Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b1564f4a-7df0-4932-af96-1ebffff2e421.roa
File:                     b1564f4a-7df0-4932-af96-1ebffff2e421.roa (raw, json)
Hash identifier:          7y3elWbaOD/ppwdWOtt0+CS5yg7gV52cfKHF9YdXj7o=
Subject key identifier:   9C:69:F7:4F:8A:D1:8B:61:31:44:98:7E:A2:2B:E3:D7:1B:DF:31:AA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1180EF385203286120B9FD9C2166539DEB361125
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b1564f4a-7df0-4932-af96-1ebffff2e421.roa
Signing time:             Sat 27 Sep 2025 00:40:31 +0000
ROA not before:           Sat 27 Sep 2025 00:40:31 +0000
ROA not after:            Sat 01 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        72.29.0.0/19 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:80:ef:38:52:03:28:61:20:b9:fd:9c:21:66:53:9d:eb:36:11:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 27 00:40:31 2025 GMT
            Not After : Nov  1 23:59:59 2025 GMT
        Subject: serialNumber=e2d82169c89d857bdb11c36c7e2dc6d9621716d183b471b478391a2a332c8e7a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:f3:77:0e:66:a6:a1:31:86:30:c8:80:f8:7c:
                    2c:ae:51:2e:ab:78:c9:77:c2:d9:36:27:86:9d:60:
                    26:cd:6d:18:c5:39:13:eb:2d:40:9c:35:a1:fc:de:
                    1e:43:ec:d1:33:3c:ae:b5:89:9f:86:d6:65:85:3f:
                    66:ee:53:36:71:e3:55:82:71:d3:6c:cb:68:d8:bf:
                    aa:66:26:64:8e:96:70:4c:f2:ae:26:ce:94:78:b5:
                    54:f4:5b:39:5b:80:08:d7:b6:ba:18:a9:70:21:b9:
                    da:40:b8:18:0c:38:61:3a:8a:6f:39:ec:91:50:8e:
                    6b:2d:bb:d1:19:e5:96:6d:82:b0:23:cc:88:c3:d4:
                    74:ff:be:ac:70:a2:f6:19:6c:74:77:e9:d3:61:11:
                    55:10:83:96:a1:6e:41:1b:bc:91:17:64:bd:3a:88:
                    d7:b6:be:8d:82:3a:7b:a9:6c:01:73:37:6f:f5:89:
                    f3:a5:ea:98:bd:4b:77:66:97:69:8d:c3:ac:0a:6d:
                    d5:87:3e:22:9c:be:57:df:1e:e3:71:f5:c5:3f:6a:
                    56:24:86:7c:b1:93:90:a7:4f:ba:45:a2:9c:32:74:
                    9f:b8:63:31:8c:88:53:03:40:7e:e8:77:42:de:7e:
                    16:0c:5e:a3:19:84:76:a7:ff:40:be:71:e8:ab:1d:
                    7b:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:69:F7:4F:8A:D1:8B:61:31:44:98:7E:A2:2B:E3:D7:1B:DF:31:AA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b1564f4a-7df0-4932-af96-1ebffff2e421.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  72.29.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         0d:3a:82:8b:0c:c8:65:49:87:a7:f3:ed:cc:40:d9:71:f8:a0:
         af:9c:46:a5:6e:98:05:e0:e0:a4:cd:dd:75:1f:c2:b0:ec:a6:
         7d:dc:6e:8c:1e:21:e9:b1:fa:1e:19:6b:45:ed:fb:2c:ac:9f:
         d5:48:74:6f:ea:24:67:d0:78:ba:f0:e6:40:cc:15:b3:f1:b7:
         e5:bb:28:60:d2:d3:ba:4c:77:4f:bd:fb:09:f6:f3:ee:4c:2f:
         92:75:24:09:12:88:0b:fc:62:e3:30:21:e8:db:4a:f7:6f:55:
         65:02:21:6c:66:ea:d1:58:1e:e5:0c:84:5a:ee:16:e7:e4:a1:
         dc:da:f6:3a:69:ad:0b:e3:ef:64:99:20:e3:4a:3e:cf:62:5b:
         56:7f:c0:a7:65:cd:c1:8f:18:58:11:3b:ff:e5:5b:1e:17:74:
         d3:eb:77:60:3d:bf:8c:fc:17:a4:8c:08:7a:69:e5:3f:09:2e:
         ad:cc:cb:ff:26:a8:1b:ae:eb:32:1e:05:94:7d:7f:c3:3a:28:
         20:a1:b6:7e:d2:f0:75:a9:1c:7d:39:be:e5:9f:71:26:48:e3:
         f4:4a:42:79:a9:7e:52:bc:db:19:80:86:71:79:96:b1:a5:59:
         53:7d:05:eb:5a:5e:aa:0f:50:4c:a6:7f:3e:51:95:03:88:eb:
         f3:76:9c:41
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEYDvOFIDKGEguf2cIWZTnes2ESUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI3MDA0MDMxWhcNMjUxMTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0BlMmQ4MjE2OWM4OWQ4NTdiZGIxMWMzNmM3ZTJkYzZkOTYy
MTcxNmQxODNiNDcxYjQ3ODM5MWEyYTMzMmM4ZTdhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCp83cOZqahMYYwyID4fCyuUS6reMl3wtk2J4adYCbNbRjF
ORPrLUCcNaH83h5D7NEzPK61iZ+G1mWFP2buUzZx41WCcdNsy2jYv6pmJmSOlnBM
8q4mzpR4tVT0WzlbgAjXtroYqXAhudpAuBgMOGE6im857JFQjmstu9EZ5ZZtgrAj
zIjD1HT/vqxwovYZbHR36dNhEVUQg5ahbkEbvJEXZL06iNe2vo2COnupbAFzN2/1
ifOl6pi9S3dml2mNw6wKbdWHPiKcvlffHuNx9cU/alYkhnyxk5CnT7pFopwydJ+4
YzGMiFMDQH7od0LefhYMXqMZhHan/0C+ceirHXvRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUnGn3T4rRi2ExRJh+oivj1xvfMaowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2IxNTY0ZjRhLTdkZjAtNDkzMi1hZjk2LTFlYmZmZmYyZTQyMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAVIHQAwDQYJKoZIhvcNAQELBQADggEBAA06gosMyGVJh6fz7cxA2XH4oK+c
RqVumAXg4KTN3XUfwrDspn3cboweIemx+h4Za0Xt+yysn9VIdG/qJGfQeLrw5kDM
FbPxt+W7KGDS07pMd0+9+wn28+5ML5J1JAkSiAv8YuMwIejbSvdvVWUCIWxm6tFY
HuUMhFruFufkodza9jpprQvj72SZIONKPs9iW1Z/wKdlzcGPGFgRO//lWx4XdNPr
d2A9v4z8F6SMCHpp5T8JLq3My/8mqBuu6zIeBZR9f8M6KCChtn7S8HWpHH05vuWf
cSZI4/RKQnmpflK82xmAhnF5lrGlWVN9BetaXqoPUEymfz5RlQOI6/N2nEE=
-----END CERTIFICATE-----