Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7671e404-27d3-4739-9da3-e9ffff3d4e14.roa
File:                     7671e404-27d3-4739-9da3-e9ffff3d4e14.roa (raw, json)
Hash identifier:          NkUeTK3WV0be31bc8iP/BLbsy+dMxiIPJqYSvOPKFjM=
Subject key identifier:   2B:26:07:79:0E:32:8E:4C:DD:8D:05:B2:02:63:91:25:AD:69:9B:F2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       048850802BC94EF81EFE5A36DDABC5BFF8E36B1B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7671e404-27d3-4739-9da3-e9ffff3d4e14.roa
Signing time:             Sun 26 Oct 2025 01:00:40 +0000
ROA not before:           Sun 26 Oct 2025 01:00:40 +0000
ROA not after:            Sun 30 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.76.64.0/18 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:88:50:80:2b:c9:4e:f8:1e:fe:5a:36:dd:ab:c5:bf:f8:e3:6b:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 26 01:00:40 2025 GMT
            Not After : Nov 30 23:59:59 2025 GMT
        Subject: serialNumber=aa6e5bc188b8ee0fcbbd95a9c6d2bc867d029ab67b5755c5b677e7acc3f44aa1, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:3c:93:6e:94:af:ee:fc:3d:1c:46:bb:11:7c:
                    e3:b6:95:67:81:fb:3b:df:33:a3:06:31:cb:e9:0e:
                    ed:24:de:da:11:c2:a3:4d:4b:b5:ef:96:79:4f:ef:
                    24:3d:22:8c:79:bf:7f:1f:1f:71:59:07:b9:ee:8f:
                    46:10:7d:9c:e5:b1:ca:99:3f:b3:70:b1:f5:fe:15:
                    3d:3b:20:b2:30:d6:71:49:ba:54:b1:b5:2f:93:69:
                    df:26:f7:48:84:50:80:98:73:fd:12:24:cc:9c:80:
                    32:cf:f9:d9:0e:11:c4:76:c1:ad:96:f9:61:3a:cd:
                    bf:cd:1e:9f:8e:a3:c6:36:e1:28:e1:f1:15:76:af:
                    fe:47:16:0a:b5:9e:2f:36:93:83:8a:90:b1:1c:ba:
                    60:5b:ee:97:71:0a:5b:93:a7:f3:d9:22:fe:70:8c:
                    da:12:c8:80:26:61:5a:09:65:15:4d:ae:2b:86:61:
                    e4:80:bd:f0:6d:61:a2:a9:59:86:9e:b8:53:d0:60:
                    de:d7:2a:94:7b:d7:df:ec:2f:2f:33:d2:ba:80:bb:
                    af:d0:f5:2c:97:4a:ab:64:06:bf:2a:66:6f:fd:76:
                    cc:8b:67:e9:d7:f5:89:fa:dd:d0:36:02:6a:3e:e6:
                    23:93:18:c3:5e:8f:4d:9f:7f:60:64:44:2f:49:4c:
                    66:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:26:07:79:0E:32:8E:4C:DD:8D:05:B2:02:63:91:25:AD:69:9B:F2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7671e404-27d3-4739-9da3-e9ffff3d4e14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.76.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         23:f6:6f:15:42:d1:f0:2a:4c:01:b1:25:a1:ef:7f:41:71:63:
         77:d2:c7:67:1c:f1:5b:e7:1e:48:aa:a5:92:57:b2:08:af:88:
         dd:59:ed:15:82:31:5b:f3:0d:27:ec:12:9e:4d:88:5b:ca:40:
         e6:36:16:27:c2:ef:1f:cd:3d:1b:4e:c5:8b:d3:f3:1b:c9:f3:
         b7:cc:58:42:de:90:61:46:3d:a5:57:d5:20:c3:6e:48:6a:49:
         f0:e9:92:10:88:54:29:5d:cf:a4:42:f4:6e:5d:b1:2a:bc:0f:
         0a:5e:60:ec:ed:30:e8:d5:31:9e:5e:3f:b0:05:de:ef:39:94:
         45:bb:fd:71:50:b6:53:46:2b:3d:f9:a2:2a:aa:24:95:69:bd:
         81:41:f3:65:8e:73:8e:ae:78:c7:d4:0d:f5:f0:0d:5d:20:c6:
         1a:b1:55:f4:c9:14:cb:75:5d:f8:9e:2e:25:d0:20:40:fe:1b:
         69:bb:24:3d:31:76:34:d4:fb:f7:53:46:5c:a3:9d:af:f6:61:
         26:e0:65:a3:e6:25:ce:c5:f9:58:09:b6:74:f8:5f:a3:7e:bd:
         c2:bd:e7:3f:61:2d:47:72:04:75:1e:12:95:7f:37:8c:89:bb:
         f7:e1:52:07:d8:5a:2b:de:19:03:8b:18:3e:f5:45:e8:22:99:
         a7:99:e9:17
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBIhQgCvJTvge/lo23avFv/jjaxswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI2MDEwMDQwWhcNMjUxMTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BhYTZlNWJjMTg4YjhlZTBmY2JiZDk1YTljNmQyYmM4Njdk
MDI5YWI2N2I1NzU1YzViNjc3ZTdhY2MzZjQ0YWExMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6PJNulK/u/D0cRrsRfOO2lWeB+zvfM6MGMcvpDu0k3toR
wqNNS7XvlnlP7yQ9Iox5v38fH3FZB7nuj0YQfZzlscqZP7NwsfX+FT07ILIw1nFJ
ulSxtS+Tad8m90iEUICYc/0SJMycgDLP+dkOEcR2wa2W+WE6zb/NHp+Oo8Y24Sjh
8RV2r/5HFgq1ni82k4OKkLEcumBb7pdxCluTp/PZIv5wjNoSyIAmYVoJZRVNriuG
YeSAvfBtYaKpWYaeuFPQYN7XKpR719/sLy8z0rqAu6/Q9SyXSqtkBr8qZm/9dsyL
Z+nX9Yn63dA2Amo+5iOTGMNej02ff2BkRC9JTGa9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUKyYHeQ4yjkzdjQWyAmORJa1pm/IwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzc2NzFlNDA0LTI3ZDMtNDczOS05ZGEzLWU5ZmZmZjNkNGUxNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZjTEAwDQYJKoZIhvcNAQELBQADggEBACP2bxVC0fAqTAGxJaHvf0FxY3fS
x2cc8VvnHkiqpZJXsgiviN1Z7RWCMVvzDSfsEp5NiFvKQOY2FifC7x/NPRtOxYvT
8xvJ87fMWELekGFGPaVX1SDDbkhqSfDpkhCIVCldz6RC9G5dsSq8DwpeYOztMOjV
MZ5eP7AF3u85lEW7/XFQtlNGKz35oiqqJJVpvYFB82WOc46ueMfUDfXwDV0gxhqx
VfTJFMt1XfieLiXQIED+G2m7JD0xdjTU+/dTRlyjna/2YSbgZaPmJc7F+VgJtnT4
X6N+vcK95z9hLUdyBHUeEpV/N4yJu/fhUgfYWiveGQOLGD71RegimaeZ6Rc=
-----END CERTIFICATE-----