Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6a23c679-6872-4f52-ace3-b8c4e3fbc8c4.roa
File:                     6a23c679-6872-4f52-ace3-b8c4e3fbc8c4.roa (raw, json)
Hash identifier:          Cd1tT1mjZ8nOidsaTu6ZqAAW6/ALsPDT87JTY1bHoVk=
Subject key identifier:   02:37:3E:1D:10:58:AB:68:12:CD:83:1E:9C:FE:FD:70:C8:E4:60:36
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5CABF21056D98BE2F09DF1A8131F648F0C516936
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6a23c679-6872-4f52-ace3-b8c4e3fbc8c4.roa
Signing time:             Tue 07 Oct 2025 00:52:33 +0000
ROA not before:           Tue 07 Oct 2025 00:52:33 +0000
ROA not after:            Tue 11 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        50.19.0.0/18 maxlen: 18
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:ab:f2:10:56:d9:8b:e2:f0:9d:f1:a8:13:1f:64:8f:0c:51:69:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  7 00:52:33 2025 GMT
            Not After : Nov 11 23:59:59 2025 GMT
        Subject: serialNumber=944935a76c7483be5352494dc319484780ba28ca710b13d1ac95091595e26796, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:04:c9:07:5f:32:36:b9:72:4c:93:02:f8:21:
                    aa:13:36:bf:65:46:f8:19:63:16:f8:02:6a:fb:a5:
                    38:f2:8a:9e:22:0e:56:1b:d9:d0:04:9e:c7:8a:40:
                    eb:16:15:b2:85:9e:6c:67:4b:36:96:34:75:83:91:
                    da:89:33:1c:80:ed:fa:9f:88:72:cb:c7:bc:16:54:
                    ce:ab:d6:48:33:ad:56:3b:ca:af:e2:7c:0f:19:09:
                    80:ae:7c:ce:fa:45:fa:51:d3:c6:b6:f3:57:b3:38:
                    9d:50:5f:ec:1e:3d:37:05:c3:01:8e:7d:61:e3:19:
                    d1:d2:fd:39:07:3c:64:e1:ad:0b:7b:b9:28:fc:da:
                    96:7f:a9:d6:2a:e7:83:71:74:72:3b:50:60:80:8e:
                    8d:ff:27:95:c7:60:c8:a9:b2:c7:14:d8:0d:f8:fc:
                    3e:48:d8:c2:62:66:eb:0f:47:21:dc:a0:f5:70:03:
                    c4:59:c9:c3:c7:aa:4c:e6:74:1a:91:9d:fd:e9:0d:
                    3e:39:6a:85:9b:2a:3a:a3:87:21:06:d9:2f:2e:4d:
                    5f:92:f1:94:6d:9b:b7:c6:a3:d8:23:62:fa:2a:a8:
                    a1:29:06:3a:31:9d:89:f6:ea:3c:11:cf:21:21:91:
                    7e:ad:85:6c:7b:10:49:45:c2:1b:54:78:13:1b:40:
                    62:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:37:3E:1D:10:58:AB:68:12:CD:83:1E:9C:FE:FD:70:C8:E4:60:36
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6a23c679-6872-4f52-ace3-b8c4e3fbc8c4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  50.19.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         ad:a1:48:ed:01:6f:02:53:c0:4e:09:c1:28:84:2e:ac:af:81:
         43:0f:12:bb:63:73:17:72:18:6f:e0:96:46:e3:d4:37:8d:e7:
         62:ae:c7:dd:c9:18:4f:cc:34:05:ff:40:ef:92:1e:a2:a1:02:
         be:87:34:fa:53:8c:e2:61:98:26:db:b6:a1:ed:73:90:be:17:
         42:dc:c0:2c:bd:1e:1d:15:a6:90:15:a0:ea:0a:df:f1:9e:43:
         ac:6e:1b:d0:78:58:35:4f:c9:a0:e4:d2:7c:39:bf:0d:00:73:
         7e:a7:6e:1b:2b:14:3c:aa:e6:62:a9:e0:e7:1f:9b:d8:3e:f0:
         00:f4:15:de:26:f8:27:78:99:b0:41:a8:b5:f9:9c:22:06:99:
         05:1b:1b:01:bc:6e:c6:18:58:0f:3a:c3:e1:90:a3:36:f5:9c:
         26:58:8f:1a:0f:db:9f:f4:39:c8:3f:23:05:10:76:09:d4:47:
         20:7e:1e:6e:c1:8e:b7:0c:fb:38:9d:79:6c:17:c9:60:36:2a:
         bd:73:75:54:3e:78:ed:e0:69:48:5f:97:38:6c:25:67:fb:75:
         e8:df:d8:a8:56:0e:86:43:43:24:db:58:f4:ec:ca:40:a0:5e:
         66:53:31:ee:41:0f:f9:e3:95:43:8a:8d:9b:83:a9:40:97:71:
         04:0c:d5:a7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXKvyEFbZi+LwnfGoEx9kjwxRaTYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA3MDA1MjMzWhcNMjUxMTExMjM1OTU5
WjB6MUkwRwYDVQQFE0A5NDQ5MzVhNzZjNzQ4M2JlNTM1MjQ5NGRjMzE5NDg0Nzgw
YmEyOGNhNzEwYjEzZDFhYzk1MDkxNTk1ZTI2Nzk2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCfBMkHXzI2uXJMkwL4IaoTNr9lRvgZYxb4Amr7pTjyip4i
DlYb2dAEnseKQOsWFbKFnmxnSzaWNHWDkdqJMxyA7fqfiHLLx7wWVM6r1kgzrVY7
yq/ifA8ZCYCufM76RfpR08a281ezOJ1QX+wePTcFwwGOfWHjGdHS/TkHPGThrQt7
uSj82pZ/qdYq54NxdHI7UGCAjo3/J5XHYMipsscU2A34/D5I2MJiZusPRyHcoPVw
A8RZycPHqkzmdBqRnf3pDT45aoWbKjqjhyEG2S8uTV+S8ZRtm7fGo9gjYvoqqKEp
BjoxnYn26jwRzyEhkX6thWx7EElFwhtUeBMbQGJ3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUAjc+HRBYq2gSzYMenP79cMjkYDYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzZhMjNjNjc5LTY4NzItNGY1Mi1hY2UzLWI4YzRlM2ZiYzhjNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAYyEwAwDQYJKoZIhvcNAQELBQADggEBAK2hSO0BbwJTwE4JwSiELqyvgUMP
ErtjcxdyGG/glkbj1DeN52Kux93JGE/MNAX/QO+SHqKhAr6HNPpTjOJhmCbbtqHt
c5C+F0LcwCy9Hh0VppAVoOoK3/GeQ6xuG9B4WDVPyaDk0nw5vw0Ac36nbhsrFDyq
5mKp4Ocfm9g+8AD0Fd4m+Cd4mbBBqLX5nCIGmQUbGwG8bsYYWA86w+GQozb1nCZY
jxoP25/0Ocg/IwUQdgnURyB+Hm7BjrcM+zideWwXyWA2Kr1zdVQ+eO3gaUhflzhs
JWf7dejf2KhWDoZDQyTbWPTsykCgXmZTMe5BD/njlUOKjZuDqUCXcQQM1ac=
-----END CERTIFICATE-----