Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d6b24275-0a40-4f1f-b043-0d914be98547.roa
File:                     d6b24275-0a40-4f1f-b043-0d914be98547.roa (raw, json)
Hash identifier:          W6XDbrZZqyEuJl16CzuHM4I/lYGcEFd/wnu/wy24T58=
Subject key identifier:   8C:5C:2B:A6:6E:30:03:B2:AD:E1:7B:28:5F:44:2C:EB:F6:D3:2F:EF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4E0E940B85CFE105D331A1CE6AB29AD01A6E7051
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d6b24275-0a40-4f1f-b043-0d914be98547.roa
Signing time:             Tue 30 Sep 2025 00:23:04 +0000
ROA not before:           Tue 30 Sep 2025 00:23:04 +0000
ROA not after:            Tue 04 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        160.221.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:0e:94:0b:85:cf:e1:05:d3:31:a1:ce:6a:b2:9a:d0:1a:6e:70:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 30 00:23:04 2025 GMT
            Not After : Nov  4 23:59:59 2025 GMT
        Subject: serialNumber=133609e62545cea5d8dc1c1a2cd7931693b22b71f833ec366c128563848ef87b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:4d:14:7b:8a:a1:f0:50:e0:3e:ac:6c:5b:3e:
                    6c:df:87:49:f1:22:47:11:60:04:6c:6a:b2:8d:64:
                    e7:65:c6:fe:2d:72:87:a4:ba:1a:5e:6b:75:11:ce:
                    bf:6c:8e:a2:55:54:15:e5:e4:61:a3:37:38:73:c5:
                    4f:97:68:db:ff:15:2e:75:ec:8b:c7:e6:08:e0:62:
                    65:9e:5f:5b:e1:07:dd:35:bb:9f:9e:ef:fd:1d:eb:
                    de:27:47:82:2c:a3:36:0d:76:ca:1d:b2:ff:bd:d7:
                    7a:2f:9b:f9:f1:86:83:11:29:49:e8:16:20:7a:af:
                    6f:4d:0f:86:35:ec:78:f5:e0:f1:3a:7a:24:09:cb:
                    1e:29:5a:d5:23:5b:be:7a:c5:c4:50:25:97:0f:d3:
                    35:1c:3d:8f:3c:3f:97:92:a4:3b:bc:59:5c:eb:8d:
                    3e:ff:ff:d2:04:e7:43:04:20:56:d9:de:bf:4f:bf:
                    e4:4f:ba:a2:a2:26:99:2b:1d:9b:08:ca:59:47:5d:
                    69:5d:e8:59:4a:1f:1b:0a:c7:48:66:43:9a:de:d2:
                    a2:de:d8:e9:0f:f4:f3:d2:a2:0a:53:f0:67:ff:8e:
                    12:65:bb:57:66:9b:56:9c:3a:9c:c2:4c:9a:c9:39:
                    68:11:81:44:60:ae:71:d9:bd:cb:a8:a0:0d:a6:88:
                    e8:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:5C:2B:A6:6E:30:03:B2:AD:E1:7B:28:5F:44:2C:EB:F6:D3:2F:EF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d6b24275-0a40-4f1f-b043-0d914be98547.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.221.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         c4:30:ac:dc:c6:44:1e:8b:01:82:fd:e7:ce:76:5a:9c:9c:7a:
         69:15:11:aa:26:b4:ba:4c:1d:ea:fd:7a:37:aa:05:f4:d9:de:
         b9:ee:4f:b2:da:0d:7d:4f:9e:ae:06:cb:2f:44:b8:5d:7a:3c:
         c4:0e:8f:c6:7d:3e:f5:45:31:76:3c:da:d3:e3:3f:e0:67:86:
         c1:09:22:bd:33:37:fe:b7:8b:b8:3c:77:a3:39:f0:d3:78:3c:
         76:ac:42:a3:5b:65:1b:48:f0:4d:e7:b5:70:e6:6f:53:23:74:
         7b:e3:16:84:74:ee:5c:dd:b7:41:e5:52:0c:ac:2a:67:f2:32:
         c9:c9:fd:2a:65:6f:55:70:88:91:53:a2:8a:42:37:12:35:36:
         96:d3:26:13:02:d9:57:b4:65:36:d4:0a:90:3c:8d:3f:b6:c8:
         75:45:4c:eb:a4:3a:f0:b1:8a:95:99:60:7f:92:49:c7:46:6f:
         41:cd:30:a3:ab:bc:1e:e1:75:c7:68:67:c6:bf:d6:27:22:80:
         a8:9f:99:f7:3b:5f:62:79:1a:c9:70:4c:10:06:96:81:ce:20:
         50:9a:a9:a3:7e:45:8f:f0:c5:93:59:6b:12:5e:c2:18:d1:09:
         b5:bb:14:43:e8:85:21:61:ef:5b:b9:48:61:60:55:0e:30:a9:
         c3:a7:f8:89
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUTg6UC4XP4QXTMaHOarKa0BpucFEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTMwMDAyMzA0WhcNMjUxMTA0MjM1OTU5
WjB6MUkwRwYDVQQFE0AxMzM2MDllNjI1NDVjZWE1ZDhkYzFjMWEyY2Q3OTMxNjkz
YjIyYjcxZjgzM2VjMzY2YzEyODU2Mzg0OGVmODdiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDcTRR7iqHwUOA+rGxbPmzfh0nxIkcRYARsarKNZOdlxv4t
coekuhpea3URzr9sjqJVVBXl5GGjNzhzxU+XaNv/FS517IvH5gjgYmWeX1vhB901
u5+e7/0d694nR4IsozYNdsodsv+913ovm/nxhoMRKUnoFiB6r29ND4Y17Hj14PE6
eiQJyx4pWtUjW756xcRQJZcP0zUcPY88P5eSpDu8WVzrjT7//9IE50MEIFbZ3r9P
v+RPuqKiJpkrHZsIyllHXWld6FlKHxsKx0hmQ5re0qLe2OkP9PPSogpT8Gf/jhJl
u1dmm1acOpzCTJrJOWgRgURgrnHZvcuooA2miOgBAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUjFwrpm4wA7Kt4XsoX0Qs6/bTL+8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q2YjI0Mjc1LTBhNDAtNGYxZi1iMDQzLTBkOTE0YmU5ODU0Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCg3TANBgkqhkiG9w0BAQsFAAOCAQEAxDCs3MZEHosBgv3nznZanJx6aRUR
qia0ukwd6v16N6oF9Nneue5PstoNfU+ergbLL0S4XXo8xA6Pxn0+9UUxdjza0+M/
4GeGwQkivTM3/reLuDx3oznw03g8dqxCo1tlG0jwTee1cOZvUyN0e+MWhHTuXN23
QeVSDKwqZ/Iyycn9KmVvVXCIkVOiikI3EjU2ltMmEwLZV7RlNtQKkDyNP7bIdUVM
66Q68LGKlZlgf5JJx0ZvQc0wo6u8HuF1x2hnxr/WJyKAqJ+Z9ztfYnkayXBMEAaW
gc4gUJqpo35Fj/DFk1lrEl7CGNEJtbsUQ+iFIWHvW7lIYWBVDjCpw6f4iQ==
-----END CERTIFICATE-----