Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d0e3fb9a-1677-41cb-ad7a-b5231049acda.roa
File:                     d0e3fb9a-1677-41cb-ad7a-b5231049acda.roa (raw, json)
Hash identifier:          Ij3nWP4miKTxf/bo81Sq9jyWu4U2OQtidpc4lKCcxps=
Subject key identifier:   60:01:4D:A8:E1:60:95:96:30:7E:42:6E:42:17:4A:DF:4C:51:DE:0D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       407661AEA488EA40A024E1178DF7B5AFD82BA797
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d0e3fb9a-1677-41cb-ad7a-b5231049acda.roa
Signing time:             Fri 26 Sep 2025 00:21:22 +0000
ROA not before:           Fri 26 Sep 2025 00:21:22 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        202.5.191.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:76:61:ae:a4:88:ea:40:a0:24:e1:17:8d:f7:b5:af:d8:2b:a7:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 26 00:21:22 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=e0d0a07ba169b3febaec56f0c8b58c4092c36549b4d49599486e4356b098a47c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:b0:a5:3b:64:37:8e:c2:27:b3:fc:ce:e7:8e:
                    82:57:e3:6c:82:b5:ef:79:8c:cb:8e:c8:1c:10:1c:
                    08:09:ad:81:73:16:ea:57:92:43:99:27:24:1d:f9:
                    84:52:d9:7d:6b:d5:5c:4d:f8:5c:e4:2d:f4:c2:0c:
                    27:f8:d1:e5:77:de:a8:64:08:ed:9c:57:d0:db:8e:
                    6a:aa:52:29:b1:67:12:f9:a1:7f:aa:c8:af:7b:d6:
                    af:26:e4:4d:17:44:f2:47:cf:bc:ee:b6:a5:5a:ef:
                    9f:7b:77:3d:db:81:03:11:27:54:d7:5b:ab:1c:a9:
                    f5:5a:24:63:c8:06:da:b9:5f:d7:aa:52:a1:22:c2:
                    db:24:dd:81:7f:88:4a:1b:c3:69:e5:90:2d:86:c6:
                    57:89:40:c2:a2:57:9d:f0:29:d5:47:69:1a:af:ed:
                    14:d7:99:c5:fc:13:a9:e7:8e:61:53:2f:8e:c4:4c:
                    66:15:56:5f:fc:2e:1c:55:ad:c1:b0:b9:05:a0:2b:
                    08:65:44:f2:9b:96:e8:85:b7:11:07:cd:6d:66:4b:
                    d9:fb:0c:7f:8b:d0:10:83:fb:f2:ce:e5:96:10:d2:
                    7b:dc:37:d5:6b:66:c9:ab:b2:4b:ce:fd:5d:99:da:
                    ec:63:39:23:c0:f0:0f:fe:bb:0e:4a:57:23:f2:ab:
                    8a:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:01:4D:A8:E1:60:95:96:30:7E:42:6E:42:17:4A:DF:4C:51:DE:0D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d0e3fb9a-1677-41cb-ad7a-b5231049acda.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.5.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:78:38:2a:93:36:68:26:31:de:04:17:93:1d:6f:bf:08:c4:
         4c:5b:85:8b:1c:7a:ec:01:e8:ab:ea:8b:d9:3c:5c:6d:f5:68:
         98:7c:b1:5e:3b:a2:d5:69:03:b2:48:6c:65:72:5b:9d:fc:78:
         7e:a8:bf:d6:e1:a5:3d:3e:7d:18:4c:e2:4b:db:08:6b:ba:e9:
         b6:c2:38:24:78:ce:f0:47:53:bd:ab:38:0f:31:74:19:4c:d5:
         e7:74:71:c5:86:da:79:78:4a:ab:a4:3d:70:b5:f6:81:07:36:
         5f:85:4d:41:b2:d9:2e:78:29:03:54:33:53:4b:3d:cc:9c:87:
         0d:41:7b:4d:48:ad:51:9d:ef:a7:02:ac:81:29:11:70:85:16:
         28:1d:da:e5:50:1c:b7:e6:64:be:e1:e8:54:33:a0:fe:2f:9c:
         1e:55:cf:33:24:0c:38:82:36:96:3b:2f:1c:bc:ae:21:63:4f:
         b6:2d:1e:f3:64:1e:d8:64:f7:72:09:d5:91:ca:71:bb:1b:9b:
         60:36:b7:26:15:75:35:b1:ba:3d:2a:67:48:e2:e4:fd:dc:f8:
         fd:24:30:2d:8a:46:bb:93:25:98:e5:13:ce:09:8e:b5:9d:00:
         ff:5a:a2:25:4e:89:f1:bf:68:96:74:d4:05:39:c3:5d:15:7c:
         12:bd:d3:27
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQHZhrqSI6kCgJOEXjfe1r9grp5cwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI2MDAyMTIyWhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BlMGQwYTA3YmExNjliM2ZlYmFlYzU2ZjBjOGI1OGM0MDky
YzM2NTQ5YjRkNDk1OTk0ODZlNDM1NmIwOThhNDdjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQClsKU7ZDeOwiez/M7njoJX42yCte95jMuOyBwQHAgJrYFz
FupXkkOZJyQd+YRS2X1r1VxN+FzkLfTCDCf40eV33qhkCO2cV9DbjmqqUimxZxL5
oX+qyK971q8m5E0XRPJHz7zutqVa7597dz3bgQMRJ1TXW6scqfVaJGPIBtq5X9eq
UqEiwtsk3YF/iEobw2nlkC2GxleJQMKiV53wKdVHaRqv7RTXmcX8E6nnjmFTL47E
TGYVVl/8LhxVrcGwuQWgKwhlRPKbluiFtxEHzW1mS9n7DH+L0BCD+/LO5ZYQ0nvc
N9VrZsmrskvO/V2Z2uxjOSPA8A/+uw5KVyPyq4pfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYAFNqOFglZYwfkJuQhdK30xR3g0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2QwZTNmYjlhLTE2NzctNDFjYi1hZDdhLWI1MjMxMDQ5YWNkYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADKBb8wDQYJKoZIhvcNAQELBQADggEBAC14OCqTNmgmMd4EF5Mdb78IxExb
hYsceuwB6Kvqi9k8XG31aJh8sV47otVpA7JIbGVyW538eH6ov9bhpT0+fRhM4kvb
CGu66bbCOCR4zvBHU72rOA8xdBlM1ed0ccWG2nl4SqukPXC19oEHNl+FTUGy2S54
KQNUM1NLPcychw1Be01IrVGd76cCrIEpEXCFFigd2uVQHLfmZL7h6FQzoP4vnB5V
zzMkDDiCNpY7Lxy8riFjT7YtHvNkHthk93IJ1ZHKcbsbm2A2tyYVdTWxuj0qZ0ji
5P3c+P0kMC2KRruTJZjlE84JjrWdAP9aoiVOifG/aJZ01AU5w10VfBK90yc=
-----END CERTIFICATE-----