Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bd1f1c8a-4c90-4331-a39c-570f7b79ad54.roa
File:                     bd1f1c8a-4c90-4331-a39c-570f7b79ad54.roa (raw, json)
Hash identifier:          sn60+R9UCAZywUD1hGGaIV0LXmW2z6AVD5A/TWBu5po=
Subject key identifier:   C3:ED:42:AF:B0:2E:A7:5F:61:4B:A4:C6:C7:E3:43:CC:A3:8B:E3:60
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       78F5622C438A66F32938CE7BA9048C0E6CF683AD
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bd1f1c8a-4c90-4331-a39c-570f7b79ad54.roa
Signing time:             Mon 06 Oct 2025 15:40:00 +0000
ROA not before:           Mon 06 Oct 2025 15:40:00 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        143.171.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:f5:62:2c:43:8a:66:f3:29:38:ce:7b:a9:04:8c:0e:6c:f6:83:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  6 15:40:00 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=8027513c3718a48080264cba4bd2071fe426b9e5f106de1b3c0bf5b5137fec37, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:44:2c:2b:bd:53:f0:a9:6d:48:1f:8a:fb:01:
                    9d:73:e2:43:e5:f9:d7:44:fc:ba:b2:17:74:92:f0:
                    9c:72:c9:32:22:94:a6:aa:a9:b9:99:8e:5d:c0:d3:
                    07:c5:e0:4c:45:bf:b0:34:14:d2:d7:e1:6a:da:5a:
                    fe:93:74:30:e0:aa:25:7f:70:d8:49:8f:06:eb:c6:
                    36:a7:4c:c0:d9:ee:3d:a7:3b:a4:01:4e:da:13:cc:
                    bd:e3:1a:b4:75:e1:13:df:6f:fe:bf:73:6c:c7:91:
                    8b:00:89:cd:d1:1e:94:9e:0b:b9:17:c7:4d:45:18:
                    44:e0:a8:27:a6:df:cf:89:a8:fa:70:da:f0:16:ba:
                    62:50:65:c2:9b:3a:fc:af:ba:eb:21:9f:52:41:df:
                    b9:3b:69:98:5c:d9:1b:e6:b4:a2:f0:e0:97:5b:39:
                    ad:1b:f0:e3:bb:98:d8:76:81:b3:cc:e1:8a:5e:36:
                    8e:5f:44:ce:02:76:fe:b7:5f:89:ca:db:dc:78:b3:
                    b8:e4:cd:a1:57:2d:2a:31:6b:60:be:cd:96:d7:f0:
                    5e:24:d7:c5:d8:3c:1e:86:20:06:cc:27:cf:71:1a:
                    24:8b:d9:93:5a:0e:d0:86:25:f3:c1:8c:38:88:7d:
                    8d:b5:25:54:42:38:af:a5:5e:06:75:70:6a:e1:fa:
                    a6:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:ED:42:AF:B0:2E:A7:5F:61:4B:A4:C6:C7:E3:43:CC:A3:8B:E3:60
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bd1f1c8a-4c90-4331-a39c-570f7b79ad54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.171.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         92:7e:de:95:e7:cb:7c:ff:49:ab:88:a3:be:f7:f8:a3:f0:06:
         77:14:ea:c6:16:c5:f4:47:c6:1c:4b:cc:93:89:73:f6:cf:c9:
         44:60:41:bb:95:08:d2:18:30:b5:a6:fc:dd:d9:bb:91:d0:e7:
         b0:3d:57:42:76:68:6d:ed:50:71:0a:ae:39:a7:18:57:09:8a:
         0e:72:fb:a0:b9:f4:78:bc:27:da:a4:e7:de:ff:bd:5d:f5:86:
         8e:b6:4e:08:80:dd:c2:65:9f:9f:9f:b1:f5:73:01:e9:20:93:
         da:f3:26:6c:eb:75:61:4d:1d:7d:5c:57:cf:45:e6:09:ba:37:
         61:ea:d0:92:53:a5:f9:75:7c:e5:88:35:e9:e5:54:cb:76:89:
         08:80:57:a0:dc:10:a3:17:c3:c5:9f:56:ee:bc:86:b6:ce:15:
         19:1c:fe:4f:f8:98:0a:86:37:ff:a3:df:3d:5e:83:16:0a:22:
         52:ad:ea:4e:b4:3c:ae:92:83:4f:c5:2d:99:0b:89:fb:3c:34:
         f3:f8:fb:3f:20:34:7a:d3:94:9b:94:71:4c:a7:b1:b9:5b:04:
         e0:1c:f4:28:d9:e2:57:c9:a3:ed:41:16:0c:ff:0c:e7:61:45:
         3c:f7:34:54:81:3d:8c:e9:0c:76:10:af:81:79:ca:ac:99:82:
         83:92:a1:ca
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUePViLEOKZvMpOM57qQSMDmz2g60wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA2MTU0MDAwWhcNMjUxMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0A4MDI3NTEzYzM3MThhNDgwODAyNjRjYmE0YmQyMDcxZmU0
MjZiOWU1ZjEwNmRlMWIzYzBiZjViNTEzN2ZlYzM3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDGRCwrvVPwqW1IH4r7AZ1z4kPl+ddE/LqyF3SS8JxyyTIi
lKaqqbmZjl3A0wfF4ExFv7A0FNLX4WraWv6TdDDgqiV/cNhJjwbrxjanTMDZ7j2n
O6QBTtoTzL3jGrR14RPfb/6/c2zHkYsAic3RHpSeC7kXx01FGETgqCem38+JqPpw
2vAWumJQZcKbOvyvuushn1JB37k7aZhc2RvmtKLw4JdbOa0b8OO7mNh2gbPM4Ype
No5fRM4Cdv63X4nK29x4s7jkzaFXLSoxa2C+zZbX8F4k18XYPB6GIAbMJ89xGiSL
2ZNaDtCGJfPBjDiIfY21JVRCOK+lXgZ1cGrh+qa7AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUw+1Cr7Aup19hS6TGx+NDzKOL42AwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JkMWYxYzhhLTRjOTAtNDMzMS1hMzljLTU3MGY3Yjc5YWQ1NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCPqzANBgkqhkiG9w0BAQsFAAOCAQEAkn7elefLfP9Jq4ijvvf4o/AGdxTq
xhbF9EfGHEvMk4lz9s/JRGBBu5UI0hgwtab83dm7kdDnsD1XQnZobe1QcQquOacY
VwmKDnL7oLn0eLwn2qTn3v+9XfWGjrZOCIDdwmWfn5+x9XMB6SCT2vMmbOt1YU0d
fVxXz0XmCbo3YerQklOl+XV85Yg16eVUy3aJCIBXoNwQoxfDxZ9W7ryGts4VGRz+
T/iYCoY3/6PfPV6DFgoiUq3qTrQ8rpKDT8UtmQuJ+zw08/j7PyA0etOUm5RxTKex
uVsE4Bz0KNniV8mj7UEWDP8M52FFPPc0VIE9jOkMdhCvgXnKrJmCg5Khyg==
-----END CERTIFICATE-----