Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/86b98b69-7f66-4d9f-8e71-de57834cc877.roa
File:                     86b98b69-7f66-4d9f-8e71-de57834cc877.roa (raw, json)
Hash identifier:          ey9uHEnRTf75m+N7GuC9CULT0St146qBksNKEtjgNO0=
Subject key identifier:   95:BF:B4:99:4A:7B:1C:48:A6:C7:B2:B1:29:B3:44:B1:18:22:17:CF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       68701D320F185CEF07D9B763CD4005BEED0AD4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/86b98b69-7f66-4d9f-8e71-de57834cc877.roa
Signing time:             Fri 03 Oct 2025 00:40:58 +0000
ROA not before:           Fri 03 Oct 2025 00:40:58 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.252.87.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:70:1d:32:0f:18:5c:ef:07:d9:b7:63:cd:40:05:be:ed:0a:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 00:40:58 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=3ec723022e97d1d3d94916d61da0fbcd365fddf03f372e20b1607647ab2e6f9c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:6c:7f:52:8a:46:31:89:8a:1c:cf:25:90:d7:
                    a0:4a:b1:0a:fe:c4:dd:ee:36:f2:5a:4a:3b:73:d1:
                    d2:6f:60:2d:5d:ae:f3:93:ab:d6:36:03:7d:db:49:
                    a3:6b:96:07:02:43:3b:44:20:12:bf:92:6b:00:33:
                    ff:1e:a4:dc:55:7a:08:c4:2a:0a:53:a3:ca:f0:18:
                    53:72:57:bb:d6:42:2b:69:36:38:25:1b:c6:40:eb:
                    58:c5:51:6a:29:b9:0a:aa:fd:9b:6f:96:53:87:a3:
                    b9:7c:77:22:62:0d:cf:70:ad:ee:d9:85:c5:91:20:
                    3e:96:9c:1c:d2:a4:df:66:dc:27:36:b2:02:e5:80:
                    4c:36:e0:fd:3d:00:13:ce:39:dd:4b:b8:fa:29:e6:
                    76:25:6f:90:b0:6a:12:4e:1c:af:57:d1:77:41:53:
                    c5:be:13:96:dc:0b:26:9e:92:1d:97:20:dc:48:b3:
                    3e:21:94:f5:87:18:c8:f1:95:74:5c:f7:7f:ff:54:
                    8a:71:fc:9f:a6:23:0b:58:16:80:5e:40:27:75:de:
                    4f:42:08:61:b7:28:95:c2:15:60:28:3c:a7:2b:d6:
                    85:cb:8f:d5:7f:4d:25:c6:d5:e4:68:f3:60:46:53:
                    d5:c1:a9:e9:f9:39:50:de:d5:c3:7d:54:bb:20:01:
                    e0:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:BF:B4:99:4A:7B:1C:48:A6:C7:B2:B1:29:B3:44:B1:18:22:17:CF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/86b98b69-7f66-4d9f-8e71-de57834cc877.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.252.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d6:88:a2:53:8d:f5:8d:d5:f4:3e:21:66:d4:f1:52:4e:78:09:
         9f:85:bf:fe:4e:9f:f8:dc:92:94:43:2e:bd:6a:f2:7a:84:f2:
         9c:1f:af:f0:c1:e6:a9:50:e5:37:65:03:8d:dc:f6:64:b4:72:
         8f:44:6d:ac:1f:02:a9:c5:f0:7c:10:4f:1f:78:93:10:c9:fa:
