Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/87c60087-f583-4b05-b8b6-f37a488645bf.roa
File:                     87c60087-f583-4b05-b8b6-f37a488645bf.roa (raw, json)
Hash identifier:          fwe5B5lQRzONVcV+0rdOGxKTSL7fDHpFxo4FqNL1CN0=
Subject key identifier:   35:30:77:7C:34:BF:FC:EE:CA:3E:39:5B:1C:B1:F9:8D:A2:3E:DA:CA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2A39753941DA328CDA87D2BE45F2DD79779011FF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/87c60087-f583-4b05-b8b6-f37a488645bf.roa
Signing time:             Fri 26 Sep 2025 00:01:30 +0000
ROA not before:           Fri 26 Sep 2025 00:01:30 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        103.14.4.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:39:75:39:41:da:32:8c:da:87:d2:be:45:f2:dd:79:77:90:11:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 26 00:01:30 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=39bcff91945754c575b2b1f66e75e61a7fa707c56ae805b83c933beab20bdd7c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:f7:06:da:09:31:bf:57:db:9b:ab:23:8c:40:
                    ad:bb:8d:f9:e0:b4:30:69:2b:17:4e:c1:e5:83:83:
                    98:d0:07:44:b0:f3:67:72:98:b2:ab:14:9d:f6:56:
                    a5:ad:c0:9e:91:24:41:3c:dc:e1:9c:14:2d:3c:0e:
                    a5:91:88:7f:1f:63:62:35:75:e9:9d:8b:8e:bd:a8:
                    73:8a:18:dd:e0:9a:6a:bd:13:25:ff:e6:94:1b:94:
                    8d:9d:53:a3:e1:f7:8d:36:1b:e8:b3:6e:7c:d4:da:
                    db:2c:ff:15:74:07:0a:76:56:ed:28:67:85:5e:79:
                    16:71:2c:65:3e:a3:b7:0a:3a:3f:fa:9c:5d:a1:11:
                    6f:74:10:6d:36:78:43:3a:5d:57:c2:8e:6c:67:b6:
                    0a:cc:65:31:25:f1:b2:7a:52:5b:34:89:d9:f1:f8:
                    cc:41:7a:e5:7e:cf:e8:dd:15:01:12:4e:ee:16:fa:
                    7a:bf:03:2e:9c:5a:a2:6f:1b:8e:25:62:b0:b6:80:
                    fa:81:83:11:79:f0:c8:ad:31:97:00:7a:1d:90:d5:
                    88:2d:10:3b:78:b9:08:8e:ff:1b:6c:5a:8e:30:d3:
                    cd:60:e2:c4:0d:66:08:31:07:11:a8:e2:ae:98:f7:
                    f4:3b:ee:d9:a2:fc:f3:c3:73:3b:35:75:73:77:06:
                    a3:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:30:77:7C:34:BF:FC:EE:CA:3E:39:5B:1C:B1:F9:8D:A2:3E:DA:CA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/87c60087-f583-4b05-b8b6-f37a488645bf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.14.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         14:ee:94:a8:ba:d1:72:c8:11:5d:18:a7:1a:b6:21:01:57:71:
         97:88:ce:0f:a7:cf:10:32:4b:3a:a3:c6:37:a5:e5:97:ce:e8:
         76:1d:13:7f:50:07:d0:c8:a4:6b:b3:00:a3:ea:94:ac:ec:28:
         4a:b8:7b:38:97:ed:23:ec:66:2a:a6:ae:a1:54:16:64:dd:d5:
         73:29:7d:e8:a3:4a:14:23:85:5a:f1:f4:d9:43:0e:4a:19:39:
         55:38:cb:5c:b7:2a:df:aa:b8:01:b2:45:ab:df:19:a7:46:11:
         38:fd:83:b6:ad:15:b6:82:19:98:5b:ba:88:68:2f:5b:fa:e8:
         4d:ce:45:58:a8:38:88:17:84:b6:dc:61:21:5a:33:d6:37:90:
         1e:5f:04:ab:c8:bd:f4:6e:40:5e:f4:37:48:d3:8a:9e:15:fa:
         66:13:12:86:70:f5:9d:b9:81:ee:0e:a5:28:40:01:89:c6:7e:
         6e:8d:dc:e0:11:23:9f:d1:11:75:5f:99:b7:c8:8a:ba:c3:91:
         65:62:ff:b5:14:d9:c0:af:dd:f5:c5:42:07:70:0b:13:0e:61:
         d7:68:be:bd:75:37:39:73:77:66:65:31:c4:a3:14:3b:43:6f:
         ab:0d:0a:08:05:55:92:f1:30:d5:47:bf:a8:37:82:75:bb:48:
         ae:0c:a6:c2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKjl1OUHaMozah9K+RfLdeXeQEf8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI2MDAwMTMwWhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AzOWJjZmY5MTk0NTc1NGM1NzViMmIxZjY2ZTc1ZTYxYTdm
YTcwN2M1NmFlODA1YjgzYzkzM2JlYWIyMGJkZDdjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC59wbaCTG/V9ubqyOMQK27jfngtDBpKxdOweWDg5jQB0Sw
82dymLKrFJ32VqWtwJ6RJEE83OGcFC08DqWRiH8fY2I1demdi469qHOKGN3gmmq9
EyX/5pQblI2dU6Ph9402G+izbnzU2tss/xV0Bwp2Vu0oZ4VeeRZxLGU+o7cKOj/6
nF2hEW90EG02eEM6XVfCjmxntgrMZTEl8bJ6Uls0idnx+MxBeuV+z+jdFQESTu4W
+nq/Ay6cWqJvG44lYrC2gPqBgxF58MitMZcAeh2Q1YgtEDt4uQiO/xtsWo4w081g
4sQNZggxBxGo4q6Y9/Q77tmi/PPDczs1dXN3BqPPAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUNTB3fDS//O7KPjlbHLH5jaI+2sowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg3YzYwMDg3LWY1ODMtNGIwNS1iOGI2LWYzN2E0ODg2NDViZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJnDgQwDQYJKoZIhvcNAQELBQADggEBABTulKi60XLIEV0Ypxq2IQFXcZeI
zg+nzxAySzqjxjel5ZfO6HYdE39QB9DIpGuzAKPqlKzsKEq4eziX7SPsZiqmrqFU
FmTd1XMpfeijShQjhVrx9NlDDkoZOVU4y1y3Kt+quAGyRavfGadGETj9g7atFbaC
GZhbuohoL1v66E3ORVioOIgXhLbcYSFaM9Y3kB5fBKvIvfRuQF70N0jTip4V+mYT
EoZw9Z25ge4OpShAAYnGfm6N3OARI5/REXVfmbfIirrDkWVi/7UU2cCv3fXFQgdw
CxMOYddovr11Nzlzd2ZlMcSjFDtDb6sNCggFVZLxMNVHv6g3gnW7SK4MpsI=
-----END CERTIFICATE-----