Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fe6d92fb-df44-41d5-9f4e-795e4dd03395.roa
File:                     fe6d92fb-df44-41d5-9f4e-795e4dd03395.roa (raw, json)
Hash identifier:          5twH2jnpXMfh4hmQvZi6vauhu9uNR2+TojjrYTDOJcc=
Subject key identifier:   5E:23:46:0B:08:85:4F:DA:CC:FD:0E:69:31:E2:4B:60:F6:23:8E:6A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7B1B8BE5230846D3748DDB9565966796D8DF7C28
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fe6d92fb-df44-41d5-9f4e-795e4dd03395.roa
Signing time:             Tue 30 Sep 2025 00:02:03 +0000
ROA not before:           Tue 30 Sep 2025 00:02:03 +0000
ROA not after:            Tue 04 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.175.60.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:1b:8b:e5:23:08:46:d3:74:8d:db:95:65:96:67:96:d8:df:7c:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 30 00:02:03 2025 GMT
            Not After : Nov  4 23:59:59 2025 GMT
        Subject: serialNumber=2ee7875bcb064eb1695492f8d7c3f6bbff572de68a7ac9d7ecec088e2dee6f65, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:41:a4:61:b9:b4:d5:55:8c:8a:09:b7:29:c8:
                    d7:91:20:58:63:b9:b7:5e:84:71:d2:2d:16:28:9e:
                    a7:69:e0:16:60:0e:61:f7:5a:61:34:11:ce:ff:fb:
                    55:5e:e2:e4:25:d0:36:08:06:74:06:8f:1b:19:ec:
                    c6:f8:c8:ae:79:ba:e7:3d:9f:8e:45:48:b9:b2:3a:
                    f8:10:3e:38:85:f4:24:4c:b7:98:a5:95:be:6d:a7:
                    06:e3:de:3a:3f:c8:5a:9f:aa:92:cf:d2:b0:ce:dd:
                    5d:f1:ff:d0:2f:5a:6c:c8:20:f3:9d:ea:bb:83:b8:
                    d2:84:b8:1c:44:06:57:c8:6c:62:09:e8:a1:51:4e:
                    5a:3b:3c:a3:44:2a:82:6a:2b:93:87:8d:9c:8b:17:
                    8d:3b:52:69:06:db:4e:fe:ef:2e:9f:df:7b:79:e4:
                    02:08:cf:d0:87:57:de:1a:8e:af:1f:41:bb:55:38:
                    41:71:26:8b:82:39:06:9f:e5:d7:00:a5:78:f9:2c:
                    d8:f3:3d:eb:3e:03:97:3e:73:68:8c:7c:7f:b4:6e:
                    5e:9b:e3:ba:19:6d:ed:49:31:35:9b:9a:c7:6d:cb:
                    c3:ca:94:36:7c:a4:9b:42:52:5a:5f:0c:f4:92:8e:
                    c3:1a:76:41:fe:96:68:d6:f5:77:e5:9c:ce:6b:4f:
                    c1:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:23:46:0B:08:85:4F:DA:CC:FD:0E:69:31:E2:4B:60:F6:23:8E:6A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fe6d92fb-df44-41d5-9f4e-795e4dd03395.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.175.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8b:2c:d6:59:20:4b:8f:c9:7e:0a:59:49:55:3e:1e:d4:a2:6b:
         41:64:89:be:b9:92:b9:a4:6c:80:01:7f:52:40:57:5c:90:fa:
         8b:a8:c8:13:86:88:d8:59:01:ee:5b:42:cb:74:00:50:e7:fd:
         cb:a1:d1:3b:83:5b:57:1d:40:f1:90:50:96:ad:a1:0f:19:52:
         c3:be:b4:29:21:19:0a:71:cd:0d:1b:cc:e7:9d:e9:22:7f:ca:
         f6:60:3a:e1:c7:33:48:d1:ea:28:60:fd:7b:8f:6d:d2:02:7e:
         b1:f9:f0:1d:ae:0e:b7:75:ad:53:02:fc:58:2e:4f:8a:2e:01:
         fc:e1:8b:57:6c:4a:b4:29:bb:28:41:7c:22:5a:6d:3f:91:62:
         e6:49:20:5e:6c:30:55:44:29:9c:02:dc:da:1a:4c:95:50:5d:
         0a:54:f9:5d:7f:77:f3:5f:a9:23:d3:3f:0b:88:20:10:3d:33:
         e2:5a:86:cd:9a:05:85:ef:24:d2:83:e9:75:b0:a7:46:f6:92:
         d9:32:37:c7:7a:b8:a6:4a:37:42:e6:a1:0e:93:c5:a8:44:b1:
         31:fc:ea:e0:6e:09:50:0a:78:10:c7:86:dc:21:1c:8c:c8:cb:
         d0:52:5e:f9:a7:cf:41:78:b9:11:50:0c:22:24:c4:f5:54:ee:
         87:31:17:81
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUexuL5SMIRtN0jduVZZZnltjffCgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTMwMDAwMjAzWhcNMjUxMTA0MjM1OTU5
WjB6MUkwRwYDVQQFE0AyZWU3ODc1YmNiMDY0ZWIxNjk1NDkyZjhkN2MzZjZiYmZm
NTcyZGU2OGE3YWM5ZDdlY2VjMDg4ZTJkZWU2ZjY1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2QaRhubTVVYyKCbcpyNeRIFhjubdehHHSLRYonqdp4BZg
DmH3WmE0Ec7/+1Ve4uQl0DYIBnQGjxsZ7Mb4yK55uuc9n45FSLmyOvgQPjiF9CRM
t5illb5tpwbj3jo/yFqfqpLP0rDO3V3x/9AvWmzIIPOd6ruDuNKEuBxEBlfIbGIJ
6KFRTlo7PKNEKoJqK5OHjZyLF407UmkG207+7y6f33t55AIIz9CHV94ajq8fQbtV
OEFxJouCOQaf5dcApXj5LNjzPes+A5c+c2iMfH+0bl6b47oZbe1JMTWbmsdty8PK
lDZ8pJtCUlpfDPSSjsMadkH+lmjW9XflnM5rT8F5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUXiNGCwiFT9rM/Q5pMeJLYPYjjmowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ZlNmQ5MmZiLWRmNDQtNDFkNS05ZjRlLTc5NWU0ZGQwMzM5NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJsrzwwDQYJKoZIhvcNAQELBQADggEBAIss1lkgS4/JfgpZSVU+HtSia0Fk
ib65krmkbIABf1JAV1yQ+ouoyBOGiNhZAe5bQst0AFDn/cuh0TuDW1cdQPGQUJat
oQ8ZUsO+tCkhGQpxzQ0bzOed6SJ/yvZgOuHHM0jR6ihg/XuPbdICfrH58B2uDrd1
rVMC/FguT4ouAfzhi1dsSrQpuyhBfCJabT+RYuZJIF5sMFVEKZwC3NoaTJVQXQpU
+V1/d/NfqSPTPwuIIBA9M+Jahs2aBYXvJNKD6XWwp0b2ktkyN8d6uKZKN0LmoQ6T
xahEsTH86uBuCVAKeBDHhtwhHIzIy9BSXvmnz0F4uRFQDCIkxPVU7ocxF4E=
-----END CERTIFICATE-----