         95:b2:53:4e:4d:bf:dc:82:13:a2:80:c9:ca:2d:45:3d:11:64:
         36:4c:e7:50:93:71:80:52:77:aa:e6:c4:50:de:1c:f2:77:27:
         49:eb:4d:30:1c:d9:d3:d6:5a:4c:69:ec:b8:25:0c:fe:2d:8f:
         b8:fc:da:5d:66:33:42:0f:67:6f:f2:20:c9:d6:90:a4:0d:9c:
         a2:9f:bc:08:a1:c5:b0:de:89:a8:84:12:d3:7e:b6:a1:61:9a:
         70:a9:4b:50:61:88:1a:ff:f7:fa:8e:f4:8f:a9:bf:53:b5:61:
         b6:43:cc:74:0e:d6:34:a6:22:17:34:df:01:46:47:81:c5:42:
         bf:b3:77:0a:ad:c4:f8:3b:ca:67:1d:68:12:fe:ac:79:59:3e:
         97:88:dd:2e:09:cc:54:58:c7:32:c5:49:f6:8f:80:75:5f:5a:
         08:a6:95:19:e6:b8:c2:6e:e8:6a:b3:a2:06:26:89:28:2e:6b:
         25:29:ce:5d
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgITaHAdMg8YXO8H2bdjzUAFvu0K1DANBgkqhkiG9w0BAQsF
ADA9MTswOQYDVQQDEzI2ZWQ4OGNhZDExZmVhYzc3NDQ5ZjAxOGQ0MmJlMzU4ZWIz
NzEwN2RiZThjYjcxZDBhNzAeFw0yNTEwMDMwMDQwNThaFw0yNTExMDcyMzU5NTla
MHoxSTBHBgNVBAUTQDNlYzcyMzAyMmU5N2QxZDNkOTQ5MTZkNjFkYTBmYmNkMzY1
ZmRkZjAzZjM3MmUyMGIxNjA3NjQ3YWIyZTZmOWMxLTArBgNVBAMTJGIyNWM5NzBm
LWQ4MTMtNDQ1Yy1iZmUyLTYyNjY4NTE4Yzg3ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAIpsf1KKRjGJihzPJZDXoEqxCv7E3e428lpKO3PR0m9gLV2u
85Or1jYDfdtJo2uWBwJDO0QgEr+SawAz/x6k3FV6CMQqClOjyvAYU3JXu9ZCK2k2
OCUbxkDrWMVRaim5Cqr9m2+WU4ejuXx3ImINz3Ct7tmFxZEgPpacHNKk32bcJzay
AuWATDbg/T0AE8453Uu4+inmdiVvkLBqEk4cr1fRd0FTxb4TltwLJp6SHZcg3Eiz
PiGU9YcYyPGVdFz3f/9UinH8n6YjC1gWgF5AJ3XeT0IIYbcolcIVYCg8pyvWhcuP
1X9NJcbV5GjzYEZT1cGp6fk5UN7Vw31UuyAB4KMCAwEAAaOCArEwggKtMB0GA1Ud
DgQWBBSVv7SZSnscSKbHsrEps0SxGCIXzzAfBgNVHSMEGDAWgBQQXdeNVXhAq0Nd
vRUhII8p+kk/rjAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHg
BggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2Fy
aW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMv
MmEyNDY5NDctMmQ2Mi00YTZjLWJhMDUtODcxODdmMDA5OWIyLzFiYTMwMmI4LThk
YWItNDkxZC1iOWVkLWQ3YzkyZDAzMGQ4Mi82ZWQ4OGNhZDExZmVhYzc3NDQ5ZjAx
OGQ0MmJlMzU4ZWIzNzEwN2RiZThjYjcxZDBhNy5jZXIwgZ4GCCsGAQUFBwELBIGR
MIGOMIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8yMGFhMzI5Yi1mYzUyLTRjNjEtYmY1My0wOTcy
NWMwNDI5NDIvODZiOThiNjktN2Y2Ni00ZDlmLThlNzEtZGU1NzgzNGNjODc3LnJv
YTCBiAYDVR0fBIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0
LTIuYW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMt
MDk3MjVjMDQyOTQyL19xeDNSSjhCalVLLU5ZNnpjUWZiNk10eDBLYy5jcmwwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAED8VzANBgkqhkiG9w0BAQsFAAOCAQEA1oiiU431jdX0PiFm1PFSTngJn4W/
/k6f+NySlEMuvWryeoTynB+v8MHmqVDlN2UDjdz2ZLRyj0RtrB8CqcXwfBBPH3iT
EMn6lbJTTk2/3IITooDJyi1FPRFkNkznUJNxgFJ3qubEUN4c8ncnSetNMBzZ09Za
TGnsuCUM/i2PuPzaXWYzQg9nb/IgydaQpA2cop+8CKHFsN6JqIQS0362oWGacKlL
UGGIGv/3+o70j6m/U7VhtkPMdA7WNKYiFzTfAUZHgcVCv7N3Cq3E+DvKZx1oEv6s
eVk+l4jdLgnMVFjHMsVJ9o+AdV9aCKaVGea4wm7oarOiBiaJKC5rJSnOXQ==
-----END CERTIFICATE-----