Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/593de0b1-b07b-4d5a-8e80-eec3224dc436.roa
File:                     593de0b1-b07b-4d5a-8e80-eec3224dc436.roa (raw, json)
Hash identifier:          92dj2KEWMu8fHyf0ba4dp8GQ4Icxmj/vNpxTlzveKkI=
Subject key identifier:   E7:B3:41:86:8F:C6:E8:B8:37:4A:A8:A0:7A:64:9B:C4:56:A6:80:DD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       103C264073A995DC47AEA43EC8A1FBE5D6796E29
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/593de0b1-b07b-4d5a-8e80-eec3224dc436.roa
Signing time:             Fri 10 Oct 2025 00:01:12 +0000
ROA not before:           Fri 10 Oct 2025 00:01:12 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        114.56.128.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:3c:26:40:73:a9:95:dc:47:ae:a4:3e:c8:a1:fb:e5:d6:79:6e:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 10 00:01:12 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=359d9d9988e3d0a9978d3ada4dbde8375b8263c213619262d5a2ed8c17d0d4ce, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:33:f0:1f:54:f4:9e:a6:d3:d7:11:a8:1c:f6:
                    9b:75:3b:97:c5:50:5e:fe:98:5e:16:e4:d2:c8:84:
                    7f:06:cb:09:c3:39:18:35:dc:57:37:08:2b:b0:15:
                    e3:ed:b2:21:07:f3:1e:92:d6:be:67:b1:f4:63:e3:
                    6e:e3:9c:2c:4d:81:69:ce:df:4f:60:1b:72:25:d9:
                    cf:e2:87:45:af:92:37:bd:f6:d6:b6:04:78:c3:da:
                    f5:33:ce:41:bf:a7:12:c4:9e:f7:e0:25:76:79:52:
                    7a:b5:f0:6e:04:99:28:17:6f:05:f2:92:83:2f:ad:
                    25:40:eb:73:26:dd:6f:6b:8c:95:e0:33:8d:59:b3:
                    61:fc:1a:b2:71:65:4e:87:7c:09:87:e6:ce:ee:c1:
                    c2:b8:0a:80:06:35:67:a5:86:ac:1c:bc:e1:dd:96:
                    b3:33:21:38:cc:b5:64:b0:60:23:e6:11:ce:17:13:
                    4b:49:28:31:90:fb:a3:d9:a1:1e:5e:65:15:a4:18:
                    bf:e0:59:61:e4:97:be:f5:53:73:8b:47:45:c5:97:
                    75:dc:0e:f0:54:26:1d:a9:0f:73:c1:71:5d:84:cc:
                    cb:9d:bc:66:96:4a:6a:f4:35:b9:1b:71:c3:ad:f9:
                    d6:04:ff:6c:2a:44:11:0d:91:07:be:d8:a8:d6:fd:
                    40:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:B3:41:86:8F:C6:E8:B8:37:4A:A8:A0:7A:64:9B:C4:56:A6:80:DD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/593de0b1-b07b-4d5a-8e80-eec3224dc436.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  114.56.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:db:14:3f:41:98:8a:e4:01:5b:be:1e:e5:b9:bb:41:69:f8:
         87:9a:5a:56:a5:89:9e:10:16:c9:07:26:1a:6f:3c:80:02:07:
         9a:1b:4a:8f:34:23:25:55:77:e0:c4:e9:b5:9f:1a:88:aa:f3:
         cd:94:85:7c:2b:68:ec:db:a4:90:be:12:a5:79:8d:7e:53:30:
         e0:b5:9a:e3:1f:6b:47:84:c3:15:3c:08:5b:1f:37:2d:97:ef:
         e1:e5:b8:3a:29:cf:ac:15:92:68:8e:b9:68:1c:4a:b9:59:1d:
         9e:fc:85:c8:94:ef:8b:11:30:6f:8d:af:63:63:47:f7:07:84:
         e8:a8:c6:78:f5:e7:40:86:a1:12:0a:85:c5:b9:70:b9:91:99:
         64:f8:a1:2e:f6:6f:3f:17:c4:9e:8c:02:d1:74:4a:b7:67:b1:
         57:26:aa:14:a4:20:1e:ba:ac:cd:53:92:f5:27:27:46:2d:52:
         0f:a7:d4:a0:b1:2b:ef:21:3e:fd:f1:14:c7:ec:f3:bf:f4:f9:
         16:93:97:00:b7:87:bb:45:58:b2:28:dd:8c:6f:1b:65:1a:4d:
         96:b2:cf:86:8e:7c:95:ec:f6:dd:d1:e6:91:51:4f:ed:21:76:
         d6:dc:4a:b8:a9:c8:e6:a8:a5:36:70:2a:0c:11:58:13:80:a3:
         71:eb:d0:f8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEDwmQHOpldxHrqQ+yKH75dZ5bikwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDEwMDAwMTEyWhcNMjUxMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0AzNTlkOWQ5OTg4ZTNkMGE5OTc4ZDNhZGE0ZGJkZTgzNzVi
ODI2M2MyMTM2MTkyNjJkNWEyZWQ4YzE3ZDBkNGNlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCTM/AfVPSeptPXEagc9pt1O5fFUF7+mF4W5NLIhH8GywnD
ORg13Fc3CCuwFePtsiEH8x6S1r5nsfRj427jnCxNgWnO309gG3Il2c/ih0Wvkje9
9ta2BHjD2vUzzkG/pxLEnvfgJXZ5Unq18G4EmSgXbwXykoMvrSVA63Mm3W9rjJXg
M41Zs2H8GrJxZU6HfAmH5s7uwcK4CoAGNWelhqwcvOHdlrMzITjMtWSwYCPmEc4X
E0tJKDGQ+6PZoR5eZRWkGL/gWWHkl771U3OLR0XFl3XcDvBUJh2pD3PBcV2EzMud
vGaWSmr0NbkbccOt+dYE/2wqRBENkQe+2KjW/UCfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU57NBho/G6Lg3SqigemSbxFamgN0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU5M2RlMGIxLWIwN2ItNGQ1YS04ZTgwLWVlYzMyMjRkYzQzNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAByOIAwDQYJKoZIhvcNAQELBQADggEBAEDbFD9BmIrkAVu+HuW5u0Fp+Iea
WlaliZ4QFskHJhpvPIACB5obSo80IyVVd+DE6bWfGoiq882UhXwraOzbpJC+EqV5
jX5TMOC1muMfa0eEwxU8CFsfNy2X7+HluDopz6wVkmiOuWgcSrlZHZ78hciU74sR
MG+Nr2NjR/cHhOioxnj150CGoRIKhcW5cLmRmWT4oS72bz8XxJ6MAtF0SrdnsVcm
qhSkIB66rM1TkvUnJ0YtUg+n1KCxK+8hPv3xFMfs87/0+RaTlwC3h7tFWLIo3Yxv
G2UaTZayz4aOfJXs9t3R5pFRT+0hdtbcSripyOaopTZwKgwRWBOAo3Hr0Pg=
-----END CERTIFICATE-----