Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/38bc1d9a-dc0a-4557-8f0c-45df0c392516.roa
File:                     38bc1d9a-dc0a-4557-8f0c-45df0c392516.roa (raw, json)
Hash identifier:          W2qhjn1Frf387r6yewDcn5tYXVjqauu7uWt2gxs1UrA=
Subject key identifier:   BC:4C:0D:61:59:7D:F9:D9:F3:2D:BF:35:CA:19:B2:88:5C:2D:A1:8E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       685E7892DEC5D7589B2E2EE357031C8D1612BC80
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/38bc1d9a-dc0a-4557-8f0c-45df0c392516.roa
Signing time:             Tue 21 Oct 2025 00:41:39 +0000
ROA not before:           Tue 21 Oct 2025 00:41:39 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        86.112.0.0/15 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:5e:78:92:de:c5:d7:58:9b:2e:2e:e3:57:03:1c:8d:16:12:bc:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 21 00:41:39 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=6a0131e895bd01c220adc7c2a5392f1a173400b73108b38097e6c56bc0383ee0, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:d7:04:da:b4:a6:1d:ef:d0:c5:42:78:e1:e2:
                    2c:e4:f8:d1:6c:20:c4:ce:ac:08:aa:cd:1b:8c:5c:
                    83:8a:92:2b:77:86:8a:42:1b:ed:8a:56:d6:72:81:
                    eb:0f:89:54:b6:01:13:e6:20:12:19:8e:72:a8:02:
                    57:5d:3a:58:a3:73:19:df:c3:de:e0:3b:6e:9d:35:
                    db:df:eb:16:b0:f3:a2:a0:56:60:1d:95:77:03:24:
                    04:57:f8:6e:79:f2:9f:d8:1c:a1:12:4c:e1:d9:20:
                    8e:7a:c9:94:f0:51:15:63:f8:9b:39:8a:f2:96:f3:
                    1c:ba:1e:92:57:a4:ea:98:a5:ab:de:96:b7:0d:15:
                    8f:a3:65:98:b2:3c:66:a0:df:5e:55:23:15:3d:04:
                    40:ca:c2:b1:b3:89:22:51:8e:e8:59:2d:e3:8c:d9:
                    cf:e5:ef:14:68:20:52:7d:fd:2d:cd:30:3b:1c:0e:
                    9a:ea:28:63:8a:d5:b3:ad:69:24:aa:90:1b:35:13:
                    7e:08:b8:ce:a4:ca:fd:f5:51:57:20:f1:30:ad:dc:
                    17:a6:0b:6a:7d:8c:ea:b6:2d:24:37:56:ac:da:23:
                    12:c5:75:4d:69:ed:c4:c6:15:c4:d3:aa:4d:a1:ce:
                    3b:2c:7b:97:94:24:c8:0e:63:cc:0d:57:bb:eb:d4:
                    1e:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:4C:0D:61:59:7D:F9:D9:F3:2D:BF:35:CA:19:B2:88:5C:2D:A1:8E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/38bc1d9a-dc0a-4557-8f0c-45df0c392516.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.112.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         34:b5:36:ea:d8:f5:52:74:7f:0c:cd:ae:ea:af:a9:a2:85:06:
         83:55:42:4c:0e:b6:96:1e:d3:1d:96:c2:fa:1f:52:fa:88:18:
         b0:a1:2c:80:7a:9d:70:9e:9b:52:29:9d:12:94:b9:92:05:3f:
         30:3f:3d:53:bb:73:90:22:51:65:2c:45:8b:f5:ec:8c:ba:e2:
         e9:21:f6:57:3b:dc:61:a2:1f:47:32:ce:a2:67:07:7a:eb:72:
         75:ff:be:88:83:dd:4a:bc:86:50:d3:90:98:7e:e1:7a:66:6d:
         30:d6:f4:67:cd:8d:2f:49:52:6b:38:81:20:57:2f:78:bb:11:
         76:a4:1a:ab:ba:6f:7c:c7:6a:56:90:39:5c:d7:58:31:e6:5b:
         45:20:66:46:b9:69:08:e8:ff:d9:75:01:44:ab:79:5e:89:41:
         df:eb:89:1a:4e:9a:b3:8d:47:92:8d:49:bf:ef:b3:a4:30:72:
         df:d7:74:8a:54:dc:86:04:14:10:5d:67:38:81:99:97:81:6a:
         9a:84:96:b2:38:02:90:7b:23:01:55:8e:10:e7:3a:81:fd:bc:
         3c:a2:2f:c5:74:ce:67:99:19:8d:4c:68:f4:b1:24:4e:39:0b:
         ef:4e:9b:58:80:81:9a:48:d1:87:9e:c5:29:9f:b9:a0:ed:6a:
         6b:7d:a8:dc
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUaF54kt7F11ibLi7jVwMcjRYSvIAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIxMDA0MTM5WhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A2YTAxMzFlODk1YmQwMWMyMjBhZGM3YzJhNTM5MmYxYTE3
MzQwMGI3MzEwOGIzODA5N2U2YzU2YmMwMzgzZWUwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDG1wTatKYd79DFQnjh4izk+NFsIMTOrAiqzRuMXIOKkit3
hopCG+2KVtZygesPiVS2ARPmIBIZjnKoAlddOlijcxnfw97gO26dNdvf6xaw86Kg
VmAdlXcDJARX+G558p/YHKESTOHZII56yZTwURVj+Js5ivKW8xy6HpJXpOqYpave
lrcNFY+jZZiyPGag315VIxU9BEDKwrGziSJRjuhZLeOM2c/l7xRoIFJ9/S3NMDsc
DprqKGOK1bOtaSSqkBs1E34IuM6kyv31UVcg8TCt3BemC2p9jOq2LSQ3VqzaIxLF
dU1p7cTGFcTTqk2hzjsse5eUJMgOY8wNV7vr1B6DAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUvEwNYVl9+dnzLb81yhmyiFwtoY4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM4YmMxZDlhLWRjMGEtNDU1Ny04ZjBjLTQ1ZGYwYzM5MjUxNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwFWcDANBgkqhkiG9w0BAQsFAAOCAQEANLU26tj1UnR/DM2u6q+pooUGg1VC
TA62lh7THZbC+h9S+ogYsKEsgHqdcJ6bUimdEpS5kgU/MD89U7tzkCJRZSxFi/Xs
jLri6SH2VzvcYaIfRzLOomcHeutydf++iIPdSryGUNOQmH7hemZtMNb0Z82NL0lS
aziBIFcveLsRdqQaq7pvfMdqVpA5XNdYMeZbRSBmRrlpCOj/2XUBRKt5XolB3+uJ
Gk6as41Hko1Jv++zpDBy39d0ilTchgQUEF1nOIGZl4FqmoSWsjgCkHsjAVWOEOc6
gf28PKIvxXTOZ5kZjUxo9LEkTjkL706bWICBmkjRh57FKZ+5oO1qa32o3A==
-----END CERTIFICATE-----