Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bdc140d3-91f0-44b3-8e66-cb3b0a937566.roa
File:                     bdc140d3-91f0-44b3-8e66-cb3b0a937566.roa (raw, json)
Hash identifier:          wyAlEYAL88pv1g0QIUr3SaF/QRu1HOWOEAJAL+391Q0=
Subject key identifier:   1B:D4:E1:5C:F5:D8:E5:21:88:0E:0B:2E:E2:4F:68:89:2D:76:36:23
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7D3B76B687BDC3F343D017A6B649203520835017
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bdc140d3-91f0-44b3-8e66-cb3b0a937566.roa
Signing time:             Sun 19 Oct 2025 03:00:08 +0000
ROA not before:           Sun 19 Oct 2025 03:00:08 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.139.35.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:3b:76:b6:87:bd:c3:f3:43:d0:17:a6:b6:49:20:35:20:83:50:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 19 03:00:08 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=7512405e049c3872084eb011a0c895d2cd166e9b6263a29308fc9320e5131dcb, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:d6:7b:9b:1b:0e:cb:29:3a:29:af:3b:a0:9e:
                    27:ab:57:7c:e9:d9:43:14:47:2a:26:cb:59:d1:c9:
                    99:2c:d9:ee:0f:98:0b:28:6d:7a:35:00:c7:a0:89:
                    53:f1:1e:37:49:86:4f:62:89:a9:a6:f0:b4:89:5c:
                    1b:31:99:9a:ca:9f:50:6b:72:df:6e:b4:0e:1c:59:
                    87:cf:fd:9d:31:bd:a6:29:0c:82:9b:a6:0b:b5:db:
                    59:4e:c6:fa:86:80:93:24:98:e7:74:a1:71:35:69:
                    44:6a:b0:40:5d:5b:53:a6:3c:bc:2f:09:f4:dd:32:
                    5a:e6:8a:fc:6d:d2:de:16:29:dc:17:2b:32:b7:a6:
                    30:b5:cb:19:56:08:bf:89:b4:67:89:2e:26:eb:00:
                    e3:62:52:f4:03:ab:a5:2b:9f:11:fc:f9:6a:a1:10:
                    9b:b5:fd:4a:58:a3:e7:6e:fe:d9:00:9d:d2:e0:07:
                    0a:3d:aa:c3:43:87:c1:f8:b8:b1:cf:0f:31:07:d7:
                    fd:43:dd:4b:fc:8e:d8:12:61:31:e7:3d:04:c5:3c:
                    a0:60:04:fe:4d:19:45:93:b6:15:56:d1:f8:95:88:
                    2b:c9:ca:7e:30:51:c6:39:9b:c5:98:c1:ea:06:52:
                    f0:70:65:35:2e:88:77:98:a0:a0:96:df:cf:25:f2:
                    fb:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:D4:E1:5C:F5:D8:E5:21:88:0E:0B:2E:E2:4F:68:89:2D:76:36:23
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bdc140d3-91f0-44b3-8e66-cb3b0a937566.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.139.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:ca:f1:aa:89:7a:36:1c:61:43:90:39:45:60:4f:d6:02:e8:
         16:f1:d2:6f:5e:d5:22:7e:21:01:e5:6d:18:22:0a:8e:33:53:
         3a:e7:24:8f:7b:ae:09:59:65:1a:bd:7f:5a:5b:f4:9a:1b:06:
         7e:ac:45:1f:db:91:ac:e0:68:c8:3e:1a:b8:fc:c2:b2:07:d9:
         1f:04:a2:81:1a:98:bf:e8:00:6b:c6:7f:27:64:37:23:39:d9:
         d2:ad:21:f2:37:ec:9b:d3:cb:a8:5e:84:e9:5d:35:00:9c:02:
         08:30:1f:2d:c7:6c:9d:14:4e:14:0a:6f:0f:30:93:aa:50:04:
         b5:c2:90:2e:57:cc:c5:b1:2b:f1:f7:06:22:38:27:db:64:92:
         11:a3:b5:6c:c0:1f:6c:35:2c:12:77:1d:c6:39:e3:05:fe:40:
         a8:35:9d:52:89:5e:29:7d:ee:19:51:c5:12:63:35:37:ac:3c:
         ed:0d:16:e9:b1:9b:8f:12:81:f2:d0:0a:3e:8d:08:25:33:4d:
         47:4c:61:51:07:b0:5e:ba:bd:95:02:5e:aa:0e:02:c7:16:f3:
         f2:c6:81:f9:e2:00:e7:07:a0:64:06:19:f2:ad:6c:d7:13:6c:
         21:fd:86:93:09:ff:08:dc:c1:a1:79:b8:24:36:00:48:44:cb:
         e4:2a:b9:a2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfTt2toe9w/ND0BemtkkgNSCDUBcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE5MDMwMDA4WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A3NTEyNDA1ZTA0OWMzODcyMDg0ZWIwMTFhMGM4OTVkMmNk
MTY2ZTliNjI2M2EyOTMwOGZjOTMyMGU1MTMxZGNiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDK1nubGw7LKToprzugnierV3zp2UMURyomy1nRyZks2e4P
mAsobXo1AMegiVPxHjdJhk9iiamm8LSJXBsxmZrKn1Brct9utA4cWYfP/Z0xvaYp
DIKbpgu121lOxvqGgJMkmOd0oXE1aURqsEBdW1OmPLwvCfTdMlrmivxt0t4WKdwX
KzK3pjC1yxlWCL+JtGeJLibrAONiUvQDq6UrnxH8+WqhEJu1/UpYo+du/tkAndLg
Bwo9qsNDh8H4uLHPDzEH1/1D3Uv8jtgSYTHnPQTFPKBgBP5NGUWTthVW0fiViCvJ
yn4wUcY5m8WYweoGUvBwZTUuiHeYoKCW388l8vu5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUG9ThXPXY5SGIDgsu4k9oiS12NiMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JkYzE0MGQzLTkxZjAtNDRiMy04ZTY2LWNiM2IwYTkzNzU2Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsiyMwDQYJKoZIhvcNAQELBQADggEBAE3K8aqJejYcYUOQOUVgT9YC6Bbx
0m9e1SJ+IQHlbRgiCo4zUzrnJI97rglZZRq9f1pb9JobBn6sRR/bkazgaMg+Grj8
wrIH2R8EooEamL/oAGvGfydkNyM52dKtIfI37JvTy6hehOldNQCcAggwHy3HbJ0U
ThQKbw8wk6pQBLXCkC5XzMWxK/H3BiI4J9tkkhGjtWzAH2w1LBJ3HcY54wX+QKg1
nVKJXil97hlRxRJjNTesPO0NFumxm48SgfLQCj6NCCUzTUdMYVEHsF66vZUCXqoO
AscW8/LGgfniAOcHoGQGGfKtbNcTbCH9hpMJ/wjcwaF5uCQ2AEhEy+QquaI=
-----END CERTIFICATE-----