Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e6353443-dfbf-4549-9a6c-519a91e775a1.roa
File:                     e6353443-dfbf-4549-9a6c-519a91e775a1.roa (raw, json)
Hash identifier:          AW41WVffLsNzmNffHtDdt0fYr95fLgKJUATyGJW113A=
Subject key identifier:   5E:F5:BA:87:73:19:5E:40:04:C6:81:41:17:11:BE:52:C7:B9:F0:FA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       486A651FF9C2E4B9B9B3D9B4D7FA2D0A2CDF2B44
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e6353443-dfbf-4549-9a6c-519a91e775a1.roa
Signing time:             Mon 20 Oct 2025 02:52:26 +0000
ROA not before:           Mon 20 Oct 2025 02:52:26 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.158.224.0/19 maxlen: 19
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:6a:65:1f:f9:c2:e4:b9:b9:b3:d9:b4:d7:fa:2d:0a:2c:df:2b:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 02:52:26 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=01aee91d45b9532e9e52358246515e0d53b785a22df6bf9b248d73588e2f10d7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:31:11:fe:9f:a8:0b:86:8d:06:4b:cf:f6:6b:
                    c3:dd:45:8d:5b:02:a9:ff:c1:4b:9a:27:58:d2:cf:
                    d5:24:a6:8d:19:4b:5f:de:82:da:7f:26:c9:be:9b:
                    25:16:4c:0e:52:a1:f7:24:74:84:ba:c5:6c:70:fe:
                    29:c8:fd:33:d4:0e:97:df:69:07:f1:49:83:40:5d:
                    75:b7:b1:8b:95:8a:e1:86:13:42:0b:84:4b:0c:46:
                    6e:b7:85:e1:1f:ee:aa:24:f1:4a:e0:88:11:3f:95:
                    83:fe:ad:9f:5f:02:dd:cf:58:03:b2:a9:44:fd:d3:
                    6b:c6:dc:6c:c6:51:4c:40:1c:ff:c8:92:56:94:ac:
                    43:92:b0:f4:04:32:05:8a:05:5c:6e:fa:47:c9:b2:
                    bb:83:ae:36:f3:24:26:37:7b:a1:63:c7:e7:9c:8a:
                    cd:6f:9b:0e:f3:4c:2e:16:bb:eb:22:24:46:41:cb:
                    3a:8c:2f:90:43:19:31:01:19:5e:17:8e:a4:87:21:
                    ca:e9:19:20:3a:a6:7e:fa:c8:31:29:ff:51:26:da:
                    d7:b8:3c:f0:f2:2b:8a:6e:19:31:ab:a6:1f:d1:bc:
                    d9:65:1c:f7:3f:a8:f0:60:8b:e7:cb:8d:09:9f:7a:
                    01:4a:d8:05:73:41:d0:95:a3:92:2e:41:a5:3c:cf:
                    5c:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:F5:BA:87:73:19:5E:40:04:C6:81:41:17:11:BE:52:C7:B9:F0:FA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e6353443-dfbf-4549-9a6c-519a91e775a1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.158.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         b1:bb:f5:4d:03:84:25:c6:3c:f8:5f:da:4a:e0:b1:f8:c5:20:
         fb:d3:aa:f7:61:33:20:21:6f:55:f2:65:d7:3d:1e:c4:db:44:
         13:71:49:03:75:78:89:a2:d8:5a:a1:b6:11:10:4e:ef:f3:fc:
         99:12:bc:2a:93:73:3b:e2:1d:e1:61:13:23:c4:c9:00:18:4c:
         22:25:dc:59:c0:87:4f:08:5a:c8:9c:ad:ba:78:60:15:f9:1d:
         3a:ed:44:3c:ec:d1:f5:b4:7f:ee:55:63:54:ec:2f:3e:16:52:
         dd:f3:4f:be:e4:3f:8b:15:17:ca:6c:89:be:01:e8:b4:27:75:
         c7:a2:63:43:e6:84:df:46:93:55:df:05:38:af:94:1b:26:87:
         99:d9:80:6e:e1:91:62:31:89:9a:26:f5:80:00:8e:b9:9d:fc:
         79:03:58:88:1e:ac:8f:d7:73:ba:3e:58:95:ec:24:e4:f5:30:
         8a:b8:10:ea:cf:1d:b3:20:7c:d9:90:85:e0:30:e3:09:89:32:
         de:89:51:09:c4:65:95:b0:12:fe:c2:ab:dd:25:dc:5a:70:aa:
         8b:ea:0d:5c:9e:ae:6b:2d:0c:a3:f7:2e:8b:88:2d:89:80:df:
         26:7c:c2:91:34:19:25:d6:a7:f8:a4:e0:2f:a4:5d:52:82:45:
         5a:50:c2:da
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSGplH/nC5Lm5s9m01/otCizfK0QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDI1MjI2WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AwMWFlZTkxZDQ1Yjk1MzJlOWU1MjM1ODI0NjUxNWUwZDUz
Yjc4NWEyMmRmNmJmOWIyNDhkNzM1ODhlMmYxMGQ3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDFMRH+n6gLho0GS8/2a8PdRY1bAqn/wUuaJ1jSz9Ukpo0Z
S1/egtp/Jsm+myUWTA5SofckdIS6xWxw/inI/TPUDpffaQfxSYNAXXW3sYuViuGG
E0ILhEsMRm63heEf7qok8UrgiBE/lYP+rZ9fAt3PWAOyqUT902vG3GzGUUxAHP/I
klaUrEOSsPQEMgWKBVxu+kfJsruDrjbzJCY3e6Fjx+ecis1vmw7zTC4Wu+siJEZB
yzqML5BDGTEBGV4XjqSHIcrpGSA6pn76yDEp/1Em2te4PPDyK4puGTGrph/RvNll
HPc/qPBgi+fLjQmfegFK2AVzQdCVo5IuQaU8z1z3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUXvW6h3MZXkAExoFBFxG+Use58PowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2U2MzUzNDQzLWRmYmYtNDU0OS05YTZjLTUxOWE5MWU3NzVhMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAVsnuAwDQYJKoZIhvcNAQELBQADggEBALG79U0DhCXGPPhf2krgsfjFIPvT
qvdhMyAhb1XyZdc9HsTbRBNxSQN1eImi2FqhthEQTu/z/JkSvCqTczviHeFhEyPE
yQAYTCIl3FnAh08IWsicrbp4YBX5HTrtRDzs0fW0f+5VY1TsLz4WUt3zT77kP4sV
F8psib4B6LQndceiY0PmhN9Gk1XfBTivlBsmh5nZgG7hkWIxiZom9YAAjrmd/HkD
WIgerI/Xc7o+WJXsJOT1MIq4EOrPHbMgfNmQheAw4wmJMt6JUQnEZZWwEv7Cq90l
3FpwqovqDVyermstDKP3LouILYmA3yZ8wpE0GSXWp/ik4C+kXVKCRVpQwto=
-----END CERTIFICATE-----