Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3343a77e-b68f-4389-bb59-4cc0720f7c2e.roa
File:                     3343a77e-b68f-4389-bb59-4cc0720f7c2e.roa (raw, json)
Hash identifier:          lkkSXonttJlDiJ8OC/Xljpj/x8JYpgX8AYzeJseNJRI=
Subject key identifier:   DA:2B:C2:8B:F4:F1:B4:93:1E:DC:6A:BF:4C:14:A0:04:06:88:A3:50
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       752A736CE16D0BA882997E3C719B4E775D5A5C7E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3343a77e-b68f-4389-bb59-4cc0720f7c2e.roa
Signing time:             Sun 02 Nov 2025 00:30:41 +0000
ROA not before:           Sun 02 Nov 2025 00:30:41 +0000
ROA not after:            Sun 07 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.151.176.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:2a:73:6c:e1:6d:0b:a8:82:99:7e:3c:71:9b:4e:77:5d:5a:5c:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  2 00:30:41 2025 GMT
            Not After : Dec  7 23:59:59 2025 GMT
        Subject: serialNumber=b3afa7db66e300028d822c2cb678650675ee1cd90bdffdcfe5d047dbb7bbe093, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:11:a5:6a:a1:27:80:55:63:83:7d:fb:ca:f3:
                    cb:2b:c8:27:8e:51:27:1a:14:23:c7:19:89:4b:8c:
                    f4:7b:c0:0f:95:df:b2:c7:1a:6a:ba:28:07:1a:28:
                    93:29:e7:1e:99:8c:2a:d5:4d:3b:07:45:ec:1d:b4:
                    4f:e0:6b:8d:63:00:8f:2c:b5:2d:cb:83:0d:a4:94:
                    eb:2f:8e:ac:1f:2c:06:2e:92:1e:e4:c8:05:f5:0a:
                    bc:29:04:24:6e:1e:b1:4d:3c:5c:69:63:ec:a4:fe:
                    b6:97:1c:28:85:4f:54:51:62:d2:f4:9e:e2:dd:8f:
                    67:9a:fb:f1:6b:5a:a4:75:01:26:ff:2b:d1:5a:eb:
                    2e:c5:f0:4c:42:29:02:20:14:b2:b6:2c:c4:6d:f2:
                    fa:27:bc:9c:26:a1:8b:d5:18:9c:e9:b4:6f:9c:32:
                    eb:d2:94:69:62:33:0a:d5:ad:4c:b2:57:1a:6d:f9:
                    9f:a3:0d:d3:04:c7:3d:5f:db:a4:2d:ec:16:4f:4f:
                    04:87:59:03:ae:c4:79:16:7f:40:51:9f:10:50:9d:
                    b5:67:fb:f9:72:69:38:f8:09:39:63:8c:db:a0:7e:
                    4f:80:62:2e:25:a3:2b:89:93:70:c6:65:e3:23:1a:
                    d3:ce:a7:73:23:ef:7e:51:9b:3a:0e:fd:cf:d4:56:
                    51:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:2B:C2:8B:F4:F1:B4:93:1E:DC:6A:BF:4C:14:A0:04:06:88:A3:50
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3343a77e-b68f-4389-bb59-4cc0720f7c2e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.151.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2e:f8:29:90:27:9a:b0:3d:42:0e:e5:6c:c3:d1:b7:af:e0:97:
         9a:3b:12:99:97:93:9e:79:2c:d8:43:59:ae:5b:c3:70:ca:f3:
         b6:9e:30:53:2e:4d:cc:49:76:55:24:33:1f:2a:e2:81:95:37:
         c5:d2:43:40:0f:a1:3a:b8:8f:71:92:cf:b1:61:ec:4d:3f:9b:
         3d:4e:d0:c2:08:15:05:a5:bf:5c:73:04:d7:35:1b:15:dc:9e:
         5d:9a:2a:a8:ce:11:6b:49:9a:98:ed:8d:c9:ab:c1:c8:de:b9:
         fd:e8:95:a7:54:70:59:f3:39:cd:f6:17:33:fb:cd:31:1f:c2:
         bf:22:76:06:ec:97:63:1b:b0:14:56:b0:97:3e:81:d2:41:5e:
         cf:3d:20:e8:a7:9b:08:e4:d6:95:67:a6:a0:14:29:fb:77:73:
         a8:0d:42:63:65:d2:3d:6b:65:7a:38:39:4a:21:80:a0:3f:66:
         c0:d0:86:66:e7:84:62:fd:22:87:2c:13:88:5f:02:c0:42:cc:
         c8:10:9d:19:dc:40:d6:37:01:86:76:61:2d:4f:5e:09:ae:f8:
         87:04:6f:60:26:fd:fe:78:8e:54:25:4f:38:bb:ad:e9:ce:42:
         5d:30:4c:c5:8b:41:91:67:ec:5d:76:9f:6a:98:31:de:69:c4:
         61:8f:36:d8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdSpzbOFtC6iCmX48cZtOd11aXH4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAyMDAzMDQxWhcNMjUxMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BiM2FmYTdkYjY2ZTMwMDAyOGQ4MjJjMmNiNjc4NjUwNjc1
ZWUxY2Q5MGJkZmZkY2ZlNWQwNDdkYmI3YmJlMDkzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDcEaVqoSeAVWODffvK88sryCeOUScaFCPHGYlLjPR7wA+V
37LHGmq6KAcaKJMp5x6ZjCrVTTsHRewdtE/ga41jAI8stS3Lgw2klOsvjqwfLAYu
kh7kyAX1CrwpBCRuHrFNPFxpY+yk/raXHCiFT1RRYtL0nuLdj2ea+/FrWqR1ASb/
K9Fa6y7F8ExCKQIgFLK2LMRt8vonvJwmoYvVGJzptG+cMuvSlGliMwrVrUyyVxpt
+Z+jDdMExz1f26Qt7BZPTwSHWQOuxHkWf0BRnxBQnbVn+/lyaTj4CTljjNugfk+A
Yi4loyuJk3DGZeMjGtPOp3Mj735RmzoO/c/UVlFVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU2ivCi/TxtJMe3Gq/TBSgBAaIo1AwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzMzNDNhNzdlLWI2OGYtNDM4OS1iYjU5LTRjYzA3MjBmN2MyZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJjl7AwDQYJKoZIhvcNAQELBQADggEBAC74KZAnmrA9Qg7lbMPRt6/gl5o7
EpmXk555LNhDWa5bw3DK87aeMFMuTcxJdlUkMx8q4oGVN8XSQ0APoTq4j3GSz7Fh
7E0/mz1O0MIIFQWlv1xzBNc1GxXcnl2aKqjOEWtJmpjtjcmrwcjeuf3oladUcFnz
Oc32FzP7zTEfwr8idgbsl2MbsBRWsJc+gdJBXs89IOinmwjk1pVnpqAUKft3c6gN
QmNl0j1rZXo4OUohgKA/ZsDQhmbnhGL9IocsE4hfAsBCzMgQnRncQNY3AYZ2YS1P
Xgmu+IcEb2Am/f54jlQlTzi7renOQl0wTMWLQZFn7F12n2qYMd5pxGGPNtg=
-----END CERTIFICATE-----