Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dc0fed9f-7447-4029-9575-fb4e3bbfa08f.roa
File:                     dc0fed9f-7447-4029-9575-fb4e3bbfa08f.roa (raw, json)
Hash identifier:          1QhFMHttdogt1LWcOqZw1zsjBay1/CfAKe6lyAaZcZQ=
Subject key identifier:   0E:55:90:B2:76:DA:14:1E:3F:AF:64:7A:25:26:DD:5F:9E:B4:68:60
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4ECA0EE3BC687C5836BCB9911DACFA6126DE6457
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dc0fed9f-7447-4029-9575-fb4e3bbfa08f.roa
Signing time:             Sat 18 Oct 2025 00:20:06 +0000
ROA not before:           Sat 18 Oct 2025 00:20:06 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        23.20.0.0/15 maxlen: 15
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:ca:0e:e3:bc:68:7c:58:36:bc:b9:91:1d:ac:fa:61:26:de:64:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 18 00:20:06 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=fac820a6c25ca1abf91e4613861084b878f2de7888e0a7a8cbc5619e848ace26, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:d4:87:de:04:23:0a:fc:a5:08:c3:d2:05:0d:
                    db:b5:fe:87:46:88:f1:61:b2:87:7c:e1:6c:a8:da:
                    16:26:98:d3:a3:d6:cf:9c:b0:c7:04:a7:f3:aa:5b:
                    8c:3c:7a:e1:c9:09:48:c7:8c:22:6c:ef:96:94:ea:
                    c1:e9:fb:46:19:b6:f0:29:be:dd:a1:35:82:19:d3:
                    42:87:2c:bc:99:89:0d:7e:1b:12:59:2b:34:02:62:
                    c3:c8:0e:6e:a9:d4:04:92:28:ab:ea:27:be:04:1f:
                    be:4b:df:96:c4:3b:7c:c9:64:72:eb:25:64:74:03:
                    a8:50:d7:6a:58:9d:d6:20:82:36:37:bc:84:39:73:
                    47:11:32:ea:d9:24:c4:da:a5:07:39:a7:13:bf:d9:
                    89:53:45:f6:ca:e2:03:37:76:8f:6b:1a:a7:70:62:
                    09:fb:d6:ec:c2:9f:f9:e7:21:5b:70:da:46:db:76:
                    d6:19:a3:be:0c:33:56:b7:47:38:07:4f:02:2e:cd:
                    e2:4b:ca:5b:75:bb:8e:0b:19:9b:26:dd:bc:12:22:
                    25:1e:17:9e:f1:4d:34:f5:09:83:dc:9f:c9:eb:7e:
                    91:38:34:e3:c4:ea:b0:25:2d:90:09:9e:4a:c9:96:
                    b8:eb:7b:5f:52:a6:40:1f:27:37:76:78:07:ec:ca:
                    e0:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:55:90:B2:76:DA:14:1E:3F:AF:64:7A:25:26:DD:5F:9E:B4:68:60
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dc0fed9f-7447-4029-9575-fb4e3bbfa08f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.20.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         8a:1d:60:cb:89:6e:e2:9f:dc:79:d9:db:1f:68:0f:f3:28:23:
         14:3a:6c:1a:50:0b:82:09:34:a7:12:47:41:8c:be:d6:7a:52:
         ed:aa:62:36:32:69:2a:e7:39:4c:a9:a4:87:7c:f8:1f:59:78:
         5a:c1:69:46:ee:52:1c:63:fd:89:91:e3:2d:4f:28:87:49:ec:
         9f:c9:4e:a5:4d:4e:2a:35:44:13:33:d5:4f:30:07:83:7c:8f:
         18:a1:61:ad:40:b6:47:5d:a0:b4:a7:ec:d4:e4:d2:a2:71:71:
         0d:ba:a6:a6:02:66:e6:84:45:7a:4f:01:52:98:09:e4:42:6a:
         c3:a2:09:9b:1e:a9:da:4f:dd:4d:f2:65:bd:6b:02:11:d7:95:
         2d:c9:93:0b:e1:5f:38:58:4f:7d:03:1d:59:c5:62:77:e6:6a:
         5e:58:67:24:fe:71:ec:88:ca:32:94:1a:5f:52:c1:25:5c:eb:
         cb:95:49:9e:03:b1:f5:2d:e6:ac:81:11:5c:96:9c:0f:13:32:
         2e:20:46:e5:a5:21:5a:11:64:e1:2c:80:d7:73:b4:12:6a:ba:
         62:97:26:8d:dc:3d:41:18:82:96:1f:47:8e:dd:7b:29:82:93:
         40:ef:36:2c:2d:0b:c5:22:4e:47:c7:72:dd:6f:c8:84:97:5a:
         97:9e:f8:98
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUTsoO47xofFg2vLmRHaz6YSbeZFcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE4MDAyMDA2WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BmYWM4MjBhNmMyNWNhMWFiZjkxZTQ2MTM4NjEwODRiODc4
ZjJkZTc4ODhlMGE3YThjYmM1NjE5ZTg0OGFjZTI2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDd1IfeBCMK/KUIw9IFDdu1/odGiPFhsod84Wyo2hYmmNOj
1s+csMcEp/OqW4w8euHJCUjHjCJs75aU6sHp+0YZtvApvt2hNYIZ00KHLLyZiQ1+
GxJZKzQCYsPIDm6p1ASSKKvqJ74EH75L35bEO3zJZHLrJWR0A6hQ12pYndYggjY3
vIQ5c0cRMurZJMTapQc5pxO/2YlTRfbK4gM3do9rGqdwYgn71uzCn/nnIVtw2kbb
dtYZo74MM1a3RzgHTwIuzeJLylt1u44LGZsm3bwSIiUeF57xTTT1CYPcn8nrfpE4
NOPE6rAlLZAJnkrJlrjre19SpkAfJzd2eAfsyuAHAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUDlWQsnbaFB4/r2R6JSbdX560aGAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RjMGZlZDlmLTc0NDctNDAyOS05NTc1LWZiNGUzYmJmYTA4Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwEXFDANBgkqhkiG9w0BAQsFAAOCAQEAih1gy4lu4p/cednbH2gP8ygjFDps
GlALggk0pxJHQYy+1npS7apiNjJpKuc5TKmkh3z4H1l4WsFpRu5SHGP9iZHjLU8o
h0nsn8lOpU1OKjVEEzPVTzAHg3yPGKFhrUC2R12gtKfs1OTSonFxDbqmpgJm5oRF
ek8BUpgJ5EJqw6IJmx6p2k/dTfJlvWsCEdeVLcmTC+FfOFhPfQMdWcVid+ZqXlhn
JP5x7IjKMpQaX1LBJVzry5VJngOx9S3mrIERXJacDxMyLiBG5aUhWhFk4SyA13O0
Emq6Ypcmjdw9QRiClh9Hjt17KYKTQO82LC0LxSJOR8dy3W/IhJdal574mA==
-----END CERTIFICATE-----