Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/35d2d5b9-3e22-4ea3-834b-5942aa3af0d4.roa
File:                     35d2d5b9-3e22-4ea3-834b-5942aa3af0d4.roa (raw, json)
Hash identifier:          hKK07cL6+Ln9aTAShvmYYtPepzdC7GR1Xe+Rb/YB+eQ=
Subject key identifier:   1A:22:F0:61:55:7D:11:20:9B:A0:14:E5:45:C1:CE:E4:B8:D2:EB:CC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5DB485FEC8D58EA33D36CF81E5ED33257393C064
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/35d2d5b9-3e22-4ea3-834b-5942aa3af0d4.roa
Signing time:             Sun 02 Nov 2025 00:30:41 +0000
ROA not before:           Sun 02 Nov 2025 00:30:41 +0000
ROA not after:            Sun 07 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.151.178.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:b4:85:fe:c8:d5:8e:a3:3d:36:cf:81:e5:ed:33:25:73:93:c0:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  2 00:30:41 2025 GMT
            Not After : Dec  7 23:59:59 2025 GMT
        Subject: serialNumber=c93eace22ec75905fc9946c83a5049f6157d0af0846a87263704f16f8f6f0bf3, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:31:c2:2b:7a:6c:d0:d8:f5:58:5c:70:38:db:
                    08:b8:28:2c:e1:d4:b2:92:38:7e:f6:55:23:64:63:
                    dc:90:4b:74:e5:84:94:e8:b1:d1:8a:98:1e:7a:07:
                    e4:ec:4e:82:84:6f:54:0e:b3:30:26:91:1a:0b:11:
                    80:32:37:87:bc:58:25:53:ca:ac:37:7e:50:b6:b9:
                    d0:c8:07:13:13:4a:67:69:cb:1d:e1:48:29:a2:fb:
                    a8:d1:94:52:09:68:aa:24:3c:a4:72:ab:cb:a2:74:
                    0a:2f:91:a8:9e:98:f2:9a:81:72:92:d3:0c:9d:f4:
                    01:09:6c:8f:9e:ba:c0:8c:c3:69:54:77:36:2b:44:
                    02:6f:34:36:7a:f9:a2:b8:6f:b0:6e:bc:2c:f2:fb:
                    c7:c2:78:fe:47:c9:d2:4b:00:af:75:6c:05:7f:9f:
                    01:d9:33:a7:9c:4a:85:30:4a:d7:91:45:7b:ad:2a:
                    22:1d:9f:ae:79:11:d2:4c:11:ca:3d:00:f7:94:fb:
                    a9:a7:a6:c3:ef:36:ae:9d:ed:39:43:34:6a:e4:e2:
                    6b:82:77:95:a1:5f:14:97:26:e1:af:a8:6a:94:0a:
                    bd:f7:d9:10:7d:cd:e4:29:d9:53:73:16:68:d2:55:
                    45:02:9c:0d:77:b5:e8:a3:7f:61:2b:0a:d9:23:06:
                    43:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:22:F0:61:55:7D:11:20:9B:A0:14:E5:45:C1:CE:E4:B8:D2:EB:CC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/35d2d5b9-3e22-4ea3-834b-5942aa3af0d4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.151.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:f7:02:a8:7c:b5:22:21:6e:e4:56:a8:d4:a7:12:81:b5:a0:
         7a:c2:5b:06:cd:c2:a3:13:ab:de:59:3c:2c:b7:ec:de:93:db:
         12:4e:12:fd:4c:40:2d:33:4d:17:db:12:db:1e:8f:24:2f:1e:
         6b:dd:c1:1d:c4:8c:dc:e3:4c:d6:bc:5c:d6:b4:7e:c1:81:41:
         b6:fa:8c:0b:e7:19:55:e3:e7:61:69:cd:61:8e:6e:49:84:2f:
         f1:9f:cd:f0:cc:93:49:67:e4:c5:56:40:d9:f4:46:8c:d8:53:
         83:f4:2f:b3:bf:f0:75:c8:99:34:04:a3:22:19:9e:b9:75:f7:
         78:ed:ed:4c:b1:28:07:65:d2:8b:6a:ba:50:20:ba:06:4e:71:
         2c:28:6f:21:21:09:8a:e7:8c:09:f4:48:98:12:08:cb:6d:44:
         58:65:91:ab:4f:b2:21:5e:08:d2:0b:f0:82:ce:fe:6c:69:a1:
         4d:47:12:ba:05:cb:76:b6:57:2c:bf:95:ba:cb:fe:62:59:c1:
         82:cd:dd:94:32:2c:fa:00:49:c2:9f:93:b3:39:43:2b:2d:ea:
         d3:b1:31:01:b6:09:28:99:8f:42:1a:e2:7c:0b:f6:bc:35:29:
         17:79:41:3c:05:a3:88:03:d0:1d:81:bb:f6:08:46:09:36:28:
         8e:54:27:91
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXbSF/sjVjqM9Ns+B5e0zJXOTwGQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAyMDAzMDQxWhcNMjUxMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BjOTNlYWNlMjJlYzc1OTA1ZmM5OTQ2YzgzYTUwNDlmNjE1
N2QwYWYwODQ2YTg3MjYzNzA0ZjE2ZjhmNmYwYmYzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDOMcIremzQ2PVYXHA42wi4KCzh1LKSOH72VSNkY9yQS3Tl
hJTosdGKmB56B+TsToKEb1QOszAmkRoLEYAyN4e8WCVTyqw3flC2udDIBxMTSmdp
yx3hSCmi+6jRlFIJaKokPKRyq8uidAovkaiemPKagXKS0wyd9AEJbI+eusCMw2lU
dzYrRAJvNDZ6+aK4b7BuvCzy+8fCeP5HydJLAK91bAV/nwHZM6ecSoUwSteRRXut
KiIdn655EdJMEco9APeU+6mnpsPvNq6d7TlDNGrk4muCd5WhXxSXJuGvqGqUCr33
2RB9zeQp2VNzFmjSVUUCnA13teijf2ErCtkjBkPRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUGiLwYVV9ESCboBTlRcHO5LjS68wwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM1ZDJkNWI5LTNlMjItNGVhMy04MzRiLTU5NDJhYTNhZjBkNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjl7IwDQYJKoZIhvcNAQELBQADggEBAI33Aqh8tSIhbuRWqNSnEoG1oHrC
WwbNwqMTq95ZPCy37N6T2xJOEv1MQC0zTRfbEtsejyQvHmvdwR3EjNzjTNa8XNa0
fsGBQbb6jAvnGVXj52FpzWGObkmEL/GfzfDMk0ln5MVWQNn0RozYU4P0L7O/8HXI
mTQEoyIZnrl193jt7UyxKAdl0otqulAgugZOcSwobyEhCYrnjAn0SJgSCMttRFhl
katPsiFeCNIL8ILO/mxpoU1HEroFy3a2Vyy/lbrL/mJZwYLN3ZQyLPoAScKfk7M5
Qyst6tOxMQG2CSiZj0Ia4nwL9rw1KRd5QTwFo4gD0B2Bu/YIRgk2KI5UJ5E=
-----END CERTIFICATE-----