Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dec29220-326b-497f-82e6-de4ca3674083.roa
File:                     dec29220-326b-497f-82e6-de4ca3674083.roa (raw, json)
Hash identifier:          CdYIh8EYco0GeglrJEo2Si0KmIRK/kO1rZxOBy/HvFU=
Subject key identifier:   65:7F:CA:57:7E:19:7D:09:81:3E:A7:08:0D:C9:35:00:82:5B:9B:7B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       13C5F1DE734E95C74853A8371BC103DCD4C8CA1A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dec29220-326b-497f-82e6-de4ca3674083.roa
Signing time:             Mon 20 Oct 2025 05:40:06 +0000
ROA not before:           Mon 20 Oct 2025 05:40:06 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.139.72.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:c5:f1:de:73:4e:95:c7:48:53:a8:37:1b:c1:03:dc:d4:c8:ca:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 05:40:06 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=927d9891d650d17483677d7fdabcdd23422e1552571ab404257093e7a79093b4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:a3:55:87:13:a6:b7:38:5f:a2:59:1f:87:2a:
                    36:20:98:02:62:ac:57:bf:df:ba:ca:c5:84:3e:a0:
                    68:46:ad:4f:65:7b:f1:6a:6e:8f:cd:0e:a0:65:a5:
                    93:43:43:de:aa:9f:39:6d:08:f6:35:b9:23:b1:2b:
                    95:09:d4:cf:4d:c7:85:9c:ec:ea:3f:c1:0c:f0:df:
                    55:f7:74:9a:4c:b4:38:1b:ba:f0:f9:f5:9a:31:d1:
                    87:19:b4:b5:0b:53:38:1d:b8:ba:01:70:03:8e:71:
                    f8:36:3f:ab:6f:d3:1e:a4:17:d9:00:83:d6:28:96:
                    44:31:4e:5f:63:8e:11:7b:e5:ed:3e:12:b2:e2:77:
                    91:59:18:38:c5:b6:c6:8f:1a:eb:20:d3:67:d4:11:
                    f4:a8:24:51:ee:de:65:bb:da:d8:b0:ae:5e:3c:9b:
                    ac:2d:81:67:e7:a3:78:10:18:6d:fe:92:8f:d4:b2:
                    e4:4e:d9:fd:0c:02:73:e9:dd:80:61:39:54:e4:b0:
                    eb:0b:a9:88:40:e0:38:64:1a:45:80:bf:1c:51:86:
                    a0:4c:cc:0b:32:6e:c3:90:88:a6:91:f5:a2:23:15:
                    0d:27:cd:2f:65:50:67:14:03:e8:17:5b:4e:fa:c8:
                    d9:97:34:df:dc:ad:20:1c:da:ae:38:49:5b:7b:c1:
                    29:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:7F:CA:57:7E:19:7D:09:81:3E:A7:08:0D:C9:35:00:82:5B:9B:7B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dec29220-326b-497f-82e6-de4ca3674083.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.139.72.0/21

    Signature Algorithm: sha256WithRSAEncryption
         13:ab:dd:f4:ad:76:ec:6f:b1:0f:07:4c:50:59:e4:fa:a7:5f:
         91:e1:cf:6d:09:17:3f:95:2e:48:ae:fb:e9:69:3a:d3:76:cf:
         39:d3:af:19:1f:08:1b:e5:1e:9b:c9:ae:c3:3c:0b:dc:17:f7:
         f0:20:a2:91:92:68:4c:38:15:29:66:c9:2f:5f:9d:0b:25:01:
         62:43:a3:92:8f:8f:47:0d:e2:9a:67:4a:f1:36:2e:03:a3:1a:
         1a:c4:49:8a:2f:b8:6a:97:d6:68:f4:1c:43:a2:a0:dc:29:07:
         e0:74:df:14:c9:87:dc:f3:ec:f1:a2:20:ac:ca:13:8b:3a:65:
         19:42:63:04:79:d5:6a:a1:ff:a9:23:00:12:06:0e:a2:a9:29:
         04:ba:52:bd:a5:aa:ea:87:39:14:a9:b7:44:64:ad:53:5c:30:
         dd:d1:85:bf:db:36:03:a1:b3:10:db:4d:8c:09:f8:b0:62:2b:
         3e:a9:99:5f:66:1a:a6:03:57:93:03:68:41:e3:fe:ff:46:20:
         61:29:cf:a5:1f:bc:bc:11:10:82:5b:60:a8:81:34:5a:46:c1:
         5d:ad:44:a0:5d:d4:ac:e0:fb:e6:0d:dd:d3:fc:39:f4:de:a4:
         71:8a:30:87:8c:58:78:66:1b:e7:01:8d:30:ef:7c:a1:02:46:
         fe:b4:20:82
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUE8Xx3nNOlcdIU6g3G8ED3NTIyhowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDU0MDA2WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A5MjdkOTg5MWQ2NTBkMTc0ODM2NzdkN2ZkYWJjZGQyMzQy
MmUxNTUyNTcxYWI0MDQyNTcwOTNlN2E3OTA5M2I0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDXo1WHE6a3OF+iWR+HKjYgmAJirFe/37rKxYQ+oGhGrU9l
e/Fqbo/NDqBlpZNDQ96qnzltCPY1uSOxK5UJ1M9Nx4Wc7Oo/wQzw31X3dJpMtDgb
uvD59Zox0YcZtLULUzgduLoBcAOOcfg2P6tv0x6kF9kAg9YolkQxTl9jjhF75e0+
ErLid5FZGDjFtsaPGusg02fUEfSoJFHu3mW72tiwrl48m6wtgWfno3gQGG3+ko/U
suRO2f0MAnPp3YBhOVTksOsLqYhA4DhkGkWAvxxRhqBMzAsybsOQiKaR9aIjFQ0n
zS9lUGcUA+gXW076yNmXNN/crSAc2q44SVt7wSlRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZX/KV34ZfQmBPqcIDck1AIJbm3swHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RlYzI5MjIwLTMyNmItNDk3Zi04MmU2LWRlNGNhMzY3NDA4My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANsi0gwDQYJKoZIhvcNAQELBQADggEBABOr3fStduxvsQ8HTFBZ5PqnX5Hh
z20JFz+VLkiu++lpOtN2zznTrxkfCBvlHpvJrsM8C9wX9/AgopGSaEw4FSlmyS9f
nQslAWJDo5KPj0cN4ppnSvE2LgOjGhrESYovuGqX1mj0HEOioNwpB+B03xTJh9zz
7PGiIKzKE4s6ZRlCYwR51Wqh/6kjABIGDqKpKQS6Ur2lquqHORSpt0RkrVNcMN3R
hb/bNgOhsxDbTYwJ+LBiKz6pmV9mGqYDV5MDaEHj/v9GIGEpz6UfvLwREIJbYKiB
NFpGwV2tRKBd1Kzg++YN3dP8OfTepHGKMIeMWHhmG+cBjTDvfKECRv60III=
-----END CERTIFICATE-----