Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9a9db74d-2685-478a-8752-9a852c0bc6fc.roa
File:                     9a9db74d-2685-478a-8752-9a852c0bc6fc.roa (raw, json)
Hash identifier:          MFtV7llgpaUEIzvrWoHWjpfixYHOVAVuOGY8Oy3Fijw=
Subject key identifier:   17:F1:0B:BF:C6:8E:F4:63:7B:76:B9:58:D9:15:2A:B1:15:10:F0:FD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       65F5042CBB9BA8E427307D00625F1C1AD1D2C2A2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9a9db74d-2685-478a-8752-9a852c0bc6fc.roa
Signing time:             Fri 31 Oct 2025 00:10:10 +0000
ROA not before:           Fri 31 Oct 2025 00:10:10 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        50.16.160.0/20 maxlen: 20
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:f5:04:2c:bb:9b:a8:e4:27:30:7d:00:62:5f:1c:1a:d1:d2:c2:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 31 00:10:10 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=b9e61cd3202fbe1f044a1a8fb68033f6224a0a9300da097fc0644d97f9f1d19b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:93:db:a5:57:0d:39:2f:2b:f4:09:fe:b6:e7:
                    5b:84:3a:1d:6c:8c:af:27:be:23:0a:11:ca:85:d2:
                    f4:dd:b6:37:f5:4c:b5:62:a1:f2:c2:af:4e:39:90:
                    80:09:b5:39:45:38:e4:f4:3d:6c:cf:29:65:bf:5c:
                    d1:d8:55:7f:c6:1b:f5:60:27:e7:a1:c9:18:20:9c:
                    6f:c5:76:6e:c1:66:85:6d:9d:08:b1:5e:5c:17:bd:
                    ea:1b:14:ac:20:66:37:6f:c7:46:d1:bf:de:00:ef:
                    6f:c7:1a:e8:30:76:b2:30:d8:a9:47:18:b7:1b:cc:
                    da:10:b1:e7:68:a3:ee:7c:72:44:39:2f:fc:6e:89:
                    7f:95:66:56:ad:1b:af:67:38:36:66:31:d7:90:41:
                    fa:43:51:45:ce:40:c0:83:d4:94:3d:d0:2e:1a:eb:
                    1c:0d:dd:57:49:19:be:18:04:49:1b:6d:bc:7f:90:
                    e1:4d:5c:35:01:ca:54:88:54:5e:7d:6c:a6:86:63:
                    34:41:6a:c7:ee:a6:5e:e1:79:dd:64:69:94:fd:75:
                    ca:76:40:5f:f7:3b:ce:95:d3:c6:6e:11:22:d3:c8:
                    b1:66:27:3c:76:0b:9d:61:1e:8d:3a:10:40:c8:7e:
                    4c:6d:54:68:44:d3:92:35:bb:ff:e2:ac:84:04:87:
                    88:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:F1:0B:BF:C6:8E:F4:63:7B:76:B9:58:D9:15:2A:B1:15:10:F0:FD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9a9db74d-2685-478a-8752-9a852c0bc6fc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  50.16.160.0/20

    Signature Algorithm: sha256WithRSAEncryption
         39:8f:05:e4:16:b5:d7:e2:0d:98:64:f0:d6:a2:58:97:75:23:
         53:7d:5e:d4:01:29:34:4d:fa:70:fb:4c:70:2c:9f:45:58:66:
         1f:89:ff:af:cb:35:bc:7a:1d:df:4a:60:d2:3a:9f:55:ca:3c:
         48:d5:a4:a4:f4:33:e5:a2:81:a1:0c:b9:45:eb:04:8d:cf:ee:
         f6:13:70:4b:af:63:3e:57:a4:6a:3f:9e:a0:af:51:e8:47:1e:
         f3:84:f6:9a:be:42:f3:1d:c8:78:e7:43:58:60:eb:83:55:c5:
         c8:61:22:ae:64:86:95:f5:d2:57:04:7a:f6:4b:d5:1b:ef:0e:
         cd:d8:1c:5b:5b:11:94:17:69:85:17:bb:d6:cb:13:9a:ae:7d:
         c5:e4:00:01:69:af:00:04:58:1a:f4:72:34:5d:bb:7c:04:41:
         34:16:9a:45:13:1d:f0:e4:ce:2f:bb:58:d8:2a:20:53:b9:b7:
         50:93:fb:e8:57:14:0c:ca:ae:ec:b8:ad:cf:37:41:85:85:08:
         58:22:04:73:96:63:5d:78:31:fa:43:df:59:91:db:8d:31:0c:
         82:0a:95:13:b7:c0:86:0a:a6:7e:ae:35:6f:25:a7:5d:df:4c:
         f8:fe:d1:81:01:f6:01:36:1c:24:ab:f5:25:1a:0f:11:5d:0b:
         c5:44:43:b4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZfUELLubqOQnMH0AYl8cGtHSwqIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDMxMDAxMDEwWhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BiOWU2MWNkMzIwMmZiZTFmMDQ0YTFhOGZiNjgwMzNmNjIy
NGEwYTkzMDBkYTA5N2ZjMDY0NGQ5N2Y5ZjFkMTliMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCpk9ulVw05Lyv0Cf6251uEOh1sjK8nviMKEcqF0vTdtjf1
TLViofLCr045kIAJtTlFOOT0PWzPKWW/XNHYVX/GG/VgJ+ehyRggnG/Fdm7BZoVt
nQixXlwXveobFKwgZjdvx0bRv94A72/HGugwdrIw2KlHGLcbzNoQsedoo+58ckQ5
L/xuiX+VZlatG69nODZmMdeQQfpDUUXOQMCD1JQ90C4a6xwN3VdJGb4YBEkbbbx/
kOFNXDUBylSIVF59bKaGYzRBasfupl7hed1kaZT9dcp2QF/3O86V08ZuESLTyLFm
Jzx2C51hHo06EEDIfkxtVGhE05I1u//irIQEh4ghAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUF/ELv8aO9GN7drlY2RUqsRUQ8P0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzlhOWRiNzRkLTI2ODUtNDc4YS04NzUyLTlhODUyYzBiYzZmYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQyEKAwDQYJKoZIhvcNAQELBQADggEBADmPBeQWtdfiDZhk8NaiWJd1I1N9
XtQBKTRN+nD7THAsn0VYZh+J/6/LNbx6Hd9KYNI6n1XKPEjVpKT0M+WigaEMuUXr
BI3P7vYTcEuvYz5XpGo/nqCvUehHHvOE9pq+QvMdyHjnQ1hg64NVxchhIq5khpX1
0lcEevZL1RvvDs3YHFtbEZQXaYUXu9bLE5qufcXkAAFprwAEWBr0cjRdu3wEQTQW
mkUTHfDkzi+7WNgqIFO5t1CT++hXFAzKruy4rc83QYWFCFgiBHOWY114MfpD31mR
240xDIIKlRO3wIYKpn6uNW8lp13fTPj+0YEB9gE2HCSr9SUaDxFdC8VEQ7Q=
-----END CERTIFICATE-----