Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/aeb5a04b-af2e-493c-a824-8181a14a14c0.roa
File:                     aeb5a04b-af2e-493c-a824-8181a14a14c0.roa (raw, json)
Hash identifier:          3D4QT3ktmbSUOglsGeyVSfb7G1T/4u+nY2I+yje3Y68=
Subject key identifier:   F1:A6:A2:E5:46:94:B5:07:90:0F:1D:01:E1:A1:DA:7C:5F:5D:6B:87
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       79DCF20614F9286B6D0987A6B08592BB65A8E45E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/aeb5a04b-af2e-493c-a824-8181a14a14c0.roa
Signing time:             Tue 14 Oct 2025 00:21:21 +0000
ROA not before:           Tue 14 Oct 2025 00:21:21 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        130.176.100.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:dc:f2:06:14:f9:28:6b:6d:09:87:a6:b0:85:92:bb:65:a8:e4:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 14 00:21:21 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=ddecae74c5976a2e4162c3c645ba0c2e9d4ca0906624e188f326a41052ae348f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:f5:e6:14:c6:21:ea:2e:a5:8d:e5:dc:16:11:
                    ac:a9:f4:91:3f:4d:9a:b7:c1:d0:85:ef:9d:f5:38:
                    32:6f:9f:39:b5:94:a9:70:15:63:d0:5b:8c:a6:67:
                    64:70:51:a7:7f:d1:ca:bb:9b:5d:3d:b2:58:96:2d:
                    13:82:ee:5e:c2:b9:eb:39:5b:ec:32:87:e9:83:47:
                    3e:74:6d:fa:b9:15:6e:33:bf:17:06:74:b9:62:19:
                    ee:0f:d7:69:cb:58:56:d4:36:d0:2f:4d:59:b6:5a:
                    da:22:af:b3:a9:da:bd:93:2d:82:48:ed:bf:4d:21:
                    81:3d:df:f1:9f:21:27:94:fa:d7:40:c0:76:23:7a:
                    ca:58:5c:a6:1c:1a:77:0c:a6:41:70:88:13:44:ea:
                    60:94:c4:e6:f4:00:f0:72:fb:7d:e7:7e:bb:79:ff:
                    73:fa:b1:1a:5f:68:c7:45:81:85:30:b4:28:2e:54:
                    21:cb:76:19:41:ae:64:86:f2:9e:d0:1c:ec:a7:bf:
                    fc:29:73:4d:bc:2b:0a:fa:fb:18:7c:84:a7:71:0d:
                    1a:5d:48:71:32:a4:1f:60:80:e2:be:ef:38:36:14:
                    88:a3:c5:0d:56:77:74:99:6e:cf:1f:4a:91:20:09:
                    e6:65:0e:cb:87:44:ac:d3:9a:c7:81:05:0e:01:8c:
                    9d:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:A6:A2:E5:46:94:B5:07:90:0F:1D:01:E1:A1:DA:7C:5F:5D:6B:87
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/aeb5a04b-af2e-493c-a824-8181a14a14c0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.176.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:d1:e2:06:de:b9:a0:f9:f9:ee:d3:d8:dc:0e:60:05:b1:0c:
         ce:a1:59:3f:bd:c2:b9:00:c0:3c:e2:73:97:2b:8f:81:b3:a7:
         f2:e2:39:ba:cb:7b:59:91:cb:63:1d:41:15:f3:38:d2:a6:6d:
         4a:a7:4e:26:51:11:4d:d1:25:80:c9:ff:84:9d:90:ea:ba:98:
         28:43:f4:72:d0:a2:65:5e:a8:1e:60:c5:14:6b:d7:78:87:24:
         21:14:34:09:eb:57:88:10:b1:a1:dd:b4:29:8d:56:5d:45:91:
         3e:b0:c8:fa:47:89:a2:43:3c:42:62:1e:e5:59:98:fa:3f:ea:
         84:11:07:ac:26:d4:48:7c:50:20:d2:8d:1e:af:e8:e8:9e:9f:
         59:cf:09:2d:bf:61:08:c9:28:63:41:f8:42:50:48:4a:38:81:
         2b:ca:1c:70:a2:9e:47:1b:14:cd:e3:90:86:d2:8e:36:d2:ab:
         0f:ca:20:cd:72:b3:36:45:e2:d9:8b:3d:e8:3c:93:b5:fb:a6:
         f2:e0:0a:2b:8c:b7:95:38:85:a6:b2:0b:93:09:3f:cf:46:df:
         40:a1:42:b1:e0:16:a4:29:99:bf:47:d2:8a:7b:1e:7a:f2:0c:
         3c:7e:b2:fc:58:a2:1f:c8:0b:e0:83:69:b9:9f:18:a1:03:a8:
         63:60:0b:95
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUedzyBhT5KGttCYemsIWSu2Wo5F4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE0MDAyMTIxWhcNMjUxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BkZGVjYWU3NGM1OTc2YTJlNDE2MmMzYzY0NWJhMGMyZTlk
NGNhMDkwNjYyNGUxODhmMzI2YTQxMDUyYWUzNDhmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCs9eYUxiHqLqWN5dwWEayp9JE/TZq3wdCF7531ODJvnzm1
lKlwFWPQW4ymZ2RwUad/0cq7m109sliWLROC7l7Cues5W+wyh+mDRz50bfq5FW4z
vxcGdLliGe4P12nLWFbUNtAvTVm2Wtoir7Op2r2TLYJI7b9NIYE93/GfISeU+tdA
wHYjespYXKYcGncMpkFwiBNE6mCUxOb0APBy+33nfrt5/3P6sRpfaMdFgYUwtCgu
VCHLdhlBrmSG8p7QHOynv/wpc028Kwr6+xh8hKdxDRpdSHEypB9ggOK+7zg2FIij
xQ1Wd3SZbs8fSpEgCeZlDsuHRKzTmseBBQ4BjJ2dAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU8aai5UaUtQeQDx0B4aHafF9da4cwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FlYjVhMDRiLWFmMmUtNDkzYy1hODI0LTgxODFhMTRhMTRjMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACCsGQwDQYJKoZIhvcNAQELBQADggEBADXR4gbeuaD5+e7T2NwOYAWxDM6h
WT+9wrkAwDzic5crj4Gzp/LiObrLe1mRy2MdQRXzONKmbUqnTiZREU3RJYDJ/4Sd
kOq6mChD9HLQomVeqB5gxRRr13iHJCEUNAnrV4gQsaHdtCmNVl1FkT6wyPpHiaJD
PEJiHuVZmPo/6oQRB6wm1Eh8UCDSjR6v6Oien1nPCS2/YQjJKGNB+EJQSEo4gSvK
HHCinkcbFM3jkIbSjjbSqw/KIM1yszZF4tmLPeg8k7X7pvLgCiuMt5U4haayC5MJ
P89G30ChQrHgFqQpmb9H0op7HnryDDx+svxYoh/IC+CDabmfGKEDqGNgC5U=
-----END CERTIFICATE-----