Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/20d56c29-44f9-4015-979b-dd89b950aca6.roa
File:                     20d56c29-44f9-4015-979b-dd89b950aca6.roa (raw, json)
Hash identifier:          JqNjrw4mPhpJjbf4MGFwoweZjL2aQfbos3xLf5X7gyo=
Subject key identifier:   73:F2:CA:28:9A:7D:EB:27:33:BD:2C:DA:D1:9C:4C:41:FD:A4:82:1F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5F8142DAED7366D3DE33A1792BFAAFFF5E5F2132
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/20d56c29-44f9-4015-979b-dd89b950aca6.roa
Signing time:             Mon 06 Oct 2025 16:11:54 +0000
ROA not before:           Mon 06 Oct 2025 16:11:54 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        37.203.178.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:81:42:da:ed:73:66:d3:de:33:a1:79:2b:fa:af:ff:5e:5f:21:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  6 16:11:54 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=a0bb36eff52753614357889a27c9772f2c7cd0eac991d709c7de110cc5768102, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:d3:35:7f:56:b7:1f:fa:8e:70:83:45:76:00:
                    f7:80:ea:63:52:d5:b6:eb:98:d4:ce:65:fd:e1:8a:
                    5d:58:68:1a:80:47:19:6b:25:aa:a8:5d:75:c7:38:
                    97:16:e6:9e:0c:c7:ec:28:5e:ea:17:cd:76:ff:48:
                    ec:b2:ca:25:24:3d:c2:2d:bb:87:0b:94:e2:4b:2d:
                    70:8b:cc:20:6f:b0:64:fc:8d:7b:9a:61:53:1f:98:
                    ed:2d:55:22:7d:db:b6:fc:3a:64:b4:5b:50:6e:3f:
                    5a:96:e8:67:4c:07:88:a9:9a:aa:2c:61:d8:75:9d:
                    35:83:b9:59:8a:b9:22:01:0a:3b:71:f7:d5:c0:6c:
                    b9:ae:3d:0b:7b:10:62:67:f4:ef:b5:0f:7c:01:d6:
                    c8:cb:fa:83:a6:7e:72:ef:8e:42:15:e0:bc:27:37:
                    88:e5:42:ad:91:6c:b5:32:0e:19:b5:c6:19:92:0b:
                    3a:71:19:a1:f8:08:1a:eb:e6:1d:4d:4e:e8:49:8e:
                    30:1b:3a:bb:eb:de:c6:6f:52:e9:e2:55:ba:d1:5f:
                    3f:1c:24:f3:e4:1d:32:15:6a:85:0f:11:20:8c:f8:
                    ef:28:fb:e2:5e:fb:32:dd:91:b6:05:90:ae:5a:cf:
                    2a:64:e5:21:cb:3a:d6:ab:f3:42:3a:63:99:97:41:
                    a0:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:F2:CA:28:9A:7D:EB:27:33:BD:2C:DA:D1:9C:4C:41:FD:A4:82:1F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/20d56c29-44f9-4015-979b-dd89b950aca6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.203.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:04:b1:f0:b4:33:b5:a0:41:3b:fd:47:d2:ca:6b:28:be:cb:
         2a:5f:4f:d4:74:61:a6:76:fd:6b:9e:eb:1a:d7:d2:a3:c8:87:
         ef:4a:1a:f7:93:a2:62:fd:c6:b0:68:8e:6d:fc:7b:a2:83:78:
         18:53:e1:da:d0:66:be:c2:3a:60:f4:54:12:61:1b:ed:7f:a8:
         c9:a9:29:b3:56:b4:6d:3c:48:e5:1e:c6:a0:b6:22:c4:59:39:
         e3:ae:3c:0a:ef:95:6a:aa:31:35:09:54:f2:88:3b:f1:73:63:
         8b:6d:d9:f3:e8:a1:9a:11:7f:54:86:ef:2e:5b:e5:e0:95:0f:
         8b:34:9a:b3:0a:4d:f2:80:9d:e6:7b:8e:50:28:97:aa:55:4f:
         ed:93:f7:27:eb:27:90:23:50:17:ef:3a:f1:de:cc:76:96:4e:
         a1:b5:b0:bf:e8:f8:e7:e4:26:c2:49:d5:ee:2c:d4:93:cc:9c:
         a5:c9:5d:0d:02:25:f2:fa:ea:2d:09:4f:59:6f:14:5d:7d:81:
         4e:d2:7d:9d:19:d7:e8:7c:fe:5f:2f:6d:fc:30:7e:19:32:e7:
         e5:97:85:a2:09:92:a9:13:76:7a:38:24:f3:c1:67:ed:37:f4:
         ab:23:1e:34:b8:c4:a3:4b:db:81:57:36:d2:e5:94:e3:5c:08:
         e4:09:68:f7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUX4FC2u1zZtPeM6F5K/qv/15fITIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA2MTYxMTU0WhcNMjUxMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BhMGJiMzZlZmY1Mjc1MzYxNDM1Nzg4OWEyN2M5NzcyZjJj
N2NkMGVhYzk5MWQ3MDljN2RlMTEwY2M1NzY4MTAyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCI0zV/Vrcf+o5wg0V2APeA6mNS1bbrmNTOZf3hil1YaBqA
RxlrJaqoXXXHOJcW5p4Mx+woXuoXzXb/SOyyyiUkPcItu4cLlOJLLXCLzCBvsGT8
jXuaYVMfmO0tVSJ927b8OmS0W1BuP1qW6GdMB4ipmqosYdh1nTWDuVmKuSIBCjtx
99XAbLmuPQt7EGJn9O+1D3wB1sjL+oOmfnLvjkIV4LwnN4jlQq2RbLUyDhm1xhmS
CzpxGaH4CBrr5h1NTuhJjjAbOrvr3sZvUuniVbrRXz8cJPPkHTIVaoUPESCM+O8o
++Je+zLdkbYFkK5azypk5SHLOtar80I6Y5mXQaCjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUc/LKKJp96yczvSza0ZxMQf2kgh8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzIwZDU2YzI5LTQ0ZjktNDAxNS05NzliLWRkODliOTUwYWNhNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAly7IwDQYJKoZIhvcNAQELBQADggEBAF4EsfC0M7WgQTv9R9LKayi+yypf
T9R0YaZ2/Wue6xrX0qPIh+9KGveTomL9xrBojm38e6KDeBhT4drQZr7COmD0VBJh
G+1/qMmpKbNWtG08SOUexqC2IsRZOeOuPArvlWqqMTUJVPKIO/FzY4tt2fPooZoR
f1SG7y5b5eCVD4s0mrMKTfKAneZ7jlAol6pVT+2T9yfrJ5AjUBfvOvHezHaWTqG1
sL/o+OfkJsJJ1e4s1JPMnKXJXQ0CJfL66i0JT1lvFF19gU7SfZ0Z1+h8/l8vbfww
fhky5+WXhaIJkqkTdno4JPPBZ+039KsjHjS4xKNL24FXNtLllONcCOQJaPc=
-----END CERTIFICATE-----