Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/707b5de7-4469-4150-b167-4708f1391d71.roa
File:                     707b5de7-4469-4150-b167-4708f1391d71.roa (raw, json)
Hash identifier:          mKFsikY8EfdpMvyo/Soc96QhlSQG7m9GX0ohQD6sASA=
Subject key identifier:   A5:74:A4:61:01:C9:A7:89:00:B7:E1:78:5F:91:5A:A1:29:5F:0A:3D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       501F9596B4E2C8DE6F2BA081B8D261EFD1A9C7D4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/707b5de7-4469-4150-b167-4708f1391d71.roa
Signing time:             Tue 21 Oct 2025 00:20:50 +0000
ROA not before:           Tue 21 Oct 2025 00:20:50 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        158.254.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:1f:95:96:b4:e2:c8:de:6f:2b:a0:81:b8:d2:61:ef:d1:a9:c7:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 21 00:20:50 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=c949bc77b86ccddf423cfc81d5a73ea17ac38f62e1af5c1a851719638d021c59, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:82:4c:7c:bc:2c:5e:b7:0f:6b:eb:7c:32:83:
                    96:ba:8d:7f:f4:72:d4:78:ff:0f:d9:d9:c3:b7:78:
                    62:de:4d:0f:73:54:90:3f:48:53:9f:ea:28:b6:93:
                    36:7e:12:07:7a:72:e2:51:d2:82:74:92:40:e4:7c:
                    36:87:13:d5:38:45:1f:b6:d1:31:e1:59:b5:0e:0e:
                    fe:4d:65:9e:3f:19:3e:45:e6:58:23:07:c3:63:db:
                    21:b5:5d:cb:42:0b:a8:42:a7:76:e2:d4:3c:32:a3:
                    dc:81:41:e9:5a:b2:49:42:0f:1f:45:0f:ad:f6:9d:
                    2b:ec:0b:da:9f:ce:fa:a8:2a:80:0b:d7:00:27:51:
                    98:70:1a:ce:4f:ca:77:0d:a1:ca:c9:4d:78:b4:28:
                    a4:33:b7:50:b1:0f:c9:41:5f:51:8e:42:72:bf:a8:
                    ec:52:74:27:46:7d:74:4a:05:a2:71:d2:64:59:1a:
                    5f:e5:dd:29:f8:e1:5b:1f:00:bd:f8:af:b3:61:b2:
                    bf:45:4c:8a:c6:ff:af:e9:07:27:5a:d6:65:0b:1a:
                    24:76:bc:8c:1c:4b:3c:af:2e:cb:3a:7b:80:37:f9:
                    fe:59:58:89:3a:0e:91:05:64:ff:cd:e2:88:18:d4:
                    4c:2e:05:5c:53:61:d7:61:59:3c:9d:31:2a:78:0c:
                    76:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:74:A4:61:01:C9:A7:89:00:B7:E1:78:5F:91:5A:A1:29:5F:0A:3D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/707b5de7-4469-4150-b167-4708f1391d71.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.254.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         24:89:12:4c:f6:50:c6:c7:74:cf:2b:6e:f3:c0:4f:ae:e3:c2:
         5f:9f:e4:98:e8:27:ca:4e:a5:09:bd:a3:82:a8:df:31:2e:e9:
         35:08:2a:4b:6b:b4:09:3d:08:70:0f:5e:a4:66:c3:ae:ab:03:
         e0:9f:f6:5c:ec:c6:bd:c1:1b:88:fa:e1:5a:cf:dd:86:8f:3e:
         1c:88:75:4e:47:03:f1:d6:75:0d:ba:b7:bc:2c:01:48:e8:99:
         56:ae:58:00:e9:b4:d2:4e:8e:c5:1e:b0:9c:07:4c:d3:d3:59:
         23:e1:9c:26:97:ff:4b:88:dd:5f:c9:7c:91:f8:62:a4:8f:95:
         63:5d:9e:cd:7d:70:21:e2:50:63:c7:04:eb:a3:fd:be:f4:0f:
         b5:92:13:61:c7:90:3a:b2:d8:08:aa:58:2b:a1:19:c5:48:0c:
         e1:a8:75:61:81:00:9b:83:33:9a:4b:4a:e3:10:99:2d:25:57:
         0a:d8:7c:6e:78:0e:49:e0:65:fd:f3:7d:e2:33:00:9a:59:1c:
         11:cc:21:c4:e2:54:85:97:4f:2c:4a:31:d5:70:ce:a5:7b:ff:
         e2:75:68:78:f8:9c:6f:0c:bc:d2:e3:af:22:19:8a:93:93:22:
         96:0c:b1:7c:20:53:ac:66:40:6a:77:73:4d:da:d9:ba:ef:02:
         a3:9c:4d:ff
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUUB+VlrTiyN5vK6CBuNJh79Gpx9QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIxMDAyMDUwWhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BjOTQ5YmM3N2I4NmNjZGRmNDIzY2ZjODFkNWE3M2VhMTdh
YzM4ZjYyZTFhZjVjMWE4NTE3MTk2MzhkMDIxYzU5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCbgkx8vCxetw9r63wyg5a6jX/0ctR4/w/Z2cO3eGLeTQ9z
VJA/SFOf6ii2kzZ+Egd6cuJR0oJ0kkDkfDaHE9U4RR+20THhWbUODv5NZZ4/GT5F
5lgjB8Nj2yG1XctCC6hCp3bi1Dwyo9yBQelasklCDx9FD632nSvsC9qfzvqoKoAL
1wAnUZhwGs5PyncNocrJTXi0KKQzt1CxD8lBX1GOQnK/qOxSdCdGfXRKBaJx0mRZ
Gl/l3Sn44VsfAL34r7Nhsr9FTIrG/6/pByda1mULGiR2vIwcSzyvLss6e4A3+f5Z
WIk6DpEFZP/N4ogY1EwuBVxTYddhWTydMSp4DHYhAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUpXSkYQHJp4kAt+F4X5FaoSlfCj0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzcwN2I1ZGU3LTQ0NjktNDE1MC1iMTY3LTQ3MDhmMTM5MWQ3MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCe/jANBgkqhkiG9w0BAQsFAAOCAQEAJIkSTPZQxsd0zytu88BPruPCX5/k
mOgnyk6lCb2jgqjfMS7pNQgqS2u0CT0IcA9epGbDrqsD4J/2XOzGvcEbiPrhWs/d
ho8+HIh1TkcD8dZ1Dbq3vCwBSOiZVq5YAOm00k6OxR6wnAdM09NZI+GcJpf/S4jd
X8l8kfhipI+VY12ezX1wIeJQY8cE66P9vvQPtZITYceQOrLYCKpYK6EZxUgM4ah1
YYEAm4MzmktK4xCZLSVXCth8bngOSeBl/fN94jMAmlkcEcwhxOJUhZdPLEox1XDO
pXv/4nVoePicbwy80uOvIhmKk5MilgyxfCBTrGZAandzTdrZuu8Co5xN/w==
-----END CERTIFICATE-----