Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a78ff198-e6dd-430d-9225-4f016327415c.roa
File:                     a78ff198-e6dd-430d-9225-4f016327415c.roa (raw, json)
Hash identifier:          rrRXtHN/ei13XNPzor/2OYfHWJ1xtqoNSMT4TkO6d2I=
Subject key identifier:   06:40:FB:50:65:02:D4:3C:44:3D:2E:CB:A7:21:A5:C5:75:69:00:54
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1CCCFD65168661ABDEAF5F80258D0A8DB83D36F2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a78ff198-e6dd-430d-9225-4f016327415c.roa
Signing time:             Sat 01 Nov 2025 00:20:15 +0000
ROA not before:           Sat 01 Nov 2025 00:20:15 +0000
ROA not after:            Sat 06 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.129.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:cc:fd:65:16:86:61:ab:de:af:5f:80:25:8d:0a:8d:b8:3d:36:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  1 00:20:15 2025 GMT
            Not After : Dec  6 23:59:59 2025 GMT
        Subject: serialNumber=669171cf606c3c75b8290d47f095b8a006567f44032651713a7ea860d450ee81, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:7f:00:33:2c:55:e3:7e:d6:db:44:e1:f2:93:
                    92:b5:ca:8b:ad:76:fc:b5:06:b2:b8:5d:b4:cc:a9:
                    37:d8:79:3b:2f:b2:6a:c1:7d:99:e9:31:6c:d5:6c:
                    de:9a:22:9a:c1:98:bb:0f:1f:c2:ed:89:da:75:d6:
                    40:1e:7f:a5:ea:14:36:f7:74:0a:bd:0b:87:08:d8:
                    ae:10:86:ba:6c:fe:90:e4:c2:4e:9b:30:9f:87:8c:
                    ee:43:f3:41:c9:f8:98:3a:90:09:58:41:6c:f8:d7:
                    32:8b:3d:0a:fd:08:53:1c:93:8a:47:6e:8f:dc:71:
                    5e:f3:43:7b:29:67:87:10:64:12:69:73:7f:93:0e:
                    36:e3:a9:c1:11:4f:8c:53:f5:40:d4:6f:72:ff:e0:
                    4a:14:6c:26:ab:5e:a6:22:8e:29:2e:23:75:84:c8:
                    62:09:91:45:3c:6e:d1:a6:9b:c4:d4:eb:89:f1:a4:
                    f7:4a:b3:e4:f3:fa:27:48:34:8b:cc:06:bf:a3:43:
                    1a:74:a1:94:16:f0:fa:b4:1d:27:38:40:88:c1:2b:
                    ce:bd:0d:c8:e5:67:de:77:0b:a0:10:3e:a6:85:02:
                    cd:b1:ea:ac:30:3c:8b:39:13:59:64:13:49:78:94:
                    09:67:f8:55:0b:1d:9d:fd:3b:db:84:e4:db:3f:cc:
                    38:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:40:FB:50:65:02:D4:3C:44:3D:2E:CB:A7:21:A5:C5:75:69:00:54
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a78ff198-e6dd-430d-9225-4f016327415c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.129.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a1:a4:bf:20:64:51:a1:c0:71:3c:ad:cc:a5:75:28:f9:c0:7a:
         80:29:9a:36:e4:ba:80:1d:e3:05:3a:4b:e1:85:76:6d:6b:7d:
         21:da:4a:46:da:ab:e0:5e:5b:c4:fe:39:02:1e:d7:9b:b9:98:
         53:62:b7:7e:83:2a:f7:d0:a3:c7:73:a7:07:e5:4b:18:a3:a3:
         a1:4a:1a:d1:c7:94:1d:55:98:0e:e6:35:11:11:86:f2:5c:0a:
         bd:6a:6b:d5:46:8b:93:06:64:a2:94:68:8d:27:a5:da:0f:b3:
         51:af:1d:3d:4d:67:f5:d7:a9:34:65:2f:51:51:c4:b1:d7:d0:
         0f:a2:db:7a:a7:d6:15:9a:cf:7a:42:dd:11:d0:90:0d:86:31:
         17:1a:e0:c7:bb:ab:ae:1d:65:65:14:df:0e:78:1e:ac:c9:96:
         76:f8:7b:b9:49:82:e0:e9:8c:82:de:1b:78:18:48:6d:e5:79:
         ba:0a:90:5f:e4:7e:b9:ec:8a:f7:a3:60:50:a5:4e:85:61:4d:
         90:81:3d:e5:fe:28:34:c0:49:95:67:d5:c4:b9:c3:c4:64:47:
         12:c6:32:6f:5e:5e:2d:07:b4:e3:2e:b5:d7:7f:46:75:e4:70:
         63:ff:82:0b:e0:63:41:4d:02:4c:75:9d:2e:ef:3b:86:f5:e2:
         6d:3b:49:4a
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUHMz9ZRaGYaver1+AJY0Kjbg9NvIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAxMDAyMDE1WhcNMjUxMjA2MjM1OTU5
WjB6MUkwRwYDVQQFE0A2NjkxNzFjZjYwNmMzYzc1YjgyOTBkNDdmMDk1YjhhMDA2
NTY3ZjQ0MDMyNjUxNzEzYTdlYTg2MGQ0NTBlZTgxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDAfwAzLFXjftbbROHyk5K1youtdvy1BrK4XbTMqTfYeTsv
smrBfZnpMWzVbN6aIprBmLsPH8Ltidp11kAef6XqFDb3dAq9C4cI2K4Qhrps/pDk
wk6bMJ+HjO5D80HJ+Jg6kAlYQWz41zKLPQr9CFMck4pHbo/ccV7zQ3spZ4cQZBJp
c3+TDjbjqcERT4xT9UDUb3L/4EoUbCarXqYijikuI3WEyGIJkUU8btGmm8TU64nx
pPdKs+Tz+idINIvMBr+jQxp0oZQW8Pq0HSc4QIjBK869DcjlZ953C6AQPqaFAs2x
6qwwPIs5E1lkE0l4lAln+FULHZ39O9uE5Ns/zDi9AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUBkD7UGUC1DxEPS7LpyGlxXVpAFQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E3OGZmMTk4LWU2ZGQtNDMwZC05MjI1LTRmMDE2MzI3NDE1Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4gTANBgkqhkiG9w0BAQsFAAOCAQEAoaS/IGRRocBxPK3MpXUo+cB6gCma
NuS6gB3jBTpL4YV2bWt9IdpKRtqr4F5bxP45Ah7Xm7mYU2K3foMq99Cjx3OnB+VL
GKOjoUoa0ceUHVWYDuY1ERGG8lwKvWpr1UaLkwZkopRojSel2g+zUa8dPU1n9dep
NGUvUVHEsdfQD6LbeqfWFZrPekLdEdCQDYYxFxrgx7urrh1lZRTfDngerMmWdvh7
uUmC4OmMgt4beBhIbeV5ugqQX+R+ueyK96NgUKVOhWFNkIE95f4oNMBJlWfVxLnD
xGRHEsYyb15eLQe04y61139GdeRwY/+CC+BjQU0CTHWdLu87hvXibTtJSg==
-----END CERTIFICATE-----