Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ecd878fa-04f1-4534-b5fc-34985326503c.roa
File:                     ecd878fa-04f1-4534-b5fc-34985326503c.roa (raw, json)
Hash identifier:          s0f474r+em1hURwMiGq3nYOpzpP13mkPrm064rl4aKA=
Subject key identifier:   7A:08:A9:52:26:3E:F4:C3:7F:B1:B8:0E:14:F1:9A:43:83:CA:EA:75
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       743122261477DDC9FF2E858AF091666FFDB9B29F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ecd878fa-04f1-4534-b5fc-34985326503c.roa
Signing time:             Mon 20 Oct 2025 04:01:45 +0000
ROA not before:           Mon 20 Oct 2025 04:01:45 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.159.21.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:31:22:26:14:77:dd:c9:ff:2e:85:8a:f0:91:66:6f:fd:b9:b2:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 04:01:45 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=e66a3beb02b65d04e88e13bd11645d661f548a73262c65f8d61dd327422a2810, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:60:9a:1a:03:0a:0d:95:a9:e3:61:e5:78:b9:
                    50:5e:70:ce:47:26:f7:a5:84:97:a6:6e:84:42:2e:
                    de:3b:32:79:82:75:ac:93:35:c9:d3:51:30:9e:66:
                    3c:f9:60:f9:17:b8:15:e6:b6:d4:0b:c7:8d:14:e5:
                    a2:0a:43:fe:81:c4:58:79:af:e5:62:68:3f:43:ac:
                    d1:cb:d4:1b:1a:66:10:8c:5c:06:d8:15:31:39:4b:
                    1f:43:b9:7f:c8:51:d6:4d:c5:8c:cb:17:2d:f4:7b:
                    1f:80:3c:8f:59:05:0c:25:7b:16:27:a0:9a:f1:0f:
                    eb:9d:c9:17:c7:85:a5:94:72:f9:a5:ae:7b:ca:72:
                    69:06:e0:7f:87:f3:11:51:d6:82:ae:8b:56:ab:8a:
                    e7:e0:99:2d:a1:f9:48:91:d4:71:50:d7:a6:c4:9c:
                    ef:57:70:6e:a1:bd:37:5a:88:19:28:60:f7:c7:53:
                    a7:8e:7f:bf:b7:60:02:1b:45:a9:e7:68:fd:a9:6f:
                    52:e0:34:5b:e5:dd:23:83:01:73:39:91:44:3b:d1:
                    a2:84:e9:f8:41:a7:d9:43:02:45:6d:b1:ff:10:77:
                    83:36:2e:2b:9e:d2:fb:02:53:97:2b:2b:c8:f4:5c:
                    c2:e2:e1:34:22:75:2e:e8:32:46:08:da:e2:b4:71:
                    49:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:08:A9:52:26:3E:F4:C3:7F:B1:B8:0E:14:F1:9A:43:83:CA:EA:75
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ecd878fa-04f1-4534-b5fc-34985326503c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.159.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:9b:80:49:3b:6f:91:96:53:fa:c0:a8:67:de:48:13:78:26:
         4d:b6:1e:eb:d3:e0:af:07:4e:08:25:07:08:49:9d:68:d4:31:
         08:ef:96:8d:ee:78:ef:67:e8:5d:7e:d6:8c:df:6f:ab:93:c4:
         38:49:4c:2b:54:31:ac:c2:62:e8:9c:35:fe:cf:d3:63:e4:35:
         43:c3:ae:20:4e:58:a0:e1:42:9c:cb:e4:9e:df:29:65:8d:f4:
         cf:54:de:c7:bf:de:1a:2a:15:45:ba:ac:c4:0f:a8:3e:a1:53:
         e7:77:69:92:16:9f:5c:79:7a:e2:b8:8f:9e:d9:23:0b:dd:34:
         44:2a:11:2a:0e:52:16:bb:e0:80:cd:c6:d4:c9:c4:4b:da:8e:
         9e:04:ec:f5:5b:09:53:75:01:6c:cf:b0:ec:63:c9:4e:a9:19:
         87:51:96:cb:1b:21:60:59:b7:df:26:2a:45:ba:59:a8:92:d5:
         ef:36:74:7e:b4:5f:fc:56:82:8d:be:65:ff:c7:3f:4b:bb:a6:
         1d:d9:49:04:df:f6:2a:88:30:bc:2a:ff:ce:22:ff:e3:00:9d:
         bd:d6:17:9c:ad:70:2c:29:40:a6:53:fa:54:ba:4d:8c:11:5c:
         08:80:51:fb:c9:6d:d5:11:27:5b:6f:50:44:96:fa:c0:96:68:
         d1:f9:b9:27
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdDEiJhR33cn/LoWK8JFmb/25sp8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDQwMTQ1WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BlNjZhM2JlYjAyYjY1ZDA0ZTg4ZTEzYmQxMTY0NWQ2NjFm
NTQ4YTczMjYyYzY1ZjhkNjFkZDMyNzQyMmEyODEwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCsYJoaAwoNlanjYeV4uVBecM5HJvelhJemboRCLt47MnmC
dayTNcnTUTCeZjz5YPkXuBXmttQLx40U5aIKQ/6BxFh5r+ViaD9DrNHL1BsaZhCM
XAbYFTE5Sx9DuX/IUdZNxYzLFy30ex+API9ZBQwlexYnoJrxD+udyRfHhaWUcvml
rnvKcmkG4H+H8xFR1oKui1ariufgmS2h+UiR1HFQ16bEnO9XcG6hvTdaiBkoYPfH
U6eOf7+3YAIbRannaP2pb1LgNFvl3SODAXM5kUQ70aKE6fhBp9lDAkVtsf8Qd4M2
Liue0vsCU5crK8j0XMLi4TQidS7oMkYI2uK0cUmLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUegipUiY+9MN/sbgOFPGaQ4PK6nUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2VjZDg3OGZhLTA0ZjEtNDUzNC1iNWZjLTM0OTg1MzI2NTAzYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsnxUwDQYJKoZIhvcNAQELBQADggEBAHWbgEk7b5GWU/rAqGfeSBN4Jk22
HuvT4K8HTgglBwhJnWjUMQjvlo3ueO9n6F1+1ozfb6uTxDhJTCtUMazCYuicNf7P
02PkNUPDriBOWKDhQpzL5J7fKWWN9M9U3se/3hoqFUW6rMQPqD6hU+d3aZIWn1x5
euK4j57ZIwvdNEQqESoOUha74IDNxtTJxEvajp4E7PVbCVN1AWzPsOxjyU6pGYdR
lssbIWBZt98mKkW6WaiS1e82dH60X/xWgo2+Zf/HP0u7ph3ZSQTf9iqIMLwq/84i
/+MAnb3WF5ytcCwpQKZT+lS6TYwRXAiAUfvJbdURJ1tvUESW+sCWaNH5uSc=
-----END CERTIFICATE-----