Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7f0b3865-60cd-4f45-bb1c-e7e47fac38d5.roa
File:                     7f0b3865-60cd-4f45-bb1c-e7e47fac38d5.roa (raw, json)
Hash identifier:          sTRLDqAaPO72odpj7wBTMXGX+aeB1u3qQzz6EgeyCRw=
Subject key identifier:   46:9A:FB:D5:C1:9E:93:7A:8D:BD:85:32:A8:AC:0D:94:05:8B:C6:98
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       17F20F228BAACD3B31AFF4D2FEF85DCAE6933A6D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7f0b3865-60cd-4f45-bb1c-e7e47fac38d5.roa
Signing time:             Sun 26 Oct 2025 01:00:36 +0000
ROA not before:           Sun 26 Oct 2025 01:00:36 +0000
ROA not after:            Sun 30 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        209.92.6.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:f2:0f:22:8b:aa:cd:3b:31:af:f4:d2:fe:f8:5d:ca:e6:93:3a:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 26 01:00:36 2025 GMT
            Not After : Nov 30 23:59:59 2025 GMT
        Subject: serialNumber=e19744bc612c06ab1cb28ea586e9ade35be5a5826a4b5e2f8336be608024c58c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:9f:ca:19:98:5b:89:0e:2c:84:f7:a6:42:e7:
                    e9:a6:ff:c9:13:70:3c:89:80:51:a1:49:b2:fd:32:
                    50:5c:3f:46:0f:98:d1:36:d0:f4:69:4e:26:58:4b:
                    ef:cc:0b:00:e2:24:b6:1b:b7:93:6b:3f:3b:ea:52:
                    ba:05:66:ff:f3:5a:c7:e4:0b:f1:18:c8:17:49:eb:
                    83:5a:a1:1e:32:dd:0e:2f:59:61:a8:61:e4:c2:b8:
                    c2:4b:1f:5f:6d:79:e5:fe:d8:c8:64:70:ed:3b:91:
                    35:89:5f:b5:14:ea:4a:81:4f:2e:63:a6:b9:71:50:
                    13:c4:98:bb:9b:a2:ae:1e:d5:30:cf:f1:ee:4a:ab:
                    06:e8:b2:51:e4:a5:23:88:d8:11:ad:5b:55:63:85:
                    7c:22:68:da:7c:5d:10:e1:1b:11:64:bd:0e:35:8d:
                    c4:c0:a8:b8:77:9f:36:49:d8:45:5a:55:d6:44:bc:
                    01:96:ce:b8:9c:b9:f4:7f:68:7c:26:08:f6:09:1c:
                    60:09:2a:5f:d9:73:4b:fb:c4:a5:18:1e:05:21:b9:
                    76:13:06:51:f6:fa:cc:fb:cb:dc:54:4a:45:9a:c6:
                    24:89:29:17:a9:78:9b:91:4f:bb:f5:cd:e5:bf:bb:
                    f1:78:52:86:1c:04:9f:72:1c:77:b0:da:2e:10:68:
                    d0:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:9A:FB:D5:C1:9E:93:7A:8D:BD:85:32:A8:AC:0D:94:05:8B:C6:98
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7f0b3865-60cd-4f45-bb1c-e7e47fac38d5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.92.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:a2:2d:8b:d9:d8:e6:6d:50:07:f1:38:8c:26:30:20:86:68:
         5b:94:6f:93:f2:70:ee:2e:50:92:8f:1a:38:6a:6c:ef:c6:48:
         8d:39:a5:5c:9e:37:24:a7:1f:a8:ef:67:12:ca:37:18:2f:40:
         93:ba:20:74:b2:94:d5:b9:a7:13:47:c1:75:66:8b:11:ff:9e:
         fe:6d:b2:0b:0c:0b:8d:b8:4c:04:3c:4a:b4:7a:f8:78:b9:86:
         4e:2a:c8:4f:a7:bc:6d:84:dc:70:a7:88:f3:20:bf:89:4a:2f:
         63:b4:dd:2e:d9:4c:04:e4:c5:24:90:cc:d3:7c:5b:64:1f:8c:
         a6:25:cf:bc:a9:42:4a:a1:95:6c:c5:5a:90:c5:a8:31:10:18:
         5d:5f:1d:ab:64:16:4c:1b:82:e1:80:c1:6b:8c:67:bb:5f:38:
         48:25:76:1e:ac:b8:15:f2:4d:8a:7d:b7:34:2a:90:47:28:e6:
         0f:cf:4a:2b:66:25:bb:19:dd:a7:14:a7:3a:b7:0d:fc:3f:f2:
         9c:f4:40:62:ea:dc:21:16:41:63:fa:d1:aa:60:ac:aa:11:cb:
         ca:8c:4e:67:71:c1:c3:bc:50:57:ce:f8:08:5a:f0:ae:1d:9d:
         42:08:5d:77:07:87:fd:4e:de:5f:4e:1e:ce:4f:bf:64:db:4d:
         11:58:c0:1a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUF/IPIouqzTsxr/TS/vhdyuaTOm0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI2MDEwMDM2WhcNMjUxMTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BlMTk3NDRiYzYxMmMwNmFiMWNiMjhlYTU4NmU5YWRlMzVi
ZTVhNTgyNmE0YjVlMmY4MzM2YmU2MDgwMjRjNThjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCWn8oZmFuJDiyE96ZC5+mm/8kTcDyJgFGhSbL9MlBcP0YP
mNE20PRpTiZYS+/MCwDiJLYbt5NrPzvqUroFZv/zWsfkC/EYyBdJ64NaoR4y3Q4v
WWGoYeTCuMJLH19teeX+2MhkcO07kTWJX7UU6kqBTy5jprlxUBPEmLuboq4e1TDP
8e5KqwboslHkpSOI2BGtW1VjhXwiaNp8XRDhGxFkvQ41jcTAqLh3nzZJ2EVaVdZE
vAGWzricufR/aHwmCPYJHGAJKl/Zc0v7xKUYHgUhuXYTBlH2+sz7y9xUSkWaxiSJ
KRepeJuRT7v1zeW/u/F4UoYcBJ9yHHew2i4QaNCLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQURpr71cGek3qNvYUyqKwNlAWLxpgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzdmMGIzODY1LTYwY2QtNGY0NS1iYjFjLWU3ZTQ3ZmFjMzhkNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADRXAYwDQYJKoZIhvcNAQELBQADggEBAKyiLYvZ2OZtUAfxOIwmMCCGaFuU
b5PycO4uUJKPGjhqbO/GSI05pVyeNySnH6jvZxLKNxgvQJO6IHSylNW5pxNHwXVm
ixH/nv5tsgsMC424TAQ8SrR6+Hi5hk4qyE+nvG2E3HCniPMgv4lKL2O03S7ZTATk
xSSQzNN8W2QfjKYlz7ypQkqhlWzFWpDFqDEQGF1fHatkFkwbguGAwWuMZ7tfOEgl
dh6suBXyTYp9tzQqkEco5g/PSitmJbsZ3acUpzq3Dfw/8pz0QGLq3CEWQWP60apg
rKoRy8qMTmdxwcO8UFfO+Aha8K4dnUIIXXcHh/1O3l9OHs5Pv2TbTRFYwBo=
-----END CERTIFICATE-----