Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1799e86e-9c98-417a-9878-d7c2ab84b1a9.roa
File:                     1799e86e-9c98-417a-9878-d7c2ab84b1a9.roa (raw, json)
Hash identifier:          2OM6XbEyYcNrfIj8BNgVhxjAcaSiWoCzVlIqSVyEemU=
Subject key identifier:   23:80:1E:93:17:3F:AD:91:92:4F:4A:0B:09:08:CD:B1:0E:35:2A:CD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6ECEB3193FF9FB3EF5F1BFAA92315D7EE14DED97
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1799e86e-9c98-417a-9878-d7c2ab84b1a9.roa
Signing time:             Wed 01 Oct 2025 00:38:51 +0000
ROA not before:           Wed 01 Oct 2025 00:38:51 +0000
ROA not after:            Wed 05 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.35.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:ce:b3:19:3f:f9:fb:3e:f5:f1:bf:aa:92:31:5d:7e:e1:4d:ed:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  1 00:38:51 2025 GMT
            Not After : Nov  5 23:59:59 2025 GMT
        Subject: serialNumber=f8a913414403d819e6e71014a87a46fc5e1d11182e09a052ab4743fa8e093e84, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:f0:82:f5:22:ca:38:aa:8e:a0:48:a4:fb:38:
                    77:84:dd:3b:cd:20:70:91:24:09:3b:a2:7a:03:6f:
                    51:e5:d8:09:58:d8:76:80:6a:0e:63:23:50:b7:bd:
                    92:19:e7:ad:94:5d:41:b4:2a:16:93:c9:f6:11:da:
                    f4:a4:4a:46:98:72:fc:e6:54:1d:3d:77:30:a0:8f:
                    dc:e0:5d:31:3d:ed:33:aa:2a:b0:4c:2b:94:3f:ec:
                    9b:3d:92:b7:58:5f:88:87:13:66:be:c8:05:e3:87:
                    b0:2a:a0:6b:b4:c0:8d:bc:3f:7e:25:c2:5a:03:91:
                    87:d2:0d:3b:80:8e:ad:3c:52:05:b4:22:c2:f6:33:
                    44:59:9e:fd:8c:25:c1:e0:e7:56:ce:06:da:79:7c:
                    bf:cb:10:cf:1d:00:15:87:c5:e0:27:a2:40:1a:50:
                    68:b4:c4:91:e1:7e:a8:f3:c5:77:1f:dc:9d:ae:5f:
                    af:2b:60:c8:b9:06:8f:3a:f0:18:35:1f:7a:7e:d3:
                    85:ab:26:5d:01:76:2d:ba:59:5d:00:7a:3c:26:a8:
                    f2:73:00:8f:03:f3:d0:48:1b:24:d9:70:41:10:12:
                    8b:ed:7a:c2:97:30:ae:04:7c:c1:b8:58:09:f8:fc:
                    35:93:20:5e:8b:03:0d:c3:26:9a:01:b6:62:1b:a4:
                    20:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:80:1E:93:17:3F:AD:91:92:4F:4A:0B:09:08:CD:B1:0E:35:2A:CD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1799e86e-9c98-417a-9878-d7c2ab84b1a9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.35.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         d3:1f:e4:ce:81:62:3f:56:5b:cd:50:ef:62:52:44:83:e9:22:
         a3:ce:4b:39:7e:f9:cc:15:7d:38:f7:11:66:5e:50:91:e7:ad:
         f8:a6:b4:29:7e:8c:da:fb:11:1d:6e:7d:8e:c6:0e:dc:ab:da:
         e2:aa:77:20:9f:6b:5c:29:fe:cd:79:87:b8:30:82:5b:5e:3a:
         8d:16:d9:df:56:e7:e9:f8:15:6f:fe:a2:2d:5c:df:a9:bd:35:
         ba:c5:2a:27:8b:af:98:fa:19:a4:bb:e4:c4:f4:e7:9a:f8:54:
         9a:3d:dc:50:be:3a:2d:b4:f2:fc:88:6c:de:00:31:b4:18:58:
         2a:55:c0:49:6f:c7:43:64:09:4e:5e:34:e6:21:77:a6:87:cf:
         d9:f8:cf:e6:88:6c:e2:a9:99:c3:0c:a5:a8:eb:d9:21:b1:a3:
         d9:75:4d:c4:a9:5c:a8:ca:cc:76:48:a3:77:99:96:93:41:ce:
         79:e7:81:1f:7c:3a:64:be:88:3e:ee:12:cd:a5:b4:bb:99:7a:
         fc:19:89:5b:87:5f:c0:cb:91:3d:cd:32:00:fa:e8:70:d8:2e:
         77:7a:a7:a6:d1:e9:6a:b2:77:79:7b:55:70:1c:35:21:c4:fe:
         c3:01:32:06:ac:90:18:74:b3:ce:cf:36:18:96:f0:84:b9:e2:
         3d:b7:48:56
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUbs6zGT/5+z718b+qkjFdfuFN7ZcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAxMDAzODUxWhcNMjUxMTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BmOGE5MTM0MTQ0MDNkODE5ZTZlNzEwMTRhODdhNDZmYzVl
MWQxMTE4MmUwOWEwNTJhYjQ3NDNmYThlMDkzZTg0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC48IL1Iso4qo6gSKT7OHeE3TvNIHCRJAk7onoDb1Hl2AlY
2HaAag5jI1C3vZIZ562UXUG0KhaTyfYR2vSkSkaYcvzmVB09dzCgj9zgXTE97TOq
KrBMK5Q/7Js9krdYX4iHE2a+yAXjh7AqoGu0wI28P34lwloDkYfSDTuAjq08UgW0
IsL2M0RZnv2MJcHg51bOBtp5fL/LEM8dABWHxeAnokAaUGi0xJHhfqjzxXcf3J2u
X68rYMi5Bo868Bg1H3p+04WrJl0Bdi26WV0AejwmqPJzAI8D89BIGyTZcEEQEovt
esKXMK4EfMG4WAn4/DWTIF6LAw3DJpoBtmIbpCDtAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUI4Aekxc/rZGST0oLCQjNsQ41Ks0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzE3OTllODZlLTljOTgtNDE3YS05ODc4LWQ3YzJhYjg0YjFhOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA2IzANBgkqhkiG9w0BAQsFAAOCAQEA0x/kzoFiP1ZbzVDvYlJEg+kio85L
OX75zBV9OPcRZl5Qkeet+Ka0KX6M2vsRHW59jsYO3Kva4qp3IJ9rXCn+zXmHuDCC
W146jRbZ31bn6fgVb/6iLVzfqb01usUqJ4uvmPoZpLvkxPTnmvhUmj3cUL46LbTy
/Ihs3gAxtBhYKlXASW/HQ2QJTl405iF3pofP2fjP5ohs4qmZwwylqOvZIbGj2XVN
xKlcqMrMdkijd5mWk0HOeeeBH3w6ZL6IPu4SzaW0u5l6/BmJW4dfwMuRPc0yAPro
cNgud3qnptHparJ3eXtVcBw1IcT+wwEyBqyQGHSzzs82GJbwhLniPbdIVg==
-----END CERTIFICATE-----