Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/87c60087-f583-4b05-b8b6-f37a488645bf.roa
File:                     87c60087-f583-4b05-b8b6-f37a488645bf.roa (raw, json)
Hash identifier:          /CEWfsh9aFGAlGz5yO6WXRQyHGr5FVsoPETKo3uFdfA=
Subject key identifier:   19:DB:75:37:F7:BB:34:C3:1F:20:E3:E2:46:50:3A:CC:74:E9:22:39
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6B40C940F2C81756298231B812F00E1396F59FED
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/87c60087-f583-4b05-b8b6-f37a488645bf.roa
Signing time:             Tue 21 Oct 2025 00:41:30 +0000
ROA not before:           Tue 21 Oct 2025 00:41:30 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        103.14.4.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:40:c9:40:f2:c8:17:56:29:82:31:b8:12:f0:0e:13:96:f5:9f:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 21 00:41:30 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=05a303b90a842e9ecbb4d7eaad1ad6e1e24491318521dc92a6a7007b533f0535, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:fc:23:01:66:73:b2:55:d0:30:b5:69:f6:cb:
                    dc:a9:2a:ec:d1:e5:b4:1a:f7:0c:25:b9:c1:51:58:
                    4b:81:9f:0d:63:cb:bd:a0:f2:77:7b:53:ea:76:3b:
                    9e:41:96:52:38:1a:59:a7:f3:22:2e:65:af:e2:c3:
                    92:81:7f:30:15:fa:67:5f:a9:a6:1d:96:01:d5:4e:
                    4e:8d:5a:f3:62:44:2d:08:fe:84:2c:46:cf:1e:a3:
                    62:90:60:89:0d:a8:e4:e5:d1:24:9f:27:ab:49:1c:
                    f6:86:be:74:a0:d4:81:fc:66:33:db:56:67:ea:7d:
                    19:31:17:d9:17:c5:4b:f1:9e:04:12:db:55:2a:f2:
                    50:9b:d4:f4:43:e0:55:6a:72:e7:b8:0f:7e:84:81:
                    7d:da:71:18:81:42:bf:3f:8c:46:83:8a:d0:cb:6f:
                    52:ae:ed:b1:ad:17:87:19:78:81:2e:4a:ff:a3:0c:
                    14:c4:a5:f5:60:53:12:49:eb:56:51:ee:e3:d0:a4:
                    dc:2a:e4:62:2d:52:fb:e6:c1:d5:a4:ef:06:63:00:
                    d0:70:18:45:c1:9c:d3:4e:6d:de:f4:9c:89:0e:e3:
                    1a:82:a7:60:41:0a:c5:89:67:21:92:de:bc:1c:26:
                    5e:0f:e8:f8:c4:79:0c:ea:0c:2d:1b:25:b7:f5:b0:
                    0b:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:DB:75:37:F7:BB:34:C3:1F:20:E3:E2:46:50:3A:CC:74:E9:22:39
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/87c60087-f583-4b05-b8b6-f37a488645bf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.14.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         79:2b:b9:b6:0d:83:0e:30:92:8b:ed:c7:2c:1e:01:19:c1:36:
         9a:3a:c5:d7:48:1e:4b:f8:f5:5c:69:5d:9f:ee:83:ad:92:37:
         2a:2e:5f:f2:1f:c1:94:aa:48:62:a6:64:ec:74:87:c4:b3:d0:
         26:36:07:63:2c:a5:f4:e5:d5:c7:f4:0b:28:d7:cc:e2:44:98:
         42:30:95:f8:ab:6d:9a:ba:47:bf:06:bf:b6:a3:f6:bd:17:85:
         5b:38:b4:c6:20:84:0f:51:02:3f:98:4f:9a:a8:79:fc:1b:09:
         0c:35:2b:d2:f9:81:7f:b8:a5:8f:47:7a:2b:36:88:f1:35:86:
         52:f6:70:e9:99:e3:ab:d2:b9:12:64:6f:4a:dc:06:71:07:e9:
         92:e9:c4:2b:5b:85:bd:d7:e4:d2:20:a3:c1:2a:e3:57:05:9a:
         4c:ef:68:31:a0:a2:87:53:14:c3:83:38:2e:6f:40:d9:5f:23:
         63:ff:fa:d6:83:9b:70:39:7f:c7:da:57:0e:f6:a9:6d:8b:62:
         eb:21:82:8d:bc:10:e7:a4:82:7d:bd:01:e0:14:a7:e6:61:47:
         c7:61:1e:b3:46:85:5d:f3:c3:58:d3:37:9b:1c:8c:97:b6:71:
         ab:a4:1e:35:77:80:bc:17:5a:a8:4f:6d:ef:24:da:d1:33:16:
         1f:cd:6f:54
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUa0DJQPLIF1YpgjG4EvAOE5b1n+0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIxMDA0MTMwWhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0AwNWEzMDNiOTBhODQyZTllY2JiNGQ3ZWFhZDFhZDZlMWUy
NDQ5MTMxODUyMWRjOTJhNmE3MDA3YjUzM2YwNTM1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2/CMBZnOyVdAwtWn2y9ypKuzR5bQa9wwlucFRWEuBnw1j
y72g8nd7U+p2O55BllI4Glmn8yIuZa/iw5KBfzAV+mdfqaYdlgHVTk6NWvNiRC0I
/oQsRs8eo2KQYIkNqOTl0SSfJ6tJHPaGvnSg1IH8ZjPbVmfqfRkxF9kXxUvxngQS
21Uq8lCb1PRD4FVqcue4D36EgX3acRiBQr8/jEaDitDLb1Ku7bGtF4cZeIEuSv+j
DBTEpfVgUxJJ61ZR7uPQpNwq5GItUvvmwdWk7wZjANBwGEXBnNNObd70nIkO4xqC
p2BBCsWJZyGS3rwcJl4P6PjEeQzqDC0bJbf1sAszAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUGdt1N/e7NMMfIOPiRlA6zHTpIjkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg3YzYwMDg3LWY1ODMtNGIwNS1iOGI2LWYzN2E0ODg2NDViZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJnDgQwDQYJKoZIhvcNAQELBQADggEBAHkrubYNgw4wkovtxyweARnBNpo6
xddIHkv49VxpXZ/ug62SNyouX/IfwZSqSGKmZOx0h8Sz0CY2B2MspfTl1cf0CyjX
zOJEmEIwlfirbZq6R78Gv7aj9r0XhVs4tMYghA9RAj+YT5qoefwbCQw1K9L5gX+4
pY9Heis2iPE1hlL2cOmZ46vSuRJkb0rcBnEH6ZLpxCtbhb3X5NIgo8Eq41cFmkzv
aDGgoodTFMODOC5vQNlfI2P/+taDm3A5f8faVw72qW2LYushgo28EOekgn29AeAU
p+ZhR8dhHrNGhV3zw1jTN5scjJe2caukHjV3gLwXWqhPbe8k2tEzFh/Nb1Q=
-----END CERTIFICATE-----