Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f6da3d50-6eb9-46c4-b1f5-06de3a053daf.roa
File:                     f6da3d50-6eb9-46c4-b1f5-06de3a053daf.roa (raw, json)
Hash identifier:          4HqXamqraupXphCFw26qYJVXmvRjcSj3Su+BgRVUgIk=
Subject key identifier:   96:6E:08:F1:15:44:BC:31:83:13:09:38:B1:97:E5:08:79:40:FE:7F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       797A5D0F904ECD76B19033911DCD90DE947E56F1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f6da3d50-6eb9-46c4-b1f5-06de3a053daf.roa
Signing time:             Mon 20 Oct 2025 00:10:34 +0000
ROA not before:           Mon 20 Oct 2025 00:10:34 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.139.40.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:7a:5d:0f:90:4e:cd:76:b1:90:33:91:1d:cd:90:de:94:7e:56:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 00:10:34 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=f37faf11671b8da2eb773620f8f34b90ca4e3a57a0c9f8f31d8d60d492cc0f52, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:6c:e8:81:c6:24:36:f3:69:49:50:bc:cb:96:
                    e9:bb:7c:a4:aa:71:d6:39:0f:b7:8a:7f:68:e0:7c:
                    bd:f1:38:4d:d0:58:9c:7e:ba:69:4d:52:28:44:79:
                    96:3e:4a:4e:74:d8:dc:f4:0c:cc:14:63:b5:ba:6b:
                    55:0c:6d:48:fd:b2:bb:c0:ee:6b:91:6e:15:36:4a:
                    6e:99:1d:10:9a:36:b1:a0:a0:86:9c:82:47:6e:c2:
                    8f:37:f5:fa:3a:a4:96:7b:d2:9d:33:dc:4b:15:75:
                    10:0f:0a:c7:46:33:24:ad:60:24:69:22:00:ce:5a:
                    82:8e:26:9f:4f:11:1c:53:c2:28:60:1a:a0:c9:b9:
                    8b:e4:ba:76:4c:50:cd:38:14:86:ef:33:98:ff:64:
                    4d:d6:cd:a4:9d:5d:f4:b7:a1:5b:17:57:df:d9:4d:
                    4e:32:3b:6e:ef:11:45:ad:3c:55:47:f7:29:09:62:
                    ab:e1:1b:5f:aa:ec:79:ff:50:f2:d7:92:9a:1b:57:
                    26:06:74:9a:66:c4:f9:d7:3d:05:ff:65:f3:b4:b1:
                    56:b0:d3:c0:8f:39:38:4e:3f:73:21:d0:09:34:ce:
                    98:51:6c:a7:99:ef:d8:39:dc:c8:ac:0b:bc:cc:b1:
                    31:80:dd:e3:72:06:40:d7:34:26:16:6e:30:4f:17:
                    81:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:6E:08:F1:15:44:BC:31:83:13:09:38:B1:97:E5:08:79:40:FE:7F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f6da3d50-6eb9-46c4-b1f5-06de3a053daf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.139.40.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c5:65:25:f3:19:04:5d:5a:76:32:62:ab:64:f0:99:17:a7:e9:
         4d:f5:bc:d1:2d:21:aa:d1:f4:70:95:87:54:0e:4a:c0:7d:60:
         e4:de:91:fb:bb:69:42:e6:6f:26:5e:f7:bf:dd:07:4b:35:79:
         4e:06:7e:a6:50:59:a4:45:39:79:13:69:b8:d1:50:f5:60:6b:
         80:ec:68:05:f7:7a:bf:10:84:12:aa:8d:c6:74:d5:f3:8f:fb:
         92:12:f6:30:0d:02:85:67:99:34:c0:0f:65:ed:6a:44:eb:5d:
         d5:8b:55:fd:c9:78:af:eb:e8:91:2c:3e:f1:f8:a7:1d:c0:8c:
         df:98:d1:e3:ce:e0:13:fa:d6:ce:94:b8:6d:2e:59:a8:4c:71:
         c7:fd:96:6c:47:e0:aa:9b:77:e7:2c:77:34:ed:31:fb:12:0b:
         90:23:ad:57:b1:97:97:87:e6:a9:ab:e5:f1:f3:6e:7c:5f:35:
         99:87:87:c1:2d:32:99:6f:26:ac:56:d3:4c:8c:a6:05:23:fe:
         b3:68:13:26:33:64:63:11:fc:7e:1b:0b:72:39:b6:cb:b6:78:
         2c:4b:8e:fd:de:4f:3c:c7:58:f5:36:55:77:68:30:95:c2:63:
         85:dd:ca:26:9e:dc:99:e7:be:96:e0:77:2d:05:27:01:4b:54:
         fd:49:a9:98
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUeXpdD5BOzXaxkDORHc2Q3pR+VvEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDAxMDM0WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BmMzdmYWYxMTY3MWI4ZGEyZWI3NzM2MjBmOGYzNGI5MGNh
NGUzYTU3YTBjOWY4ZjMxZDhkNjBkNDkyY2MwZjUyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCJbOiBxiQ282lJULzLlum7fKSqcdY5D7eKf2jgfL3xOE3Q
WJx+umlNUihEeZY+Sk502Nz0DMwUY7W6a1UMbUj9srvA7muRbhU2Sm6ZHRCaNrGg
oIacgkduwo839fo6pJZ70p0z3EsVdRAPCsdGMyStYCRpIgDOWoKOJp9PERxTwihg
GqDJuYvkunZMUM04FIbvM5j/ZE3WzaSdXfS3oVsXV9/ZTU4yO27vEUWtPFVH9ykJ
YqvhG1+q7Hn/UPLXkpobVyYGdJpmxPnXPQX/ZfO0sVaw08CPOThOP3Mh0Ak0zphR
bKeZ79g53MisC7zMsTGA3eNyBkDXNCYWbjBPF4HNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUlm4I8RVEvDGDEwk4sZflCHlA/n8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Y2ZGEzZDUwLTZlYjktNDZjNC1iMWY1LTA2ZGUzYTA1M2RhZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFsiygwDQYJKoZIhvcNAQELBQADggEBAMVlJfMZBF1adjJiq2TwmRen6U31
vNEtIarR9HCVh1QOSsB9YOTekfu7aULmbyZe97/dB0s1eU4GfqZQWaRFOXkTabjR
UPVga4DsaAX3er8QhBKqjcZ01fOP+5IS9jANAoVnmTTAD2XtakTrXdWLVf3JeK/r
6JEsPvH4px3AjN+Y0ePO4BP61s6UuG0uWahMccf9lmxH4Kqbd+csdzTtMfsSC5Aj
rVexl5eH5qmr5fHzbnxfNZmHh8EtMplvJqxW00yMpgUj/rNoEyYzZGMR/H4bC3I5
tsu2eCxLjv3eTzzHWPU2VXdoMJXCY4Xdyiae3Jnnvpbgdy0FJwFLVP1JqZg=
-----END CERTIFICATE-----