Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8b8049b4-624b-4704-b56d-196cb647a1ac.roa
File:                     8b8049b4-624b-4704-b56d-196cb647a1ac.roa (raw, json)
Hash identifier:          62lCqyR8WFEbfvAb+6/6va58GEwCi5/00Rlm0h6oatM=
Subject key identifier:   C5:75:7F:95:A4:E6:A7:60:89:B4:EA:52:8F:B1:50:66:C5:94:87:5F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0220E2CD6808371C07E98072F4A943B86D8A4BBB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8b8049b4-624b-4704-b56d-196cb647a1ac.roa
Signing time:             Sat 27 Sep 2025 00:42:22 +0000
ROA not before:           Sat 27 Sep 2025 00:42:22 +0000
ROA not after:            Sat 01 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        96.0.16.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:20:e2:cd:68:08:37:1c:07:e9:80:72:f4:a9:43:b8:6d:8a:4b:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 27 00:42:22 2025 GMT
            Not After : Nov  1 23:59:59 2025 GMT
        Subject: serialNumber=efbfd1e8efcf3c981b57b2874a6739c0f757a9e4b583e0dbec75489883875445, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:d2:e1:41:22:09:31:d7:75:1c:45:d0:5c:fe:
                    1c:19:10:db:fd:ac:22:2a:3f:c7:f3:fe:ab:ec:93:
                    51:51:66:89:ee:47:96:5c:df:75:11:5a:57:bb:08:
                    36:cc:a5:af:2c:b4:5a:1c:f0:e8:c5:1e:23:d6:5d:
                    1a:09:4c:36:88:4d:64:b8:50:f5:c5:95:6e:32:a7:
                    8f:f1:5d:b1:7a:21:0b:8f:f6:24:6a:eb:f8:9d:2c:
                    e8:19:3e:9a:83:58:fd:44:2c:a5:d0:c0:99:ac:98:
                    ac:0f:75:c1:f4:04:11:17:e4:d5:5d:d7:db:29:b1:
                    55:c9:93:c1:ac:fa:8b:dd:92:ca:c0:f8:7a:9b:dd:
                    b1:ac:7f:be:9a:61:6c:cb:51:96:fc:25:a7:8b:96:
                    42:9f:ba:2a:6f:a4:ed:80:80:55:2a:e4:a8:4d:42:
                    6b:da:f9:d4:1a:11:8b:b1:6c:ca:81:47:00:04:52:
                    48:38:63:69:6d:76:01:92:81:4a:73:d5:2d:08:f4:
                    62:e7:cb:8d:0e:3d:42:a2:d8:2e:15:ad:6a:62:96:
                    d8:4c:fb:42:41:06:66:05:af:a0:2f:c8:4d:24:a7:
                    2c:a3:ff:af:3e:8b:ab:2a:f5:34:aa:1e:fb:e4:ec:
                    b8:a5:84:b5:97:51:69:84:b6:e0:44:1e:8a:ca:6b:
                    f1:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:75:7F:95:A4:E6:A7:60:89:B4:EA:52:8F:B1:50:66:C5:94:87:5F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8b8049b4-624b-4704-b56d-196cb647a1ac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.0.16.0/21

    Signature Algorithm: sha256WithRSAEncryption
         35:3b:fb:c5:21:80:3d:b7:58:75:92:25:c3:b3:15:4c:00:69:
         af:88:5c:ef:9f:bb:12:16:81:34:fb:be:80:cf:9e:d1:39:8d:
         92:d2:33:8d:ae:2b:f7:6a:35:a8:ca:44:a1:12:b7:50:51:6f:
         0f:ac:79:20:ef:6b:b7:fe:08:5a:ea:c6:e1:f2:45:f1:a1:d9:
         82:a0:7f:b7:c2:ec:10:89:20:4d:ff:eb:89:15:fe:12:ef:ec:
         4b:7b:86:13:74:38:87:6f:a4:5e:47:71:bd:fd:b8:77:93:c2:
         88:91:33:c7:74:0b:6e:44:83:d0:32:47:da:e8:8e:e5:c4:7f:
         8d:20:38:0f:7a:30:5f:64:b2:17:5e:a2:7d:75:f3:84:eb:ec:
         51:5d:98:29:99:22:a4:17:d2:3f:5d:65:e9:31:dc:eb:98:17:
         09:f5:92:d9:eb:61:65:98:66:74:e4:b0:d3:08:cf:43:dc:13:
         f0:10:1e:3f:de:5d:52:aa:35:f1:b5:3c:bb:5f:07:f8:ff:82:
         19:df:37:f5:01:cd:a5:26:bf:4a:18:49:55:59:d2:81:85:aa:
         f6:9c:e1:a0:3d:1b:42:bc:95:e9:74:ec:dd:4a:be:de:9b:64:
         f8:01:36:70:90:bc:fa:80:fc:e8:a7:b6:4e:79:99:33:d7:7d:
         ca:77:a0:c1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAiDizWgINxwH6YBy9KlDuG2KS7swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI3MDA0MjIyWhcNMjUxMTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0BlZmJmZDFlOGVmY2YzYzk4MWI1N2IyODc0YTY3MzljMGY3
NTdhOWU0YjU4M2UwZGJlYzc1NDg5ODgzODc1NDQ1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCq0uFBIgkx13UcRdBc/hwZENv9rCIqP8fz/qvsk1FRZonu
R5Zc33URWle7CDbMpa8stFoc8OjFHiPWXRoJTDaITWS4UPXFlW4yp4/xXbF6IQuP
9iRq6/idLOgZPpqDWP1ELKXQwJmsmKwPdcH0BBEX5NVd19spsVXJk8Gs+ovdksrA
+Hqb3bGsf76aYWzLUZb8JaeLlkKfuipvpO2AgFUq5KhNQmva+dQaEYuxbMqBRwAE
Ukg4Y2ltdgGSgUpz1S0I9GLny40OPUKi2C4VrWpilthM+0JBBmYFr6AvyE0kpyyj
/68+i6sq9TSqHvvk7LilhLWXUWmEtuBEHorKa/GjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUxXV/laTmp2CJtOpSj7FQZsWUh18wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzhiODA0OWI0LTYyNGItNDcwNC1iNTZkLTE5NmNiNjQ3YTFhYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANgABAwDQYJKoZIhvcNAQELBQADggEBADU7+8UhgD23WHWSJcOzFUwAaa+I
XO+fuxIWgTT7voDPntE5jZLSM42uK/dqNajKRKESt1BRbw+seSDva7f+CFrqxuHy
RfGh2YKgf7fC7BCJIE3/64kV/hLv7Et7hhN0OIdvpF5Hcb39uHeTwoiRM8d0C25E
g9AyR9rojuXEf40gOA96MF9kshdeon1184Tr7FFdmCmZIqQX0j9dZekx3OuYFwn1
ktnrYWWYZnTksNMIz0PcE/AQHj/eXVKqNfG1PLtfB/j/ghnfN/UBzaUmv0oYSVVZ
0oGFqvac4aA9G0K8lel07N1Kvt6bZPgBNnCQvPqA/Ointk55mTPXfcp3oME=
-----END CERTIFICATE-----