Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ae676a97-17e8-43c8-b032-522076c501aa.roa
File:                     ae676a97-17e8-43c8-b032-522076c501aa.roa (raw, json)
Hash identifier:          7unZ5/nI81nVvJ6g3ulFqtYH24W5Ztuw7gYMuHKkDoY=
Subject key identifier:   0D:EC:31:53:3E:A2:11:61:9F:F4:D7:BB:B2:E4:5A:F6:54:C5:61:FE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       76E23C29482BE76DC90FF9EAE6A525DA51561E69
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ae676a97-17e8-43c8-b032-522076c501aa.roa
Signing time:             Sun 19 Oct 2025 02:40:53 +0000
ROA not before:           Sun 19 Oct 2025 02:40:53 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        70.224.192.0/18 maxlen: 18
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:e2:3c:29:48:2b:e7:6d:c9:0f:f9:ea:e6:a5:25:da:51:56:1e:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 19 02:40:53 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=52ee3afe5b608b601c47f0391757d17b21afc26d2e5bb6a7e30c57390d7d779a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:73:8e:6d:96:5d:e7:81:f2:48:8e:3e:a1:cc:
                    32:74:a3:7b:8b:41:e9:8e:71:00:b1:44:30:0d:03:
                    05:ed:1e:89:31:f0:27:09:e4:5f:7e:dd:6b:5e:1d:
                    6b:86:0d:90:6e:ac:f3:db:ce:6c:3c:c6:21:86:02:
                    db:19:5e:50:13:02:ea:ce:30:a1:11:f6:47:37:df:
                    4b:3a:6e:37:7f:62:ba:08:ac:02:e1:ec:19:90:bf:
                    3e:3e:a4:38:77:f9:9b:e7:ba:bb:fe:eb:46:61:fd:
                    ed:16:78:f6:d8:a7:88:3f:92:be:41:c0:e8:c0:bf:
                    3a:ee:41:e3:3d:43:d5:5c:a5:75:8d:02:1c:3c:c1:
                    fc:76:2b:6d:16:65:71:f6:8d:00:d2:d2:dc:f2:ed:
                    15:3e:03:00:97:81:b5:c8:b3:5b:c3:ad:62:e0:b5:
                    71:15:8f:89:d2:43:7e:1d:96:fc:d2:5d:09:64:12:
                    5e:3c:49:68:b9:a3:27:88:a3:ed:ab:09:d3:4b:ec:
                    d4:05:5b:51:7c:86:54:9a:82:85:30:9d:9e:28:50:
                    78:34:44:42:ed:0f:bc:b5:62:aa:07:df:c9:22:28:
                    9e:0d:2d:de:d4:5b:dc:77:90:a0:b6:23:d4:8e:2d:
                    04:b5:8d:b0:d0:4b:3f:16:3c:38:51:ab:fc:61:42:
                    ae:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:EC:31:53:3E:A2:11:61:9F:F4:D7:BB:B2:E4:5A:F6:54:C5:61:FE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ae676a97-17e8-43c8-b032-522076c501aa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  70.224.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         8f:54:28:19:43:52:e4:09:ac:a2:3f:75:8c:f4:b4:66:da:89:
         25:b1:a4:cf:32:92:20:4f:cb:aa:27:bb:5c:5a:80:c8:c4:5a:
         2f:ed:ab:d4:be:1c:6c:fc:59:2c:73:2e:3f:3b:cd:e2:8b:29:
         cc:ba:62:0c:c0:17:22:7e:58:fd:1e:c6:db:85:d0:4d:1f:42:
         df:42:9e:0b:e6:1e:7f:9f:5c:b5:ff:37:5f:c6:da:1b:39:23:
         b8:82:74:78:97:91:bd:21:be:89:17:41:16:4c:5b:71:83:d5:
         3a:12:47:dd:40:e5:1a:b2:c3:0a:16:a5:49:25:a7:e3:2a:93:
         01:13:fa:c0:15:c6:f3:9b:99:5c:c4:f2:3d:d1:6d:9d:e3:97:
         b7:1d:4b:ce:9f:81:c4:74:0a:de:46:1e:ac:86:8e:05:96:f6:
         d9:d6:49:a9:d1:b4:83:22:91:a6:d8:7f:5f:7d:7f:cf:a3:44:
         86:8f:b9:86:08:02:2d:ac:03:30:b5:58:42:df:af:83:34:c7:
         1d:fe:9c:45:e1:25:33:6e:f0:1c:8d:4c:87:c3:58:3a:60:3e:
         37:4e:cb:6c:ed:af:f2:68:b4:be:ef:71:21:be:eb:cb:e0:5e:
         fc:af:c5:79:8c:39:fc:4a:5f:7c:06:6d:dc:df:a0:6a:bb:17:
         3e:f0:9b:fb
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUduI8KUgr523JD/nq5qUl2lFWHmkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE5MDI0MDUzWhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A1MmVlM2FmZTViNjA4YjYwMWM0N2YwMzkxNzU3ZDE3YjIx
YWZjMjZkMmU1YmI2YTdlMzBjNTczOTBkN2Q3NzlhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqc45tll3ngfJIjj6hzDJ0o3uLQemOcQCxRDANAwXtHokx
8CcJ5F9+3WteHWuGDZBurPPbzmw8xiGGAtsZXlATAurOMKER9kc330s6bjd/YroI
rALh7BmQvz4+pDh3+Zvnurv+60Zh/e0WePbYp4g/kr5BwOjAvzruQeM9Q9VcpXWN
Ahw8wfx2K20WZXH2jQDS0tzy7RU+AwCXgbXIs1vDrWLgtXEVj4nSQ34dlvzSXQlk
El48SWi5oyeIo+2rCdNL7NQFW1F8hlSagoUwnZ4oUHg0RELtD7y1YqoH38kiKJ4N
Ld7UW9x3kKC2I9SOLQS1jbDQSz8WPDhRq/xhQq4PAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUDewxUz6iEWGf9Ne7suRa9lTFYf4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FlNjc2YTk3LTE3ZTgtNDNjOC1iMDMyLTUyMjA3NmM1MDFhYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZG4MAwDQYJKoZIhvcNAQELBQADggEBAI9UKBlDUuQJrKI/dYz0tGbaiSWx
pM8ykiBPy6onu1xagMjEWi/tq9S+HGz8WSxzLj87zeKLKcy6YgzAFyJ+WP0extuF
0E0fQt9CngvmHn+fXLX/N1/G2hs5I7iCdHiXkb0hvokXQRZMW3GD1ToSR91A5Rqy
wwoWpUklp+MqkwET+sAVxvObmVzE8j3RbZ3jl7cdS86fgcR0Ct5GHqyGjgWW9tnW
SanRtIMikabYf199f8+jRIaPuYYIAi2sAzC1WELfr4M0xx3+nEXhJTNu8ByNTIfD
WDpgPjdOy2ztr/JotL7vcSG+68vgXvyvxXmMOfxKX3wGbdzfoGq7Fz7wm/s=
-----END CERTIFICATE-----