Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/da864675-3261-4833-b898-4ceab6788bbc.roa
File:                     da864675-3261-4833-b898-4ceab6788bbc.roa (raw, json)
Hash identifier:          4Sbnx1em5821uZzGdGp+jtDt5py74UQhfxHpKqb6OWQ=
Subject key identifier:   24:49:BC:BA:C9:2A:52:5B:12:7A:E3:75:DF:28:36:EA:FE:AF:6C:24
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0CCF8F3D3766952D7B83B0F937E52D946CDDD06D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/da864675-3261-4833-b898-4ceab6788bbc.roa
Signing time:             Mon 20 Oct 2025 01:21:29 +0000
ROA not before:           Mon 20 Oct 2025 01:21:29 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.158.115.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:cf:8f:3d:37:66:95:2d:7b:83:b0:f9:37:e5:2d:94:6c:dd:d0:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 01:21:29 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=ac3191ff49783a2ac79fdf4c2ace8ab1830f1114c3338af41e6141121a4988c1, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:c3:d4:d5:1d:56:5d:0f:79:24:90:33:cb:ef:
                    d6:3c:6f:c3:dc:02:3f:4f:6d:fb:ad:f5:f0:76:6d:
                    cc:40:8d:bb:81:59:30:f4:f5:b7:4b:98:80:da:5d:
                    a2:3c:20:cd:30:e6:4a:f5:80:6e:36:b5:a1:8f:5f:
                    aa:03:45:83:74:e7:50:a4:9e:2a:32:96:12:85:50:
                    d7:99:05:1d:79:de:e7:e9:e3:fa:c0:27:41:cc:1d:
                    1c:04:49:b8:c0:ad:0a:48:ff:2f:9c:6e:99:9a:9b:
                    c7:34:4e:30:6e:7e:60:e4:20:59:d9:4b:af:db:bc:
                    3b:40:be:5b:c9:cb:84:ec:14:b8:b4:28:1c:5a:0e:
                    fe:21:3e:69:49:36:da:33:70:06:5d:e1:98:62:8e:
                    34:91:57:ec:b9:6c:b0:9c:47:dc:9d:1c:9e:e2:51:
                    08:88:58:e2:79:c8:2a:c1:0e:89:09:ec:87:08:5b:
                    0b:a1:f9:a6:66:26:20:11:d1:b2:c7:bd:50:b9:d2:
                    4d:dc:f9:5d:61:92:f6:2d:66:bd:c7:b8:4a:75:12:
                    51:20:f6:eb:b9:9e:5d:c6:7f:78:73:d1:45:59:68:
                    66:ff:31:20:30:03:44:fd:18:f2:94:7b:f1:2f:c0:
                    37:8b:48:26:4c:10:6d:f1:0c:32:08:82:1b:37:bf:
                    26:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:49:BC:BA:C9:2A:52:5B:12:7A:E3:75:DF:28:36:EA:FE:AF:6C:24
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/da864675-3261-4833-b898-4ceab6788bbc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.158.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:18:46:3c:5c:f3:e5:fa:a3:71:3e:ca:2b:54:06:0b:40:e7:
         4e:11:93:1d:07:e8:01:d0:5c:bf:41:c1:26:ed:6d:53:5e:76:
         7c:82:37:bc:fb:c4:f5:19:6d:fa:7f:b5:7b:c1:9f:5b:6f:aa:
         0c:7f:c9:1f:f0:ef:9b:68:f2:58:d3:22:ca:e4:77:b9:eb:8c:
         58:ef:46:47:9c:67:0d:1c:16:22:11:b3:21:3f:28:5f:18:01:
         e6:56:4d:53:7a:bc:dd:e3:26:6c:be:7e:a6:0c:46:de:64:81:
         5b:7b:57:55:1c:21:9e:a5:72:d7:6a:bc:54:8c:d0:ba:1e:03:
         1f:d9:4b:2a:1a:0d:58:07:83:2e:7a:ea:1f:9a:13:5b:b7:43:
         6c:08:2e:50:90:a4:32:e9:d8:83:0e:37:8b:1c:1f:6c:c4:d9:
         ae:56:64:57:94:a8:8e:0f:9c:1c:72:f3:70:37:c8:a7:5e:de:
         5d:50:6d:c3:11:a1:cd:ca:2c:eb:ee:f4:17:96:11:13:2c:ac:
         d4:0f:2d:9a:d9:1b:bd:a6:31:9d:b0:76:ec:df:cc:76:22:2c:
         03:38:bb:68:4f:b3:27:d8:3b:4c:ec:a8:ee:db:fc:2c:e8:d8:
         1f:8f:2b:e6:9e:49:c5:e5:73:70:09:27:00:83:aa:ef:0c:3f:
         c9:e0:a3:ad
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDM+PPTdmlS17g7D5N+UtlGzd0G0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDEyMTI5WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BhYzMxOTFmZjQ5NzgzYTJhYzc5ZmRmNGMyYWNlOGFiMTgz
MGYxMTE0YzMzMzhhZjQxZTYxNDExMjFhNDk4OGMxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCVw9TVHVZdD3kkkDPL79Y8b8PcAj9Pbfut9fB2bcxAjbuB
WTD09bdLmIDaXaI8IM0w5kr1gG42taGPX6oDRYN051CknioylhKFUNeZBR153ufp
4/rAJ0HMHRwESbjArQpI/y+cbpmam8c0TjBufmDkIFnZS6/bvDtAvlvJy4TsFLi0
KBxaDv4hPmlJNtozcAZd4ZhijjSRV+y5bLCcR9ydHJ7iUQiIWOJ5yCrBDokJ7IcI
Wwuh+aZmJiAR0bLHvVC50k3c+V1hkvYtZr3HuEp1ElEg9uu5nl3Gf3hz0UVZaGb/
MSAwA0T9GPKUe/EvwDeLSCZMEG3xDDIIghs3vyZnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUJEm8uskqUlsSeuN13yg26v6vbCQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RhODY0Njc1LTMyNjEtNDgzMy1iODk4LTRjZWFiNjc4OGJiYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsnnMwDQYJKoZIhvcNAQELBQADggEBAI0YRjxc8+X6o3E+yitUBgtA504R
kx0H6AHQXL9BwSbtbVNednyCN7z7xPUZbfp/tXvBn1tvqgx/yR/w75to8ljTIsrk
d7nrjFjvRkecZw0cFiIRsyE/KF8YAeZWTVN6vN3jJmy+fqYMRt5kgVt7V1UcIZ6l
ctdqvFSM0LoeAx/ZSyoaDVgHgy566h+aE1u3Q2wILlCQpDLp2IMON4scH2zE2a5W
ZFeUqI4PnBxy83A3yKde3l1QbcMRoc3KLOvu9BeWERMsrNQPLZrZG72mMZ2wduzf
zHYiLAM4u2hPsyfYO0zsqO7b/Czo2B+PK+aeScXlc3AJJwCDqu8MP8ngo60=
-----END CERTIFICATE-----