Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3c893add-e673-41f7-a5af-eab08c7d7852.roa
File:                     3c893add-e673-41f7-a5af-eab08c7d7852.roa (raw, json)
Hash identifier:          XgTFVG82IXtjkfU2mKMvXgDhSPBsIodNCzZfK6yJ8qc=
Subject key identifier:   EF:56:3E:39:E0:AE:6C:A1:83:A9:CD:EB:86:46:37:97:6B:B7:F0:57
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4C16D2F392D1918FEC9E1C8B5F7E203B6F9F3CF3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3c893add-e673-41f7-a5af-eab08c7d7852.roa
Signing time:             Sat 27 Sep 2025 00:13:18 +0000
ROA not before:           Sat 27 Sep 2025 00:13:18 +0000
ROA not after:            Sat 01 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.30.0.0/15 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:16:d2:f3:92:d1:91:8f:ec:9e:1c:8b:5f:7e:20:3b:6f:9f:3c:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 27 00:13:18 2025 GMT
            Not After : Nov  1 23:59:59 2025 GMT
        Subject: serialNumber=f16f0b39ee28634dc7e7ec08e634bd3494e69b9fcc3f6fbe37ad3a36ffc98369, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:e2:31:19:0b:91:6d:b2:25:7a:29:6f:22:71:
                    b2:13:12:7a:bc:d4:2d:71:6d:55:bd:00:63:d1:bf:
                    fb:08:eb:53:9f:b9:aa:aa:10:d9:89:be:b1:5a:4f:
                    84:0e:b5:31:11:cf:d6:eb:83:71:87:64:6c:61:3f:
                    2a:4b:32:cf:fc:dc:34:92:2d:de:46:61:64:5d:08:
                    c9:1a:bd:ac:9b:be:93:e7:7d:8c:4a:39:79:37:d8:
                    ab:7c:6e:c7:2c:ac:41:02:c0:62:21:72:40:24:b2:
                    7a:1f:d4:bb:f4:4a:b5:76:65:6f:a0:c0:0c:6b:93:
                    a6:68:30:b7:63:97:b3:67:9e:d4:35:f6:0c:e4:b3:
                    39:6c:9c:27:7e:10:98:3c:14:1e:df:50:bc:9e:fc:
                    3f:f8:3a:9e:d3:ef:a1:b1:7b:ac:2f:1d:ed:6d:9f:
                    61:fb:a7:8f:d0:98:e0:65:70:67:92:6e:0d:7e:47:
                    77:06:0e:a6:40:65:2e:13:0e:ee:60:49:27:ab:05:
                    fc:32:e7:05:fd:5a:8e:f3:80:53:25:f7:42:79:fd:
                    ad:33:1c:8b:e4:3e:a6:2a:bb:a0:ef:0e:1a:75:ba:
                    62:4c:a0:7e:50:37:c3:53:9a:25:01:6d:7f:d9:c5:
                    14:8a:76:ae:d2:3e:69:d3:98:c6:4c:43:c6:01:4f:
                    f7:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:56:3E:39:E0:AE:6C:A1:83:A9:CD:EB:86:46:37:97:6B:B7:F0:57
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3c893add-e673-41f7-a5af-eab08c7d7852.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.30.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         4a:1b:66:34:0b:f8:3f:25:f9:ab:54:21:94:9c:b8:2a:33:ac:
         6c:51:c2:50:aa:ba:ee:a4:16:b6:d9:33:da:6a:28:3e:57:57:
         e2:99:43:be:bd:5c:ae:ae:c8:3c:22:43:9f:3a:0c:07:51:43:
         50:b1:4b:d9:3f:ea:21:c9:2d:95:60:94:53:6f:85:52:8d:cd:
         6a:60:70:10:72:f9:b6:72:3a:4c:bb:50:3a:c8:dd:0a:ab:d9:
         9c:30:b8:ad:17:46:52:c6:c3:8f:b5:bc:4f:f1:a8:6d:5e:e2:
         b0:f1:48:9d:60:2f:91:f8:05:d1:29:ad:73:e7:f7:8f:06:98:
         00:df:8f:74:0b:cf:1b:fe:7f:5a:42:09:92:d8:f7:5e:ae:10:
         69:88:0d:52:e0:ca:6f:8e:f3:d6:1d:6b:78:a3:ec:1c:54:e5:
         5c:71:2e:03:8b:ca:e1:f0:ff:62:8a:71:63:39:a7:88:e0:74:
         a5:67:3c:55:08:e9:5d:32:b0:a2:25:86:d1:d2:5c:5d:1f:54:
         e2:e5:32:ec:a2:c5:1a:ee:18:d4:05:b2:ba:77:ab:6a:f8:74:
         55:9a:a8:47:7c:08:00:6d:8b:1c:23:53:29:a6:02:96:18:78:
         89:da:c6:62:b4:ec:44:23:a2:bc:94:1b:b2:71:9e:07:ed:08:
         35:33:34:8c
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUTBbS85LRkY/snhyLX34gO2+fPPMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI3MDAxMzE4WhcNMjUxMTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0BmMTZmMGIzOWVlMjg2MzRkYzdlN2VjMDhlNjM0YmQzNDk0
ZTY5YjlmY2MzZjZmYmUzN2FkM2EzNmZmYzk4MzY5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD04jEZC5FtsiV6KW8icbITEnq81C1xbVW9AGPRv/sI61Of
uaqqENmJvrFaT4QOtTERz9brg3GHZGxhPypLMs/83DSSLd5GYWRdCMkavaybvpPn
fYxKOXk32Kt8bscsrEECwGIhckAksnof1Lv0SrV2ZW+gwAxrk6ZoMLdjl7NnntQ1
9gzkszlsnCd+EJg8FB7fULye/D/4Op7T76Gxe6wvHe1tn2H7p4/QmOBlcGeSbg1+
R3cGDqZAZS4TDu5gSSerBfwy5wX9Wo7zgFMl90J5/a0zHIvkPqYqu6DvDhp1umJM
oH5QN8NTmiUBbX/ZxRSKdq7SPmnTmMZMQ8YBT/ebAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU71Y+OeCubKGDqc3rhkY3l2u38FcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNjODkzYWRkLWU2NzMtNDFmNy1hNWFmLWVhYjA4YzdkNzg1Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwEjHjANBgkqhkiG9w0BAQsFAAOCAQEAShtmNAv4PyX5q1QhlJy4KjOsbFHC
UKq67qQWttkz2mooPldX4plDvr1crq7IPCJDnzoMB1FDULFL2T/qIcktlWCUU2+F
Uo3NamBwEHL5tnI6TLtQOsjdCqvZnDC4rRdGUsbDj7W8T/GobV7isPFInWAvkfgF
0Smtc+f3jwaYAN+PdAvPG/5/WkIJktj3Xq4QaYgNUuDKb47z1h1reKPsHFTlXHEu
A4vK4fD/YopxYzmniOB0pWc8VQjpXTKwoiWG0dJcXR9U4uUy7KLFGu4Y1AWyuner
avh0VZqoR3wIAG2LHCNTKaYClhh4idrGYrTsRCOivJQbsnGeB+0INTM0jA==
-----END CERTIFICATE-----