Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bbfe754e-9d96-47d8-8a4d-fd68b677e25b.roa
File:                     bbfe754e-9d96-47d8-8a4d-fd68b677e25b.roa (raw, json)
Hash identifier:          pn2mYO8wzdJPFD96pSarqLK+itEfLZWJPWn48+i9VJ8=
Subject key identifier:   5A:FF:51:7E:41:8D:F2:8D:27:92:83:94:38:89:DC:0A:DA:83:EE:67
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4D7D357027F9352FAC3E2FD2D3E7000A1D30A3F6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bbfe754e-9d96-47d8-8a4d-fd68b677e25b.roa
Signing time:             Sat 18 Oct 2025 02:11:08 +0000
ROA not before:           Sat 18 Oct 2025 02:11:08 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        65.9.144.0/20 maxlen: 20
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:7d:35:70:27:f9:35:2f:ac:3e:2f:d2:d3:e7:00:0a:1d:30:a3:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 18 02:11:08 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=609b7ff987076787d2f78a2e369875a765a7f61cca6a84807faab7b5b5658681, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:11:87:95:60:87:41:69:94:b0:17:2b:83:b6:
                    db:10:22:de:1c:59:b0:0c:ea:a6:e7:83:a9:f4:ab:
                    22:cd:3f:ce:71:67:47:52:87:04:8d:9c:d6:97:4d:
                    ac:58:e4:01:a2:41:12:ca:57:55:16:54:9e:3a:80:
                    75:6f:dc:9b:f0:27:29:a8:4f:45:65:ac:80:73:02:
                    98:8f:be:93:7c:b5:e6:f1:2c:d0:d6:89:74:cf:95:
                    e0:2d:0f:2e:ea:93:47:0e:1e:fb:d2:05:10:10:06:
                    98:4a:b2:ab:f9:57:d1:f6:ad:9b:d0:20:c2:1a:be:
                    38:b8:b2:d3:9a:27:22:80:54:d4:dc:70:92:c4:b1:
                    47:27:a7:46:57:49:d0:a5:8b:15:4e:6d:5f:d0:5d:
                    9a:2f:e3:ec:16:a7:10:8a:b9:b1:20:a6:cb:35:32:
                    83:65:3b:38:8d:8c:b5:27:8b:74:67:b2:4e:4b:75:
                    c7:b7:1d:cb:87:ab:0d:ec:b5:0b:9c:e0:b9:df:12:
                    b0:c6:66:c1:82:c7:b6:70:1a:cf:de:2b:7b:ba:f0:
                    aa:f3:15:47:89:cd:9e:12:56:82:ee:69:1a:e6:9b:
                    13:82:03:7a:10:b3:69:57:e7:7d:03:00:b3:10:3d:
                    b7:56:08:1f:f1:7d:17:f8:00:e8:86:5b:87:60:0c:
                    6c:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:FF:51:7E:41:8D:F2:8D:27:92:83:94:38:89:DC:0A:DA:83:EE:67
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bbfe754e-9d96-47d8-8a4d-fd68b677e25b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  65.9.144.0/20

    Signature Algorithm: sha256WithRSAEncryption
         33:b6:4b:58:72:55:95:38:6e:74:7f:19:9b:1d:80:7e:c7:8f:
         2e:34:89:ba:d7:76:6e:a3:f7:92:db:1d:45:24:1f:6b:b5:f9:
         5f:26:78:70:29:e2:da:8b:27:f6:83:fb:ea:d8:4d:33:e4:c3:
         86:30:7b:3c:31:5f:de:4e:40:57:cb:50:fb:fe:80:f0:b3:4f:
         20:9b:17:77:ec:2c:78:7c:02:49:32:4f:cd:54:c7:d1:90:2a:
         7f:29:24:d0:0b:db:cd:ac:72:91:a8:9c:50:b0:cf:fb:66:41:
         98:78:9a:58:8b:a4:51:e3:3a:54:87:45:75:76:cf:fe:38:69:
         c5:c9:ec:5b:44:13:75:39:60:c1:33:56:fc:bd:56:0a:c0:9b:
         2e:d5:55:73:fd:a6:01:b9:95:4a:6d:8f:42:96:58:e5:78:21:
         b2:17:8a:39:15:6b:6e:b9:32:ec:47:9b:53:96:e0:0d:0e:62:
         2f:71:29:cb:f6:8f:03:6a:29:10:ba:d0:6b:51:74:44:17:66:
         24:57:22:01:fe:1e:39:a7:29:fa:74:31:c7:35:11:5c:1c:b2:
         a0:ec:36:08:d7:57:db:7c:92:a0:3e:dc:1f:fe:99:fb:aa:c8:
         2e:31:8e:ad:21:bc:8f:e7:43:c5:e0:2a:84:cd:4c:9a:ce:9f:
         42:65:53:22
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTX01cCf5NS+sPi/S0+cACh0wo/YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE4MDIxMTA4WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A2MDliN2ZmOTg3MDc2Nzg3ZDJmNzhhMmUzNjk4NzVhNzY1
YTdmNjFjY2E2YTg0ODA3ZmFhYjdiNWI1NjU4NjgxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDNEYeVYIdBaZSwFyuDttsQIt4cWbAM6qbng6n0qyLNP85x
Z0dShwSNnNaXTaxY5AGiQRLKV1UWVJ46gHVv3JvwJymoT0VlrIBzApiPvpN8tebx
LNDWiXTPleAtDy7qk0cOHvvSBRAQBphKsqv5V9H2rZvQIMIavji4stOaJyKAVNTc
cJLEsUcnp0ZXSdClixVObV/QXZov4+wWpxCKubEgpss1MoNlOziNjLUni3Rnsk5L
dce3HcuHqw3stQuc4LnfErDGZsGCx7ZwGs/eK3u68KrzFUeJzZ4SVoLuaRrmmxOC
A3oQs2lX530DALMQPbdWCB/xfRf4AOiGW4dgDGxtAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUWv9RfkGN8o0nkoOUOIncCtqD7mcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JiZmU3NTRlLTlkOTYtNDdkOC04YTRkLWZkNjhiNjc3ZTI1Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBARBCZAwDQYJKoZIhvcNAQELBQADggEBADO2S1hyVZU4bnR/GZsdgH7Hjy40
ibrXdm6j95LbHUUkH2u1+V8meHAp4tqLJ/aD++rYTTPkw4YwezwxX95OQFfLUPv+
gPCzTyCbF3fsLHh8AkkyT81Ux9GQKn8pJNAL282scpGonFCwz/tmQZh4mliLpFHj
OlSHRXV2z/44acXJ7FtEE3U5YMEzVvy9VgrAmy7VVXP9pgG5lUptj0KWWOV4IbIX
ijkVa265MuxHm1OW4A0OYi9xKcv2jwNqKRC60GtRdEQXZiRXIgH+HjmnKfp0Mcc1
EVwcsqDsNgjXV9t8kqA+3B/+mfuqyC4xjq0hvI/nQ8XgKoTNTJrOn0JlUyI=
-----END CERTIFICATE-----