Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0f893b02-709b-4a20-ab74-f859a710b1be.roa
File:                     0f893b02-709b-4a20-ab74-f859a710b1be.roa (raw, json)
Hash identifier:          0YBggtKfyi13asOUNjr+BIsues2lMDygJBTCIh0oGsM=
Subject key identifier:   E1:AE:4F:1F:34:2B:B2:B7:3D:56:10:AB:10:E8:79:3A:1D:E7:B6:5F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       58807C1DE8B29F5BA19E3F4B792A651AA0BCB192
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0f893b02-709b-4a20-ab74-f859a710b1be.roa
Signing time:             Sat 27 Sep 2025 00:13:07 +0000
ROA not before:           Sat 27 Sep 2025 00:13:07 +0000
ROA not after:            Sat 01 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.128.64.0/18 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:80:7c:1d:e8:b2:9f:5b:a1:9e:3f:4b:79:2a:65:1a:a0:bc:b1:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 27 00:13:07 2025 GMT
            Not After : Nov  1 23:59:59 2025 GMT
        Subject: serialNumber=7d41333363b9eb7b41ea052ae1e069a45a4a242990b597d41242536edda538a1, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:d4:4a:a5:08:df:1d:55:85:6f:a6:33:76:65:
                    8e:c5:cb:3c:df:a5:40:68:50:dc:3e:27:bc:df:03:
                    63:e7:6e:07:2e:e4:26:23:1d:b4:da:80:6f:17:d3:
                    5a:95:0b:74:77:f7:bc:06:52:6f:1b:80:22:ec:0d:
                    03:bf:36:99:f8:16:4c:70:d6:12:1a:62:d0:9e:f5:
                    8f:0d:38:4a:c5:31:9b:6f:2a:64:05:54:3b:65:87:
                    47:0a:d2:ee:c6:ca:3e:fe:be:ce:19:5a:12:fd:62:
                    7a:0f:cf:be:9a:5c:56:99:10:af:eb:98:79:38:62:
                    fa:37:9b:c4:f5:cd:41:eb:2c:ee:fe:a8:bb:9a:29:
                    60:58:02:5f:73:b4:e2:8f:5f:07:ac:51:ac:35:b1:
                    e1:4b:0d:fd:91:fe:0d:b7:5b:8f:96:9e:71:ce:27:
                    b0:69:b0:ae:7e:fc:a2:6e:f0:4e:af:1c:77:0f:8d:
                    a8:5f:0a:79:d1:ea:6e:8f:af:7a:2d:5a:af:f8:5b:
                    5d:86:54:89:e2:94:fa:21:21:c6:d7:44:b4:26:fd:
                    d4:b7:19:f3:5d:c6:4b:e8:7c:8e:9b:89:b4:7e:78:
                    1b:1d:05:b7:b7:f5:16:2a:88:e8:57:c3:56:bb:24:
                    2c:b2:1f:3b:ed:67:33:06:cd:fa:02:ec:bb:11:4c:
                    6a:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:AE:4F:1F:34:2B:B2:B7:3D:56:10:AB:10:E8:79:3A:1D:E7:B6:5F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0f893b02-709b-4a20-ab74-f859a710b1be.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.128.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         b2:67:e6:83:1d:2d:ff:cc:74:7c:f6:89:78:6c:2d:6b:9a:50:
         0e:c2:ba:f7:4d:6c:fd:94:01:a6:94:bf:3a:c3:c6:32:e0:bc:
         bc:15:80:16:94:1c:d3:94:a9:e3:74:82:d7:e5:92:a4:68:f3:
         47:3c:07:ad:e3:c8:3b:dd:12:5a:14:6a:31:f4:e7:f0:47:4f:
         5f:2e:93:ee:ed:2b:18:72:12:4b:52:81:bf:1a:23:3b:88:b7:
         c3:20:69:47:9b:7c:bc:d0:75:fa:de:05:cd:b4:be:2c:3a:50:
         1a:cc:2a:09:98:cd:f2:c0:99:7a:71:3a:63:b9:7d:0d:b7:eb:
         9e:3e:8d:c5:70:c7:5e:53:a6:64:a2:27:33:03:5b:bc:21:70:
         b3:d1:ed:55:07:38:07:92:8f:d1:26:d0:41:d7:57:5d:91:93:
         83:2f:cd:03:a0:2f:d0:9e:32:c6:62:53:3c:e2:1b:bf:96:75:
         b2:ea:87:e6:54:43:8f:50:b6:ae:e0:64:a0:5c:10:fb:a7:6e:
         fd:7b:99:1a:1b:0c:3b:ee:80:5e:8d:70:f5:7d:f9:aa:fb:0f:
         4a:73:9a:ac:6d:07:b7:52:85:b5:bc:a9:ee:22:5f:52:a5:6f:
         81:7f:9c:3b:8e:4a:0a:1c:d0:2e:63:e5:ce:c2:8e:3a:14:78:
         b4:34:b5:a1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWIB8Heiyn1uhnj9LeSplGqC8sZIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI3MDAxMzA3WhcNMjUxMTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZDQxMzMzMzYzYjllYjdiNDFlYTA1MmFlMWUwNjlhNDVh
NGEyNDI5OTBiNTk3ZDQxMjQyNTM2ZWRkYTUzOGExMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCw1EqlCN8dVYVvpjN2ZY7FyzzfpUBoUNw+J7zfA2Pnbgcu
5CYjHbTagG8X01qVC3R397wGUm8bgCLsDQO/Npn4Fkxw1hIaYtCe9Y8NOErFMZtv
KmQFVDtlh0cK0u7Gyj7+vs4ZWhL9YnoPz76aXFaZEK/rmHk4Yvo3m8T1zUHrLO7+
qLuaKWBYAl9ztOKPXwesUaw1seFLDf2R/g23W4+WnnHOJ7BpsK5+/KJu8E6vHHcP
jahfCnnR6m6Pr3otWq/4W12GVInilPohIcbXRLQm/dS3GfNdxkvofI6bibR+eBsd
Bbe39RYqiOhXw1a7JCyyHzvtZzMGzfoC7LsRTGpzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU4a5PHzQrsrc9VhCrEOh5Oh3ntl8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBmODkzYjAyLTcwOWItNGEyMC1hYjc0LWY4NTlhNzEwYjFiZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAYjgEAwDQYJKoZIhvcNAQELBQADggEBALJn5oMdLf/MdHz2iXhsLWuaUA7C
uvdNbP2UAaaUvzrDxjLgvLwVgBaUHNOUqeN0gtflkqRo80c8B63jyDvdEloUajH0
5/BHT18uk+7tKxhyEktSgb8aIzuIt8MgaUebfLzQdfreBc20viw6UBrMKgmYzfLA
mXpxOmO5fQ23654+jcVwx15TpmSiJzMDW7whcLPR7VUHOAeSj9Em0EHXV12Rk4Mv
zQOgL9CeMsZiUzziG7+WdbLqh+ZUQ49Qtq7gZKBcEPunbv17mRobDDvugF6NcPV9
+ar7D0pzmqxtB7dShbW8qe4iX1Klb4F/nDuOSgoc0C5j5c7CjjoUeLQ0taE=
-----END CERTIFICATE-----