Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/88fb3179-4381-4749-a9d3-2cdc94d109eb.roa
File:                     88fb3179-4381-4749-a9d3-2cdc94d109eb.roa (raw, json)
Hash identifier:          ggONy16BV6FuZNO6MSuXnObFHm3dym/yDbEmJHl43Xs=
Subject key identifier:   47:CC:39:FC:F7:B7:FC:FF:98:10:EB:E7:C7:36:81:2E:85:08:A0:B3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       02F9AAB0C8C0992730BD5681AC82B5BAC055FF3D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/88fb3179-4381-4749-a9d3-2cdc94d109eb.roa
Signing time:             Fri 31 Oct 2025 00:50:41 +0000
ROA not before:           Fri 31 Oct 2025 00:50:41 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        44.220.76.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:f9:aa:b0:c8:c0:99:27:30:bd:56:81:ac:82:b5:ba:c0:55:ff:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 31 00:50:41 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=2c748618c9c7e3f689cb1583eee606fa1da65975d41196a1f387b7c25e0ed93f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:f0:4c:fb:4f:ec:d8:f9:3f:8e:8f:6c:c2:f5:
                    a4:56:e3:2d:b3:ec:9f:9d:a5:2d:cb:f1:11:a4:ac:
                    ae:cb:7e:a2:e9:e0:88:ff:d6:17:e6:b9:8c:09:35:
                    79:99:22:35:49:4b:b5:c5:c8:f6:c9:8e:91:80:44:
                    28:58:92:4d:af:8c:bd:4f:39:41:22:2e:df:3d:86:
                    e5:9e:cc:d0:47:c0:d8:ea:ff:0a:1c:7c:be:4b:97:
                    f6:30:8f:e6:9c:bf:0d:ca:c1:8b:89:6e:6a:00:20:
                    bf:85:8a:e2:e0:e7:c4:f7:a2:d7:0f:ee:cf:6d:e2:
                    3e:91:09:fc:01:4f:cd:07:b4:1c:09:42:1a:0a:7f:
                    3d:c2:3e:97:de:b7:03:22:a0:4f:1a:c2:ec:7e:81:
                    1d:0c:95:cc:3a:38:b0:ce:a3:57:43:e6:33:a3:97:
                    58:63:e2:69:d3:d3:1c:28:20:c5:1a:93:93:ef:59:
                    f2:8d:84:33:39:d0:11:d8:cb:7f:08:30:60:a1:53:
                    20:d1:9b:b1:cb:5f:53:38:a1:43:29:29:d4:1a:23:
                    15:e4:e6:ac:15:a0:16:80:83:dc:e6:d3:29:c6:45:
                    94:ac:71:08:59:ba:8b:23:38:00:62:0d:a7:f3:f5:
                    cc:ec:65:04:6d:0b:3c:ec:5d:62:68:41:b6:dd:f9:
                    31:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:CC:39:FC:F7:B7:FC:FF:98:10:EB:E7:C7:36:81:2E:85:08:A0:B3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/88fb3179-4381-4749-a9d3-2cdc94d109eb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  44.220.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         43:06:51:ea:ef:05:0b:80:ef:97:5b:a5:7f:e2:61:a7:f2:a5:
         f0:37:c1:b5:89:da:48:25:58:14:af:ab:0e:fb:44:ad:52:ed:
         30:21:01:ab:82:0b:54:1e:e5:ad:8c:93:97:3b:00:4b:bb:13:
         a4:b9:88:b7:73:f8:08:fd:43:f2:df:6a:9d:4a:f1:48:69:75:
         07:c1:50:cb:f1:e3:04:e1:11:8e:02:7e:c1:bc:5b:d1:47:97:
         9c:6d:40:b5:44:a9:1a:06:eb:a5:9e:c4:e1:0b:7d:94:6a:97:
         4e:0b:15:54:28:92:14:71:93:fa:8a:da:e8:3f:4b:cb:e8:b9:
         44:b0:7d:4e:ac:94:61:7e:bb:95:1b:50:50:26:ac:b1:0a:2d:
         a1:99:a2:82:14:ba:e3:0f:f9:b5:bb:c8:38:49:2c:6e:cd:23:
         41:07:7d:bd:7d:24:47:49:2f:7c:71:c9:a0:50:9f:fc:13:28:
         d4:a3:07:c5:2d:fd:c4:b2:a0:65:a4:69:93:f8:2b:38:cc:0f:
         62:4b:a5:8c:dd:10:44:a1:8c:27:1a:41:ac:b1:2e:79:e6:d2:
         7e:f4:81:d0:cf:61:a9:2e:50:42:96:f2:90:cc:e5:23:07:24:
         a6:71:04:11:be:98:2d:99:bd:3e:9c:d6:7e:2c:fa:ce:f7:97:
         72:a5:ad:e6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAvmqsMjAmScwvVaBrIK1usBV/z0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDMxMDA1MDQxWhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0AyYzc0ODYxOGM5YzdlM2Y2ODljYjE1ODNlZWU2MDZmYTFk
YTY1OTc1ZDQxMTk2YTFmMzg3YjdjMjVlMGVkOTNmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCh8Ez7T+zY+T+Oj2zC9aRW4y2z7J+dpS3L8RGkrK7LfqLp
4Ij/1hfmuYwJNXmZIjVJS7XFyPbJjpGARChYkk2vjL1POUEiLt89huWezNBHwNjq
/wocfL5Ll/Ywj+acvw3KwYuJbmoAIL+FiuLg58T3otcP7s9t4j6RCfwBT80HtBwJ
QhoKfz3CPpfetwMioE8awux+gR0Mlcw6OLDOo1dD5jOjl1hj4mnT0xwoIMUak5Pv
WfKNhDM50BHYy38IMGChUyDRm7HLX1M4oUMpKdQaIxXk5qwVoBaAg9zm0ynGRZSs
cQhZuosjOABiDafz9czsZQRtCzzsXWJoQbbd+TGnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUR8w5/Pe3/P+YEOvnxzaBLoUIoLMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg4ZmIzMTc5LTQzODEtNDc0OS1hOWQzLTJjZGM5NGQxMDllYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIs3EwwDQYJKoZIhvcNAQELBQADggEBAEMGUervBQuA75dbpX/iYafypfA3
wbWJ2kglWBSvqw77RK1S7TAhAauCC1Qe5a2Mk5c7AEu7E6S5iLdz+Aj9Q/Lfap1K
8UhpdQfBUMvx4wThEY4CfsG8W9FHl5xtQLVEqRoG66WexOELfZRql04LFVQokhRx
k/qK2ug/S8vouUSwfU6slGF+u5UbUFAmrLEKLaGZooIUuuMP+bW7yDhJLG7NI0EH
fb19JEdJL3xxyaBQn/wTKNSjB8Ut/cSyoGWkaZP4KzjMD2JLpYzdEEShjCcaQayx
Lnnm0n70gdDPYakuUEKW8pDM5SMHJKZxBBG+mC2ZvT6c1n4s+s73l3KlreY=
-----END CERTIFICATE-----