Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b2c3c467-0357-412c-8f21-70113f26e16c.roa
File:                     b2c3c467-0357-412c-8f21-70113f26e16c.roa (raw, json)
Hash identifier:          zSUafMo1eI73l9MYrq2eSc+xoBjdPLEwTjyU5Cm+ZXM=
Subject key identifier:   7D:B5:BD:F5:16:A8:94:B3:68:9F:76:A9:CC:4D:B8:BF:3B:76:45:D4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       256395E440781FCE3CFDB15B1653948AC51215EB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b2c3c467-0357-412c-8f21-70113f26e16c.roa
Signing time:             Wed 22 Oct 2025 00:10:06 +0000
ROA not before:           Wed 22 Oct 2025 00:10:06 +0000
ROA not after:            Wed 26 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        205.172.176.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:63:95:e4:40:78:1f:ce:3c:fd:b1:5b:16:53:94:8a:c5:12:15:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 22 00:10:06 2025 GMT
            Not After : Nov 26 23:59:59 2025 GMT
        Subject: serialNumber=ddc5f052f38ec5bee99aa2d27d261bcd12019abe067df017029fe81d0216fb3e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:4e:a3:a5:2a:c9:41:a4:95:5d:52:ff:6d:de:
                    93:94:49:08:b0:33:f5:45:ee:50:81:38:a9:fc:b1:
                    1e:fe:f1:8f:e7:91:03:60:5c:89:69:07:17:0a:c6:
                    1a:a0:5e:85:c1:8e:71:49:77:60:b3:fe:34:a6:c8:
                    7d:08:bb:03:31:36:55:16:93:b2:ee:05:a8:fa:b7:
                    dc:e0:54:0f:e0:28:5e:0b:2d:af:f7:f7:96:5a:82:
                    6e:01:39:26:c2:25:ea:c1:c2:fe:8a:74:1f:57:d1:
                    be:d8:c0:e5:7e:e4:af:8f:57:c7:5a:36:09:a5:ee:
                    8a:72:90:81:6a:bc:43:14:c1:b1:c5:40:b8:68:30:
                    9e:a4:43:06:41:17:f6:38:e2:b2:dc:4e:ad:82:23:
                    bc:f8:24:9c:df:10:d8:8d:cf:e2:a7:27:15:64:df:
                    ad:ee:91:cc:63:c8:9b:c5:5a:b6:6c:d3:81:69:cb:
                    be:ad:fb:ea:75:7e:6c:ed:63:7e:f1:2b:2b:93:dd:
                    60:da:e2:f5:5a:f0:da:72:3d:45:e5:25:7b:fd:f9:
                    25:90:d3:a3:e4:74:1c:22:8c:17:3e:b1:4d:a0:d3:
                    e1:67:dc:a0:dc:8d:1b:c7:23:c5:dc:6d:f8:01:bc:
                    1a:ed:bf:d7:ce:81:a0:20:5b:f9:6f:f3:4c:5e:69:
                    d2:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:B5:BD:F5:16:A8:94:B3:68:9F:76:A9:CC:4D:B8:BF:3B:76:45:D4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b2c3c467-0357-412c-8f21-70113f26e16c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  205.172.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c4:fb:b9:de:c5:2b:28:df:d9:3b:5b:7b:f7:19:ba:ef:be:cc:
         39:85:d6:58:96:cf:e2:0e:e7:9b:3a:c2:e0:9e:87:3a:c7:4b:
         10:c1:b1:f6:ff:75:23:86:c2:9e:50:a0:2e:0c:fe:cf:62:ff:
         6a:fc:7b:c8:48:9b:95:20:32:99:43:83:1f:6e:91:21:b5:8d:
         dd:30:cf:54:79:cb:9e:a0:a8:ca:d3:55:9e:42:11:45:68:9e:
         26:ef:27:88:93:e4:6f:92:93:d3:7b:1d:d6:3a:23:b9:f7:c1:
         65:aa:c2:09:b7:f5:ab:c1:bb:d3:34:77:79:c7:99:de:2c:ac:
         f2:3b:9d:3e:50:a4:42:65:f6:5f:2f:41:c4:87:9e:a0:48:83:
         38:1c:0d:31:ec:09:45:9d:23:46:5f:16:a7:34:5e:e4:bb:eb:
         4c:62:8e:e8:51:4e:7e:4c:9f:39:b9:ad:72:ca:02:c4:c7:60:
         e0:06:ff:58:e7:f0:12:90:df:85:61:8d:9e:1e:51:17:01:79:
         6b:d6:2e:40:ec:54:14:be:8b:76:a3:e5:bd:2d:40:ad:92:b6:
         db:ec:9c:c4:a4:b5:7b:bb:de:b8:9a:7e:86:11:6d:61:93:26:
         44:92:09:73:fb:3d:46:1b:6d:a9:33:22:2f:8e:dd:5d:d7:33:
         f2:5c:83:04
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJWOV5EB4H848/bFbFlOUisUSFeswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIyMDAxMDA2WhcNMjUxMTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0BkZGM1ZjA1MmYzOGVjNWJlZTk5YWEyZDI3ZDI2MWJjZDEy
MDE5YWJlMDY3ZGYwMTcwMjlmZTgxZDAyMTZmYjNlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQChTqOlKslBpJVdUv9t3pOUSQiwM/VF7lCBOKn8sR7+8Y/n
kQNgXIlpBxcKxhqgXoXBjnFJd2Cz/jSmyH0IuwMxNlUWk7LuBaj6t9zgVA/gKF4L
La/395Zagm4BOSbCJerBwv6KdB9X0b7YwOV+5K+PV8daNgml7opykIFqvEMUwbHF
QLhoMJ6kQwZBF/Y44rLcTq2CI7z4JJzfENiNz+KnJxVk363ukcxjyJvFWrZs04Fp
y76t++p1fmztY37xKyuT3WDa4vVa8NpyPUXlJXv9+SWQ06PkdBwijBc+sU2g0+Fn
3KDcjRvHI8XcbfgBvBrtv9fOgaAgW/lv80xeadKJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUfbW99RaolLNon3apzE24vzt2RdQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2IyYzNjNDY3LTAzNTctNDEyYy04ZjIxLTcwMTEzZjI2ZTE2Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBALNrLAwDQYJKoZIhvcNAQELBQADggEBAMT7ud7FKyjf2Ttbe/cZuu++zDmF
1liWz+IO55s6wuCehzrHSxDBsfb/dSOGwp5QoC4M/s9i/2r8e8hIm5UgMplDgx9u
kSG1jd0wz1R5y56gqMrTVZ5CEUVonibvJ4iT5G+Sk9N7HdY6I7n3wWWqwgm39avB
u9M0d3nHmd4srPI7nT5QpEJl9l8vQcSHnqBIgzgcDTHsCUWdI0ZfFqc0XuS760xi
juhRTn5Mnzm5rXLKAsTHYOAG/1jn8BKQ34VhjZ4eURcBeWvWLkDsVBS+i3aj5b0t
QK2SttvsnMSktXu73riafoYRbWGTJkSSCXP7PUYbbakzIi+O3V3XM/JcgwQ=
-----END CERTIFICATE-----