Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5e0a2129-9dc9-4f7b-b350-4e41028e5506.roa
File:                     5e0a2129-9dc9-4f7b-b350-4e41028e5506.roa (raw, json)
Hash identifier:          xXUP/XFjcyzydgNSazbcUFTS6QVsDyyksF02hEW1Ea0=
Subject key identifier:   14:0E:CC:4B:8B:9C:C6:38:EC:C4:D1:33:11:33:BA:15:F6:A6:FB:F0
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2F592138A3ECC2C8CF1104837F403333C1F6AD32
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5e0a2129-9dc9-4f7b-b350-4e41028e5506.roa
Signing time:             Sun 26 Oct 2025 00:30:54 +0000
ROA not before:           Sun 26 Oct 2025 00:30:54 +0000
ROA not after:            Sun 30 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.252.71.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:59:21:38:a3:ec:c2:c8:cf:11:04:83:7f:40:33:33:c1:f6:ad:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 26 00:30:54 2025 GMT
            Not After : Nov 30 23:59:59 2025 GMT
        Subject: serialNumber=f0a40a758a7bfd6b3f3dc0f91998dc3037a0ce32d254ecbd6f1ccf677c4bd1c2, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:7a:df:fe:c2:d0:cc:76:b7:8b:07:b1:04:e6:
                    dd:5d:5f:af:84:6f:ca:6c:56:39:38:60:79:c8:29:
                    ea:ec:e3:fb:5a:19:98:e8:4d:1d:b6:68:e7:06:8d:
                    a7:aa:c3:56:92:d6:e5:f4:f5:60:94:ee:af:08:e4:
                    06:d5:b6:b8:19:57:36:d0:68:1b:f9:e8:b2:4b:f0:
                    6b:b7:fc:87:aa:75:80:1a:69:d4:4f:8d:b4:48:40:
                    d1:1f:9f:4a:de:2e:7b:39:5c:53:23:5b:5e:07:31:
                    44:b0:d2:b1:54:b2:ab:75:73:ff:f1:5b:96:36:56:
                    c0:b4:83:be:a9:49:88:ae:d7:16:0d:0a:cb:31:ff:
                    ea:7e:a0:4a:83:e8:d8:eb:46:91:dc:dc:b8:8e:ad:
                    20:58:5f:52:07:35:25:bd:61:39:a0:da:4a:41:e0:
                    ac:2a:74:9a:49:1d:65:2d:34:d3:d6:e9:af:c2:1a:
                    42:c5:87:da:4d:e6:f4:40:2e:b6:13:e4:40:16:0b:
                    41:f0:b0:3a:e3:42:46:4e:0d:b7:e9:46:37:95:51:
                    d7:ff:10:d6:86:17:e5:9e:ce:e9:72:ad:55:d7:8e:
                    e5:8b:43:c8:f1:75:47:fb:d5:a8:38:90:48:98:57:
                    b6:2a:46:db:a7:d7:ad:9e:fd:69:77:54:81:03:fc:
                    9b:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:0E:CC:4B:8B:9C:C6:38:EC:C4:D1:33:11:33:BA:15:F6:A6:FB:F0
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5e0a2129-9dc9-4f7b-b350-4e41028e5506.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.252.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:e9:93:45:1a:b4:f8:34:29:85:95:fc:4d:db:5d:a0:65:63:
         77:ba:84:b7:57:2c:3c:0f:50:f2:4b:e9:2b:51:57:5d:13:a0:
         0b:37:a8:26:b5:f2:26:87:0b:da:02:f8:9d:49:02:c2:e2:d4:
         40:94:f0:85:86:e4:00:34:8d:8d:ac:58:28:59:a3:d2:55:94:
         8a:a6:e9:64:b5:be:19:96:0f:1f:02:1c:f2:b2:7f:ed:83:fa:
         f2:f3:dc:3c:03:16:fc:19:60:0e:5b:c6:6f:f7:fa:73:a3:cf:
         d8:80:e3:7a:b4:a3:62:f3:e1:ac:f8:f3:1a:9c:04:59:c6:dd:
         88:d0:e0:93:94:78:2d:a5:ac:3c:3a:0e:7f:a0:b5:a5:c8:ad:
         72:b3:cc:4d:49:2a:3a:a8:46:4c:78:44:6a:b2:42:0f:90:77:
         1a:c6:2e:26:b9:65:46:79:f4:be:b7:09:65:d4:2d:98:8d:34:
         15:0d:d6:2f:c8:67:8e:75:13:21:1d:d4:34:b1:b3:ad:6e:15:
         0a:73:15:e5:14:25:ed:36:04:90:f4:31:a3:fc:2f:3b:de:7e:
         b8:bb:a1:8e:ae:c4:71:07:5c:a6:f0:d5:da:d9:a7:fc:66:b8:
         57:57:33:b7:0c:5d:17:46:d9:3b:9a:ba:e9:0f:a0:e9:85:95:
         9a:0b:cd:8d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUL1khOKPswsjPEQSDf0AzM8H2rTIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI2MDAzMDU0WhcNMjUxMTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BmMGE0MGE3NThhN2JmZDZiM2YzZGMwZjkxOTk4ZGMzMDM3
YTBjZTMyZDI1NGVjYmQ2ZjFjY2Y2NzdjNGJkMWMyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDtet/+wtDMdreLB7EE5t1dX6+Eb8psVjk4YHnIKers4/ta
GZjoTR22aOcGjaeqw1aS1uX09WCU7q8I5AbVtrgZVzbQaBv56LJL8Gu3/IeqdYAa
adRPjbRIQNEfn0reLns5XFMjW14HMUSw0rFUsqt1c//xW5Y2VsC0g76pSYiu1xYN
Cssx/+p+oEqD6NjrRpHc3LiOrSBYX1IHNSW9YTmg2kpB4KwqdJpJHWUtNNPW6a/C
GkLFh9pN5vRALrYT5EAWC0HwsDrjQkZODbfpRjeVUdf/ENaGF+WezulyrVXXjuWL
Q8jxdUf71ag4kEiYV7YqRtun162e/Wl3VIED/JuJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUFA7MS4ucxjjsxNEzETO6Ffam+/AwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzVlMGEyMTI5LTlkYzktNGY3Yi1iMzUwLTRlNDEwMjhlNTUwNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABA/EcwDQYJKoZIhvcNAQELBQADggEBADHpk0UatPg0KYWV/E3bXaBlY3e6
hLdXLDwPUPJL6StRV10ToAs3qCa18iaHC9oC+J1JAsLi1ECU8IWG5AA0jY2sWChZ
o9JVlIqm6WS1vhmWDx8CHPKyf+2D+vLz3DwDFvwZYA5bxm/3+nOjz9iA43q0o2Lz
4az48xqcBFnG3YjQ4JOUeC2lrDw6Dn+gtaXIrXKzzE1JKjqoRkx4RGqyQg+QdxrG
Lia5ZUZ59L63CWXULZiNNBUN1i/IZ451EyEd1DSxs61uFQpzFeUUJe02BJD0MaP8
Lzvefri7oY6uxHEHXKbw1drZp/xmuFdXM7cMXRdG2TuauukPoOmFlZoLzY0=
-----END CERTIFICATE-----