Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0ea2f6a0-ae3e-4bfe-98e2-dc01d2517105.roa
File:                     0ea2f6a0-ae3e-4bfe-98e2-dc01d2517105.roa (raw, json)
Hash identifier:          w4gIAKUzzUAaN4KPahwknWd21ykLezih/vqXJrwthCA=
Subject key identifier:   71:80:4E:78:35:98:DE:3F:BE:73:E0:CF:E2:2F:DB:96:B5:5C:42:C7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       64902CEC3725B7129148D305887F1D9BAAAA95FC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0ea2f6a0-ae3e-4bfe-98e2-dc01d2517105.roa
Signing time:             Mon 20 Oct 2025 06:32:21 +0000
ROA not before:           Mon 20 Oct 2025 06:32:21 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.158.63.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:90:2c:ec:37:25:b7:12:91:48:d3:05:88:7f:1d:9b:aa:aa:95:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 06:32:21 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=0c1a2f38981555c426776f04d83b40f2a2fddc16a19eab85b89fdc5937ca4ece, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:8b:34:8e:35:4c:5d:5b:ad:be:63:5f:dc:ac:
                    40:c0:c5:29:dd:59:4f:dc:e7:ba:1a:10:38:66:81:
                    53:c8:8f:cf:06:d5:be:89:6d:d1:b3:2d:9c:b2:27:
                    9b:c1:6a:6a:99:ff:de:42:09:23:81:3c:94:b1:c0:
                    64:16:f7:41:22:c6:f1:f6:be:83:1f:b8:0d:f3:23:
                    b7:83:d7:dd:10:c6:aa:3a:da:17:fa:1a:d1:5d:06:
                    6a:7d:bd:a4:f7:35:a3:bb:42:9a:06:c2:54:5d:c9:
                    bd:f0:47:20:39:12:31:e4:88:ba:68:93:f0:84:f9:
                    3d:4a:0f:15:a2:12:6c:16:f4:7e:a4:79:73:fa:c1:
                    8d:2e:b1:c0:ce:5c:03:59:c6:87:ed:63:0b:df:d8:
                    73:8f:d1:e9:3b:3e:13:91:4e:0f:aa:22:1b:b5:91:
                    e1:cb:8f:82:e8:df:c1:b0:5f:11:b4:4a:d9:86:cf:
                    a7:26:45:ce:58:29:6b:94:ea:b0:c9:9e:0f:1c:2e:
                    e5:58:c9:0d:45:0b:e8:8b:6d:96:05:bd:ad:f3:50:
                    0a:c2:15:94:9c:ea:5b:c7:1f:c6:9d:0f:8e:96:d3:
                    f7:9e:31:19:ce:44:d5:75:0d:65:d6:7f:e8:3b:ad:
                    5d:27:2e:33:c1:3a:5b:9e:76:a7:12:97:95:8b:2b:
                    73:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:80:4E:78:35:98:DE:3F:BE:73:E0:CF:E2:2F:DB:96:B5:5C:42:C7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0ea2f6a0-ae3e-4bfe-98e2-dc01d2517105.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.158.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:63:d0:97:f1:06:fe:84:32:ba:6c:f9:14:22:c7:17:ec:e2:
         95:76:7d:9d:b7:ab:26:13:4c:ad:ab:ad:bd:b9:8a:c6:93:77:
         b1:be:2b:6a:99:46:e2:d1:37:15:10:4e:dc:5f:fb:3b:cf:f5:
         f1:10:b0:df:65:7a:e3:d5:c4:a1:79:10:28:ae:3f:4f:1c:a1:
         d4:8d:c9:ce:3a:a7:cb:e9:4e:9e:73:17:1a:7a:21:0b:4b:2e:
         94:8d:35:23:9b:04:69:e6:7d:21:31:2a:43:af:3d:a7:15:e0:
         31:99:46:b6:ca:06:e8:64:e2:e0:d6:53:9e:47:d7:af:bc:b2:
         99:c6:b9:5a:ce:d5:ca:82:f1:50:17:59:29:3e:1e:e8:26:2b:
         25:2c:f9:50:b7:34:8f:15:d1:c8:25:06:75:d7:f0:de:fa:fe:
         37:fc:4d:b1:34:20:22:7e:4b:0a:a3:e6:8f:a7:be:24:ea:d6:
         87:a3:38:d5:1e:4f:d6:4c:57:35:90:3c:6b:47:bc:e7:9e:66:
         ec:d4:7c:c7:73:7c:86:c1:4c:86:d4:78:3e:79:79:b8:aa:c4:
         08:52:8c:15:a3:b6:09:68:e2:85:02:f2:fb:bc:79:a4:e0:f4:
         4b:5e:55:88:75:a6:69:63:2a:f8:1b:38:5a:28:5f:9d:20:10:
         85:bf:45:01
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZJAs7DcltxKRSNMFiH8dm6qqlfwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDYzMjIxWhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AwYzFhMmYzODk4MTU1NWM0MjY3NzZmMDRkODNiNDBmMmEy
ZmRkYzE2YTE5ZWFiODViODlmZGM1OTM3Y2E0ZWNlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5izSONUxdW62+Y1/crEDAxSndWU/c57oaEDhmgVPIj88G
1b6JbdGzLZyyJ5vBamqZ/95CCSOBPJSxwGQW90EixvH2voMfuA3zI7eD190Qxqo6
2hf6GtFdBmp9vaT3NaO7QpoGwlRdyb3wRyA5EjHkiLpok/CE+T1KDxWiEmwW9H6k
eXP6wY0uscDOXANZxoftYwvf2HOP0ek7PhORTg+qIhu1keHLj4Lo38GwXxG0StmG
z6cmRc5YKWuU6rDJng8cLuVYyQ1FC+iLbZYFva3zUArCFZSc6lvHH8adD46W0/ee
MRnORNV1DWXWf+g7rV0nLjPBOluedqcSl5WLK3MTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUcYBOeDWY3j++c+DP4i/blrVcQscwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBlYTJmNmEwLWFlM2UtNGJmZS05OGUyLWRjMDFkMjUxNzEwNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsnj8wDQYJKoZIhvcNAQELBQADggEBAA9j0JfxBv6EMrps+RQixxfs4pV2
fZ23qyYTTK2rrb25isaTd7G+K2qZRuLRNxUQTtxf+zvP9fEQsN9leuPVxKF5ECiu
P08codSNyc46p8vpTp5zFxp6IQtLLpSNNSObBGnmfSExKkOvPacV4DGZRrbKBuhk
4uDWU55H16+8spnGuVrO1cqC8VAXWSk+HugmKyUs+VC3NI8V0cglBnXX8N76/jf8
TbE0ICJ+Swqj5o+nviTq1oejONUeT9ZMVzWQPGtHvOeeZuzUfMdzfIbBTIbUeD55
ebiqxAhSjBWjtglo4oUC8vu8eaTg9EteVYh1pmljKvgbOFooX50gEIW/RQE=
-----END CERTIFICATE-----