTQ2LWM1ZGUtNDFmMy05Mzc2LWNjZjVkMTE2MTY4Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFsinYwDQYJKoZIhvcNAQELBQADggEBAFlKJSKzTz7Eis0Tc7wund2jOfiq
e/z8DMYsKTRQHw/BPjc2vpTLC/DjF1B6vBuWfOpN//F6faP4+n0Ru5abElTcVMZA
jgdpQHLkwF1Mv3vFbKzsZBCNvhWl1U5k+rk9opWXN5hEgfoCpZg+AD1/XQZSqsck
smspN36JJy1W/cupvmwi28MBo4z5xL2Xr8kJ+ttsd1CU0YseYtFuj/JrjjdgtUj8
qXKGksp46NBVlBAWG6LyWT+YTTeJRuAqWLnRwOYsdM9jEVU0s/FowFfvO/RrzkOA
SOe2C0aRD8AxDuJqkHpEWIpjcW8FqNpI8dilS+96urX38iXwZi4QciLyYjM=
-----END CERTIFICATE-----