Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f29adbc5-b5cd-46c1-8740-37db8845b968.roa
File:                     f29adbc5-b5cd-46c1-8740-37db8845b968.roa (raw, json)
Hash identifier:          qRoLmh2ibnbSXmevKQpNtrlgxHQfyFw1uT+enQjBpHs=
Subject key identifier:   F0:54:FC:B5:C0:86:C1:3E:10:30:C7:EC:7C:BB:E1:79:CD:02:DE:A6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2389ABF489C3E3605D20F6EC0C9BBCAE6ECEF476
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f29adbc5-b5cd-46c1-8740-37db8845b968.roa
Signing time:             Fri 03 Oct 2025 00:42:11 +0000
ROA not before:           Fri 03 Oct 2025 00:42:11 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        67.220.240.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:89:ab:f4:89:c3:e3:60:5d:20:f6:ec:0c:9b:bc:ae:6e:ce:f4:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 00:42:11 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=75ec0eaf386737992d635b1b37969145ddb0da421e1c480826980dec9f591c00, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:2c:c1:ed:0a:74:06:65:7a:6d:64:9e:f2:44:
                    5f:b9:eb:5f:e4:65:09:c5:b9:b6:24:cd:73:03:79:
                    9b:c3:84:56:93:c3:59:6d:28:cd:8c:ac:bd:e6:02:
                    82:c7:54:d6:8e:62:7f:58:a5:6c:03:78:5b:e4:a5:
                    51:4a:a4:c0:79:39:b4:67:41:3a:c4:d5:db:8b:8a:
                    a0:c6:63:ea:ba:2f:d9:cd:93:82:69:e1:ca:9a:0e:
                    d1:64:01:79:1c:8e:47:70:9a:7f:eb:ec:70:78:e9:
                    ac:27:50:8f:af:bc:28:3b:a7:69:44:30:4e:4a:ec:
                    00:39:d7:94:79:f7:ad:e3:72:f0:01:84:f6:6b:4b:
                    f9:8e:04:6d:cf:38:15:57:b3:fe:5b:c9:94:32:d5:
                    04:f9:f2:40:00:51:60:85:95:f1:1e:fe:fe:56:79:
                    56:e3:ff:ea:bc:d2:15:a8:30:f0:0d:bb:ed:be:d2:
                    de:69:23:13:27:38:dd:6c:15:29:70:71:67:72:4d:
                    33:00:d6:e6:88:83:f3:6a:f6:da:a5:98:19:4c:3a:
                    09:55:d8:c3:0e:7f:02:16:6b:8f:77:00:64:ed:5f:
                    2d:28:de:5e:b7:3a:12:7f:65:f3:31:01:17:e1:e8:
                    e9:47:17:b7:8b:25:0f:a6:ef:b8:28:d6:a4:b7:3d:
                    26:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:54:FC:B5:C0:86:C1:3E:10:30:C7:EC:7C:BB:E1:79:CD:02:DE:A6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f29adbc5-b5cd-46c1-8740-37db8845b968.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  67.220.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         7e:7a:b8:13:ae:8e:bd:d9:3a:7c:6c:3e:66:d7:10:02:d4:fa:
         53:9a:2a:0f:b6:2e:f2:f0:32:8b:b0:f3:13:9b:b9:8b:db:77:
         78:16:60:06:c6:92:94:87:96:aa:b3:3b:e7:5d:3f:85:94:bd:
         d8:c1:11:a2:71:f8:c4:86:89:8b:a2:b9:0f:52:21:e5:cf:0c:
         7f:7c:e6:0e:44:0e:ea:e2:be:0a:94:98:f0:00:c3:1f:ea:5f:
         a8:26:bb:59:51:31:1c:ef:2e:c9:17:4c:93:cf:2f:06:12:ac:
         28:c1:66:17:da:db:e6:5a:9b:bc:7d:45:69:9c:04:e6:ef:c8:
         8c:47:94:6b:b9:ca:26:dd:e3:d6:a0:ff:e9:cb:c0:bc:ce:d4:
         8d:98:37:37:2f:58:da:26:01:8e:e3:fc:15:92:42:d8:fc:99:
         29:51:88:0f:cd:2b:be:b7:33:bf:f7:86:dc:8a:2f:1d:08:d8:
         0f:ca:c2:ce:e1:41:88:b3:2b:d7:b0:cb:9b:df:2e:8a:d9:7a:
         ec:0e:c1:ff:8a:3f:10:1c:23:40:06:2b:fb:09:33:2a:da:f1:
         91:11:02:7c:47:79:27:62:95:49:ae:3f:3f:b3:f3:96:1d:40:
         e2:8e:6d:71:b1:a0:e6:94:87:8d:84:81:44:ad:0b:29:60:f6:
         78:9b:e8:54
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUI4mr9InD42BdIPbsDJu8rm7O9HYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMDA0MjExWhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A3NWVjMGVhZjM4NjczNzk5MmQ2MzViMWIzNzk2OTE0NWRk
YjBkYTQyMWUxYzQ4MDgyNjk4MGRlYzlmNTkxYzAwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCTLMHtCnQGZXptZJ7yRF+561/kZQnFubYkzXMDeZvDhFaT
w1ltKM2MrL3mAoLHVNaOYn9YpWwDeFvkpVFKpMB5ObRnQTrE1duLiqDGY+q6L9nN
k4Jp4cqaDtFkAXkcjkdwmn/r7HB46awnUI+vvCg7p2lEME5K7AA515R5963jcvAB
hPZrS/mOBG3POBVXs/5byZQy1QT58kAAUWCFlfEe/v5WeVbj/+q80hWoMPANu+2+
0t5pIxMnON1sFSlwcWdyTTMA1uaIg/Nq9tqlmBlMOglV2MMOfwIWa493AGTtXy0o
3l63OhJ/ZfMxARfh6OlHF7eLJQ+m77go1qS3PSaLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU8FT8tcCGwT4QMMfsfLvhec0C3qYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2YyOWFkYmM1LWI1Y2QtNDZjMS04NzQwLTM3ZGI4ODQ1Yjk2OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBARD3PAwDQYJKoZIhvcNAQELBQADggEBAH56uBOujr3ZOnxsPmbXEALU+lOa
Kg+2LvLwMouw8xObuYvbd3gWYAbGkpSHlqqzO+ddP4WUvdjBEaJx+MSGiYuiuQ9S
IeXPDH985g5EDurivgqUmPAAwx/qX6gmu1lRMRzvLskXTJPPLwYSrCjBZhfa2+Za
m7x9RWmcBObvyIxHlGu5yibd49ag/+nLwLzO1I2YNzcvWNomAY7j/BWSQtj8mSlR
iA/NK763M7/3htyKLx0I2A/Kws7hQYizK9ewy5vfLorZeuwOwf+KPxAcI0AGK/sJ
Myra8ZERAnxHeSdilUmuPz+z85YdQOKObXGxoOaUh42EgUStCylg9nib6FQ=
-----END CERTIFICATE-----