Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/db1b7f91-07fc-4458-ace7-5db3d277de40.roa
File:                     db1b7f91-07fc-4458-ace7-5db3d277de40.roa (raw, json)
Hash identifier:          PLT5v4qCEOO89mxI2UpnvieoqX9nt9M09AXcO17MWrQ=
Subject key identifier:   CE:F4:64:FC:17:E2:66:B3:CE:61:C5:0F:7D:25:D5:99:95:C5:2A:72
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       490676FC642E06D89D663B8E4CA07A8A3410123E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/db1b7f91-07fc-4458-ace7-5db3d277de40.roa
Signing time:             Mon 20 Oct 2025 01:40:02 +0000
ROA not before:           Mon 20 Oct 2025 01:40:02 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.139.48.0/20 maxlen: 20
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:06:76:fc:64:2e:06:d8:9d:66:3b:8e:4c:a0:7a:8a:34:10:12:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 01:40:02 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=08c34372e0f9288aa694aa8270fa5cc7f4760113a8766550b6826ce991a3df2b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:a6:91:fd:23:ab:02:dd:f2:6c:82:32:4b:5a:
                    9b:36:44:2e:08:fb:da:ba:23:b3:24:10:1c:62:0e:
                    67:48:41:a3:85:cf:1a:62:52:1e:e1:64:bd:7d:5d:
                    97:25:ab:08:e0:a2:9e:cf:ad:ce:41:49:4a:2c:15:
                    94:23:bf:61:26:28:3e:5c:c6:87:e1:09:b4:23:95:
                    9e:01:4f:11:e1:58:f8:17:5e:61:6b:52:1b:2e:a0:
                    b6:9d:a1:29:c4:6c:f3:6c:3d:ff:50:90:05:a2:ec:
                    14:72:e0:bc:17:99:23:4a:f5:52:07:54:d6:e0:21:
                    fb:ac:72:ff:2b:83:03:09:7a:99:84:2f:68:d8:f2:
                    61:53:b2:9e:70:cb:cf:3a:5e:92:76:4c:0a:72:b4:
                    d0:ed:94:fb:58:b2:9e:cf:1f:6e:34:0d:0d:c2:80:
                    37:07:cc:ef:30:2c:7a:0e:4e:c4:61:5f:4f:ab:ce:
                    95:42:0a:05:ee:2f:db:35:6b:b4:9b:37:99:39:d1:
                    a7:7a:85:25:96:d6:0b:77:fd:6c:4d:2e:1d:0c:98:
                    1d:27:9c:95:50:d1:f3:d4:84:fd:43:a5:1d:70:ed:
                    59:b2:2b:df:10:74:aa:12:9f:80:3a:6b:58:02:3d:
                    01:f7:6f:93:10:79:b1:ee:5c:db:36:d2:03:b3:27:
                    5e:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:F4:64:FC:17:E2:66:B3:CE:61:C5:0F:7D:25:D5:99:95:C5:2A:72
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/db1b7f91-07fc-4458-ace7-5db3d277de40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.139.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         9f:6c:a8:25:f0:e5:55:c2:64:42:79:5c:2a:dc:4f:41:cc:e5:
         3d:0a:6e:a8:29:f7:ec:62:db:90:1a:d6:95:5a:bc:9c:f2:f3:
         d4:4b:0a:b0:3d:88:c9:e4:32:55:9b:9e:b9:2f:75:7f:3f:04:
         c3:6c:d4:a3:0e:ee:07:57:c2:7f:0c:81:89:84:1d:b8:4e:01:
         3a:96:0f:d8:a4:4d:f3:4c:9c:95:35:ab:9f:0a:ac:34:14:34:
         66:89:93:1e:f8:e7:3c:a5:49:86:e5:91:ae:f8:37:8e:12:f0:
         1b:68:15:54:41:5d:17:71:d3:dc:71:52:48:3a:93:bb:d1:e3:
         9c:89:f9:b2:dd:c0:06:2f:71:1a:cb:fd:71:7a:02:eb:e2:13:
         49:9b:52:80:b7:e6:90:52:b2:49:ec:9f:f9:4a:35:2b:6e:82:
         87:48:b1:6b:78:9b:e9:7c:53:3e:13:26:ed:e5:6d:70:56:ef:
         5d:20:aa:9a:dc:7f:36:81:17:11:cc:fb:dd:c7:17:a7:fd:48:
         b9:b2:66:fe:c2:06:23:b9:72:e4:fc:6b:01:08:a6:1e:24:e9:
         d4:40:e4:72:46:52:5a:31:e7:52:d8:32:f8:30:3b:aa:8f:bb:
         8f:77:51:8f:54:9b:14:d4:bb:d4:c0:92:d7:7f:63:10:67:cd:
         8b:dd:4d:62
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSQZ2/GQuBtidZjuOTKB6ijQQEj4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDE0MDAyWhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AwOGMzNDM3MmUwZjkyODhhYTY5NGFhODI3MGZhNWNjN2Y0
NzYwMTEzYTg3NjY1NTBiNjgyNmNlOTkxYTNkZjJiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3ppH9I6sC3fJsgjJLWps2RC4I+9q6I7MkEBxiDmdIQaOF
zxpiUh7hZL19XZclqwjgop7Prc5BSUosFZQjv2EmKD5cxofhCbQjlZ4BTxHhWPgX
XmFrUhsuoLadoSnEbPNsPf9QkAWi7BRy4LwXmSNK9VIHVNbgIfuscv8rgwMJepmE
L2jY8mFTsp5wy886XpJ2TApytNDtlPtYsp7PH240DQ3CgDcHzO8wLHoOTsRhX0+r
zpVCCgXuL9s1a7SbN5k50ad6hSWW1gt3/WxNLh0MmB0nnJVQ0fPUhP1DpR1w7Vmy
K98QdKoSn4A6a1gCPQH3b5MQebHuXNs20gOzJ14DAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUzvRk/BfiZrPOYcUPfSXVmZXFKnIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RiMWI3ZjkxLTA3ZmMtNDQ1OC1hY2U3LTVkYjNkMjc3ZGU0MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBARsizAwDQYJKoZIhvcNAQELBQADggEBAJ9sqCXw5VXCZEJ5XCrcT0HM5T0K
bqgp9+xi25Aa1pVavJzy89RLCrA9iMnkMlWbnrkvdX8/BMNs1KMO7gdXwn8MgYmE
HbhOATqWD9ikTfNMnJU1q58KrDQUNGaJkx745zylSYblka74N44S8BtoFVRBXRdx
09xxUkg6k7vR45yJ+bLdwAYvcRrL/XF6AuviE0mbUoC35pBSsknsn/lKNStugodI
sWt4m+l8Uz4TJu3lbXBW710gqprcfzaBFxHM+93HF6f9SLmyZv7CBiO5cuT8awEI
ph4k6dRA5HJGUlox51LYMvgwO6qPu493UY9UmxTUu9TAktd/YxBnzYvdTWI=
-----END CERTIFICATE-----