Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7a9e0461-1eac-46f7-a3a8-d886a8271805.roa
File:                     7a9e0461-1eac-46f7-a3a8-d886a8271805.roa (raw, json)
Hash identifier:          qoPCBEYlM0HUKp56e3rk2E2cFL7WajAzeJHeJhrL/Jw=
Subject key identifier:   D7:F9:BB:87:3B:73:81:59:16:12:93:27:0A:56:5B:F0:D7:A6:78:BA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       54744A5034D619EA8EDE53FBF0FE860F3A6FF6EA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7a9e0461-1eac-46f7-a3a8-d886a8271805.roa
Signing time:             Fri 31 Oct 2025 01:01:00 +0000
ROA not before:           Fri 31 Oct 2025 01:01:00 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.144.88.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:74:4a:50:34:d6:19:ea:8e:de:53:fb:f0:fe:86:0f:3a:6f:f6:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 31 01:01:00 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=9012accc1f5dac8bc7c1c0bb660f92d964da3f798e69d12125c1a94b4ac7b301, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:8e:d0:7d:04:7c:fa:3c:f9:35:98:83:27:bf:
                    fc:73:60:60:40:ec:7c:ca:35:9e:84:99:81:4b:85:
                    04:f9:cc:8a:9b:16:9b:17:38:ca:c2:69:e0:ee:b3:
                    48:b6:7e:46:f0:4b:f2:77:f8:9d:c2:b8:a8:3f:99:
                    b5:a2:6c:9e:54:76:86:03:29:62:b9:28:b8:03:81:
                    4f:92:0d:66:f1:60:81:70:60:86:43:35:bc:67:86:
                    16:e2:aa:21:62:e1:e5:4c:9f:8b:67:54:f3:3a:0a:
                    1c:43:f0:ab:42:9f:38:15:19:47:3a:b3:53:0a:b0:
                    60:c9:a9:b7:81:69:20:e5:02:fb:5c:7b:37:48:48:
                    e2:37:15:4e:8e:c9:4a:99:cb:ef:c5:25:d7:18:81:
                    49:c8:85:87:15:1b:85:aa:1a:d8:15:77:d1:4d:04:
                    6a:e5:d7:b7:4d:2a:6c:29:4d:92:36:45:f1:94:f6:
                    67:8d:5d:aa:73:3d:07:7a:29:a6:0e:6f:9e:09:3a:
                    4c:b7:96:d5:a7:21:83:81:b6:b3:13:58:10:54:45:
                    c4:6e:1d:87:e8:b2:6a:77:90:a0:8c:59:4e:fa:54:
                    51:e0:e8:ed:bd:28:98:bb:ee:90:d6:0c:1d:4b:8f:
                    06:a5:f6:4e:60:2f:e9:6f:ed:71:cf:80:b8:48:b5:
                    36:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:F9:BB:87:3B:73:81:59:16:12:93:27:0A:56:5B:F0:D7:A6:78:BA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7a9e0461-1eac-46f7-a3a8-d886a8271805.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.144.88.0/21

    Signature Algorithm: sha256WithRSAEncryption
         c5:3d:b7:f8:a8:82:11:0f:76:17:bf:40:b2:7c:fb:71:b2:e2:
         88:36:b9:1f:f9:a8:b6:98:6e:65:09:f1:f9:81:7c:5b:d5:31:
         ef:62:87:cf:2f:89:b9:27:8d:16:04:42:27:7c:2c:ae:3d:77:
         ae:d4:94:98:58:37:26:ef:b2:40:a9:df:1f:b5:04:00:f7:8d:
         d1:ea:62:ed:e7:fc:c1:a9:5a:1b:c1:bb:2e:f2:5d:7c:31:d8:
         cc:f1:c1:8e:b9:05:e0:69:4a:df:83:67:91:0f:e9:04:c7:15:
         99:05:88:9f:de:99:86:f0:db:db:40:41:48:f5:02:bc:24:50:
         ae:94:59:9c:28:fb:f1:d3:02:eb:da:36:fc:f0:5c:2b:31:cc:
         61:d3:58:94:1b:0c:08:9f:5f:7b:2c:40:3d:56:b6:f6:a2:66:
         4c:c3:63:43:d4:b7:7d:a8:95:ec:ca:2a:ab:9e:b5:f4:28:85:
         bd:e5:b6:38:96:81:07:64:b6:a7:03:c6:94:24:31:3e:33:8f:
         da:71:e0:9e:9e:56:3a:c3:8b:5c:9e:d2:a4:e3:91:9b:c7:f4:
         8e:09:21:9c:94:77:31:92:57:1b:71:09:1c:42:db:57:b0:e8:
         1b:2b:6b:17:86:78:48:81:63:2f:33:3d:b1:e4:d7:ae:b6:87:
         ce:a5:33:ac
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVHRKUDTWGeqO3lP78P6GDzpv9uowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDMxMDEwMTAwWhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A5MDEyYWNjYzFmNWRhYzhiYzdjMWMwYmI2NjBmOTJkOTY0
ZGEzZjc5OGU2OWQxMjEyNWMxYTk0YjRhYzdiMzAxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCfjtB9BHz6PPk1mIMnv/xzYGBA7HzKNZ6EmYFLhQT5zIqb
FpsXOMrCaeDus0i2fkbwS/J3+J3CuKg/mbWibJ5UdoYDKWK5KLgDgU+SDWbxYIFw
YIZDNbxnhhbiqiFi4eVMn4tnVPM6ChxD8KtCnzgVGUc6s1MKsGDJqbeBaSDlAvtc
ezdISOI3FU6OyUqZy+/FJdcYgUnIhYcVG4WqGtgVd9FNBGrl17dNKmwpTZI2RfGU
9meNXapzPQd6KaYOb54JOky3ltWnIYOBtrMTWBBURcRuHYfosmp3kKCMWU76VFHg
6O29KJi77pDWDB1Ljwal9k5gL+lv7XHPgLhItTZdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU1/m7hztzgVkWEpMnClZb8NemeLowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzdhOWUwNDYxLTFlYWMtNDZmNy1hM2E4LWQ4ODZhODI3MTgwNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMNkFgwDQYJKoZIhvcNAQELBQADggEBAMU9t/ioghEPdhe/QLJ8+3Gy4og2
uR/5qLaYbmUJ8fmBfFvVMe9ih88vibknjRYEQid8LK49d67UlJhYNybvskCp3x+1
BAD3jdHqYu3n/MGpWhvBuy7yXXwx2MzxwY65BeBpSt+DZ5EP6QTHFZkFiJ/emYbw
29tAQUj1ArwkUK6UWZwo+/HTAuvaNvzwXCsxzGHTWJQbDAifX3ssQD1WtvaiZkzD
Y0PUt32olezKKquetfQohb3ltjiWgQdktqcDxpQkMT4zj9px4J6eVjrDi1ye0qTj
kZvH9I4JIZyUdzGSVxtxCRxC21ew6BsraxeGeEiBYy8zPbHk1662h86lM6w=
-----END CERTIFICATE-----