Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/49a16218-d4ff-48dd-85aa-288cdc958f67.roa
File:                     49a16218-d4ff-48dd-85aa-288cdc958f67.roa (raw, json)
Hash identifier:          gnmAH8H5ri/f0r2q2VZArXB3QcdSCopG1OT8OHXdad0=
Subject key identifier:   4F:A1:FD:A5:6F:82:CA:3B:27:5D:BD:D1:23:27:7A:71:B6:E8:A3:C2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       05644B8638D807CE9FBF6A597ED16F4B138EE0E5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/49a16218-d4ff-48dd-85aa-288cdc958f67.roa
Signing time:             Wed 22 Oct 2025 00:20:52 +0000
ROA not before:           Wed 22 Oct 2025 00:20:52 +0000
ROA not after:            Wed 26 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        23.228.194.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:64:4b:86:38:d8:07:ce:9f:bf:6a:59:7e:d1:6f:4b:13:8e:e0:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 22 00:20:52 2025 GMT
            Not After : Nov 26 23:59:59 2025 GMT
        Subject: serialNumber=7995a9430c7e8aee8bbf2fbe35758e7519737c3cb22e8b876f5e69325a3eca49, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:5f:e8:ba:3a:29:10:c4:89:2c:c4:56:9b:9c:
                    4f:c0:b0:4e:8a:66:c0:cd:e5:c5:fe:54:ec:53:92:
                    7a:41:5c:79:1d:f6:95:5d:dc:61:6a:5e:da:a2:49:
                    df:07:b1:91:4d:2e:b6:80:fc:c1:17:b1:bd:21:b8:
                    88:31:8a:3e:ac:79:ea:77:dc:9b:48:64:ef:e2:ca:
                    f1:55:b0:5d:ca:4c:4f:5c:a0:13:f5:04:ee:75:1f:
                    fd:9a:34:94:c8:89:a1:60:c8:2f:eb:fe:08:47:c9:
                    d0:44:fb:04:d3:89:69:f7:06:57:3a:5c:fe:e7:e3:
                    f9:ea:8d:1c:f7:30:18:3c:56:a9:38:a7:76:d2:95:
                    0e:1f:66:4c:cd:9e:b5:98:2f:60:96:f2:32:45:7d:
                    b6:89:1a:33:9a:2b:e0:b5:a9:29:6b:37:4f:6f:3e:
                    78:35:44:ba:2f:07:ef:97:36:4f:9c:77:08:52:06:
                    be:7f:e3:b6:69:36:f5:12:c1:86:70:7f:d9:5f:22:
                    a2:ca:2b:f7:eb:6e:44:0c:9b:cd:e4:c8:0c:28:ce:
                    83:bf:c6:e9:7b:f5:3e:3c:e6:32:81:16:9b:0d:18:
                    b2:8f:ae:f5:d3:40:4e:28:a8:7a:31:e7:8c:fe:9e:
                    b9:ae:c0:af:35:af:8d:a5:a9:ca:98:31:09:13:6c:
                    9b:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:A1:FD:A5:6F:82:CA:3B:27:5D:BD:D1:23:27:7A:71:B6:E8:A3:C2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/49a16218-d4ff-48dd-85aa-288cdc958f67.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.228.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:26:81:cc:91:c6:99:ed:8f:62:63:d6:fe:00:f9:28:20:33:
         a2:a5:75:1d:e9:62:6e:72:4b:31:05:fb:35:e4:7f:68:30:c1:
         21:78:35:30:4b:53:1a:2c:4f:80:5a:c2:e8:19:d5:cf:3f:61:
         49:a1:9b:4d:88:3c:21:b7:7a:55:9e:1d:07:9e:9b:3f:5a:c9:
         7d:c0:65:62:7f:65:8b:ba:52:69:a8:b2:a9:6e:e2:99:34:33:
         f9:01:32:06:9b:83:e1:e6:52:83:39:2d:38:f8:f7:ea:e1:73:
         c7:70:9b:ed:5d:25:8b:19:98:e4:e1:f2:01:ec:68:a6:36:de:
         23:a8:5f:b0:a3:80:bf:70:2c:9d:74:6f:fd:a4:77:c8:17:44:
         20:c5:73:72:80:96:92:c4:49:e3:ff:f4:99:06:cb:d4:14:af:
         b8:91:15:b6:dd:61:48:b7:ea:db:37:66:cb:19:be:88:48:9a:
         69:20:36:73:d2:48:c4:e3:14:a3:d1:85:ca:e9:01:fa:94:d0:
         33:17:56:af:64:16:5f:d8:90:04:21:8f:62:7b:63:a8:04:f1:
         18:f8:e9:ac:9b:69:68:10:cd:ed:66:18:2a:61:b4:3b:01:7f:
         d3:87:dc:84:ec:b2:5b:4a:12:0f:6b:8b:34:2a:03:e4:c0:c6:
         18:a6:76:66
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBWRLhjjYB86fv2pZftFvSxOO4OUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIyMDAyMDUyWhcNMjUxMTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0A3OTk1YTk0MzBjN2U4YWVlOGJiZjJmYmUzNTc1OGU3NTE5
NzM3YzNjYjIyZThiODc2ZjVlNjkzMjVhM2VjYTQ5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDZX+i6OikQxIksxFabnE/AsE6KZsDN5cX+VOxTknpBXHkd
9pVd3GFqXtqiSd8HsZFNLraA/MEXsb0huIgxij6seep33JtIZO/iyvFVsF3KTE9c
oBP1BO51H/2aNJTIiaFgyC/r/ghHydBE+wTTiWn3Blc6XP7n4/nqjRz3MBg8Vqk4
p3bSlQ4fZkzNnrWYL2CW8jJFfbaJGjOaK+C1qSlrN09vPng1RLovB++XNk+cdwhS
Br5/47ZpNvUSwYZwf9lfIqLKK/frbkQMm83kyAwozoO/xul79T485jKBFpsNGLKP
rvXTQE4oqHox54z+nrmuwK81r42lqcqYMQkTbJu9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUT6H9pW+CyjsnXb3RIyd6cbboo8IwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ5YTE2MjE4LWQ0ZmYtNDhkZC04NWFhLTI4OGNkYzk1OGY2Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAX5MIwDQYJKoZIhvcNAQELBQADggEBAMEmgcyRxpntj2Jj1v4A+SggM6Kl
dR3pYm5ySzEF+zXkf2gwwSF4NTBLUxosT4BawugZ1c8/YUmhm02IPCG3elWeHQee
mz9ayX3AZWJ/ZYu6Ummosqlu4pk0M/kBMgabg+HmUoM5LTj49+rhc8dwm+1dJYsZ
mOTh8gHsaKY23iOoX7CjgL9wLJ10b/2kd8gXRCDFc3KAlpLESeP/9JkGy9QUr7iR
FbbdYUi36ts3ZssZvohImmkgNnPSSMTjFKPRhcrpAfqU0DMXVq9kFl/YkAQhj2J7
Y6gE8Rj46aybaWgQze1mGCphtDsBf9OH3ITssltKEg9rizQqA+TAxhimdmY=
-----END CERTIFICATE-----