Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1c3c320a-4015-4d09-85af-05cf9a03532c.roa
File:                     1c3c320a-4015-4d09-85af-05cf9a03532c.roa (raw, json)
Hash identifier:          hsPgwpqfZ3lqgafyl47o+4WZR3MAHHofWpksB6q5u/E=
Subject key identifier:   88:7F:8C:BF:E2:DE:D9:AA:41:55:F6:9A:14:4E:22:38:29:E0:84:0C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7D8A159ECA50BC7340B88917684DB2566D235BBB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1c3c320a-4015-4d09-85af-05cf9a03532c.roa
Signing time:             Fri 31 Oct 2025 00:30:52 +0000
ROA not before:           Fri 31 Oct 2025 00:30:52 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        50.18.192.0/20 maxlen: 20
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:8a:15:9e:ca:50:bc:73:40:b8:89:17:68:4d:b2:56:6d:23:5b:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 31 00:30:52 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=e03a9a34a564cdbca633f62522462825b502499c8b8fb76c8ba6c64d185ab2b4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:23:0c:20:ec:51:4f:96:b7:c2:9f:d1:98:77:
                    b7:ef:0f:2a:93:9a:5f:55:47:db:b7:38:24:08:41:
                    70:67:34:21:c4:f1:6f:ef:61:68:a5:b1:30:7d:f2:
                    9c:87:35:cd:51:ef:eb:4d:53:9e:e0:fb:86:6c:b3:
                    5f:f3:7a:ea:d0:ac:02:11:b6:2f:eb:1b:81:76:4c:
                    d8:2d:d5:f2:7a:c3:a0:99:e4:e5:ed:01:5e:55:6d:
                    03:9a:ac:c4:fc:f8:4b:7b:c9:9c:bc:13:9d:c2:0e:
                    2b:4f:6e:81:95:91:5f:35:5a:99:54:1f:9a:c9:a2:
                    73:9b:75:d1:14:06:95:57:dd:ba:9e:d2:93:cf:ca:
                    6e:e3:28:b0:70:c5:4b:7c:68:ea:7d:0f:e1:a5:21:
                    91:9e:ce:66:2b:38:47:44:91:66:a5:8e:7f:f5:76:
                    13:ed:54:42:ca:46:ae:b2:51:ef:74:7c:b7:c5:66:
                    3d:f6:a1:e5:91:f6:00:15:2f:98:65:0b:2c:c8:31:
                    a0:ca:c9:2e:f1:a0:88:bc:82:7b:8f:63:95:bb:9c:
                    fa:34:b4:23:d2:f0:92:3b:f0:18:34:ad:82:1b:24:
                    db:10:9b:39:88:fa:69:55:87:58:ce:6a:61:2b:d2:
                    ce:d2:9f:76:45:11:73:ce:b6:70:a1:4c:0b:ea:0a:
                    7b:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:7F:8C:BF:E2:DE:D9:AA:41:55:F6:9A:14:4E:22:38:29:E0:84:0C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1c3c320a-4015-4d09-85af-05cf9a03532c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  50.18.192.0/20

    Signature Algorithm: sha256WithRSAEncryption
         35:69:2c:b1:ec:90:62:14:d1:a9:e0:e8:1f:65:87:0e:2e:71:
         cc:43:b6:22:ff:ef:db:1d:84:d0:36:76:bf:c2:19:38:25:b5:
         85:67:10:72:47:c6:b4:b9:05:17:38:ac:8c:bf:2c:17:90:c5:
         a3:6c:10:e7:92:7e:a8:53:11:80:d9:37:f9:3d:11:5a:7f:08:
         83:75:da:04:9d:62:3f:88:a2:2d:50:8f:9b:fa:27:0f:a2:13:
         25:d2:45:03:bb:38:5a:a1:39:f8:5d:ad:6f:76:7b:eb:1c:61:
         8d:c5:46:86:de:d2:af:ed:1b:3f:ee:fb:e1:ac:4f:fa:be:44:
         7a:ac:99:d2:91:20:2a:5d:66:ec:4b:17:6c:00:dd:82:ff:a5:
         6f:4a:fb:72:0c:94:81:94:33:18:ab:75:cc:01:00:5e:df:70:
         9b:12:39:41:e9:ba:a7:d9:b2:17:c4:58:e5:de:a8:10:1c:99:
         50:1e:68:6c:17:49:4e:df:bf:02:65:eb:34:7e:d3:c3:ee:bb:
         4c:e0:86:17:ce:2a:b2:f4:37:b4:9f:7c:de:cc:89:5e:52:d9:
         95:bd:6d:41:3b:49:3f:0a:ee:a2:ba:d0:6e:b4:f9:db:d1:e8:
         87:40:51:49:01:b7:1d:7b:9c:51:56:4b:2a:66:c0:c2:0b:86:
         d2:75:fd:fb
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfYoVnspQvHNAuIkXaE2yVm0jW7swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDMxMDAzMDUyWhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BlMDNhOWEzNGE1NjRjZGJjYTYzM2Y2MjUyMjQ2MjgyNWI1
MDI0OTljOGI4ZmI3NmM4YmE2YzY0ZDE4NWFiMmI0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7Iwwg7FFPlrfCn9GYd7fvDyqTml9VR9u3OCQIQXBnNCHE
8W/vYWilsTB98pyHNc1R7+tNU57g+4Zss1/zeurQrAIRti/rG4F2TNgt1fJ6w6CZ
5OXtAV5VbQOarMT8+Et7yZy8E53CDitPboGVkV81WplUH5rJonObddEUBpVX3bqe
0pPPym7jKLBwxUt8aOp9D+GlIZGezmYrOEdEkWaljn/1dhPtVELKRq6yUe90fLfF
Zj32oeWR9gAVL5hlCyzIMaDKyS7xoIi8gnuPY5W7nPo0tCPS8JI78Bg0rYIbJNsQ
mzmI+mlVh1jOamEr0s7Sn3ZFEXPOtnChTAvqCnvdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUiH+Mv+Le2apBVfaaFE4iOCnghAwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFjM2MzMjBhLTQwMTUtNGQwOS04NWFmLTA1Y2Y5YTAzNTMyYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQyEsAwDQYJKoZIhvcNAQELBQADggEBADVpLLHskGIU0ang6B9lhw4uccxD
tiL/79sdhNA2dr/CGTgltYVnEHJHxrS5BRc4rIy/LBeQxaNsEOeSfqhTEYDZN/k9
EVp/CIN12gSdYj+Ioi1Qj5v6Jw+iEyXSRQO7OFqhOfhdrW92e+scYY3FRobe0q/t
Gz/u++GsT/q+RHqsmdKRICpdZuxLF2wA3YL/pW9K+3IMlIGUMxirdcwBAF7fcJsS
OUHpuqfZshfEWOXeqBAcmVAeaGwXSU7fvwJl6zR+08Puu0zghhfOKrL0N7SffN7M
iV5S2ZW9bUE7ST8K7qK60G60+dvR6IdAUUkBtx17nFFWSypmwMILhtJ1/fs=
-----END CERTIFICATE-----