Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b971328c-a37b-45b1-9c93-c0934a356378.roa
File:                     b971328c-a37b-45b1-9c93-c0934a356378.roa (raw, json)
Hash identifier:          3F6WfW3p8na3pb5SKy1wpfq53h6Uqxv5jgJg/1b/vi4=
Subject key identifier:   4A:14:75:90:C2:F0:14:DE:40:1B:3C:E4:D6:E3:79:5A:F5:E8:49:B6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       13A803B9A9533E60D5922BC5A543115DE8381E95
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b971328c-a37b-45b1-9c93-c0934a356378.roa
Signing time:             Wed 22 Oct 2025 00:20:13 +0000
ROA not before:           Wed 22 Oct 2025 00:20:13 +0000
ROA not after:            Wed 26 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        57.84.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:a8:03:b9:a9:53:3e:60:d5:92:2b:c5:a5:43:11:5d:e8:38:1e:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 22 00:20:13 2025 GMT
            Not After : Nov 26 23:59:59 2025 GMT
        Subject: serialNumber=cfd31f95dbc2fa38bf920c9d0606509c1bd2583def7830ab3b51d8af23e6b7ec, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:b5:27:00:2b:18:04:d5:fd:e5:7a:94:ce:75:
                    f3:4d:65:8b:32:35:4c:6c:c0:c0:98:db:45:b5:0e:
                    94:19:bd:56:19:ae:a3:ef:84:17:ab:e7:c6:9a:e5:
                    23:0f:c6:25:78:59:8c:70:a5:bc:08:4b:78:8c:73:
                    0f:38:e6:cb:03:be:d0:68:d1:11:29:d7:6a:97:f5:
                    d9:01:a3:d7:8f:02:6e:cf:b0:c2:0d:36:9c:71:93:
                    37:52:56:55:46:f5:9d:d1:0e:57:aa:16:e4:66:82:
                    a7:13:35:01:02:1d:85:84:47:0f:c8:7b:35:8e:a9:
                    82:14:c9:17:d4:7d:36:b6:29:28:b9:6f:3c:d4:5a:
                    6c:e5:85:bd:3d:43:95:d5:f3:b8:12:cf:9d:34:ae:
                    2a:c9:be:33:a7:1b:f2:ec:2b:30:07:b3:01:0f:bd:
                    d9:7e:4e:85:5a:19:fc:0f:31:f5:2f:e9:1f:a0:c5:
                    e8:ef:4b:87:78:1a:8b:49:9e:6a:00:f9:7a:8c:3e:
                    ab:a6:a5:02:27:ac:7e:c5:f1:ed:00:0f:af:58:97:
                    55:91:2d:bf:f0:58:97:4a:87:5a:b3:dc:00:48:be:
                    e4:3c:6a:99:f2:8b:d3:dc:b5:4a:fe:b9:43:e7:65:
                    ec:24:ed:1a:1e:1b:1f:a1:a8:53:9a:5d:13:26:98:
                    d4:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:14:75:90:C2:F0:14:DE:40:1B:3C:E4:D6:E3:79:5A:F5:E8:49:B6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b971328c-a37b-45b1-9c93-c0934a356378.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.84.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         24:23:c3:de:87:dd:04:fd:4d:41:bb:68:82:48:8a:63:33:78:
         9f:a2:c5:c6:2a:ac:09:2a:b1:29:2b:2f:25:8e:37:a6:b1:3b:
         ae:42:cc:82:5f:28:ec:de:be:b4:52:70:78:b8:fc:7e:bb:83:
         a1:2c:03:2f:a6:55:af:75:e8:ac:d6:cb:8a:d8:6f:2c:1e:de:
         96:01:a8:56:49:b1:72:b6:fd:45:a2:0f:a0:32:6f:2e:6f:c0:
         c1:b6:54:ce:5c:0f:d8:b2:36:db:6c:a0:84:88:14:fe:dd:d6:
         66:bd:97:4f:82:1e:73:58:f4:55:ee:60:a2:91:3d:0d:63:0b:
         1d:14:92:af:82:62:3c:2e:77:ce:ed:1f:3c:0a:89:a6:1b:db:
         af:77:aa:0c:c4:ca:c6:9b:0e:d3:7a:1d:9b:64:f1:a2:25:95:
         a9:58:65:e4:b7:db:da:c9:63:33:1b:7d:6e:ae:6c:5a:39:75:
         a9:f9:7f:60:00:b9:6f:4f:a8:83:22:2f:43:cd:92:6c:9e:26:
         ec:73:f5:b2:6c:cc:63:e8:50:a5:7a:87:38:47:7d:1e:f3:6d:
         99:2d:c0:ba:b7:e1:99:fe:7a:7f:63:cd:11:a8:82:52:41:e4:
         36:f5:fa:17:be:92:61:2f:b1:d5:a0:66:16:1f:19:5b:fb:d5:
         48:cf:64:a2
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUE6gDualTPmDVkivFpUMRXeg4HpUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIyMDAyMDEzWhcNMjUxMTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0BjZmQzMWY5NWRiYzJmYTM4YmY5MjBjOWQwNjA2NTA5YzFi
ZDI1ODNkZWY3ODMwYWIzYjUxZDhhZjIzZTZiN2VjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCctScAKxgE1f3lepTOdfNNZYsyNUxswMCY20W1DpQZvVYZ
rqPvhBer58aa5SMPxiV4WYxwpbwIS3iMcw845ssDvtBo0REp12qX9dkBo9ePAm7P
sMINNpxxkzdSVlVG9Z3RDleqFuRmgqcTNQECHYWERw/IezWOqYIUyRfUfTa2KSi5
bzzUWmzlhb09Q5XV87gSz500rirJvjOnG/LsKzAHswEPvdl+ToVaGfwPMfUv6R+g
xejvS4d4GotJnmoA+XqMPqumpQInrH7F8e0AD69Yl1WRLb/wWJdKh1qz3ABIvuQ8
apnyi9PctUr+uUPnZewk7RoeGx+hqFOaXRMmmNRfAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUShR1kMLwFN5AGzzk1uN5WvXoSbYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I5NzEzMjhjLWEzN2ItNDViMS05YzkzLWMwOTM0YTM1NjM3OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA5VDANBgkqhkiG9w0BAQsFAAOCAQEAJCPD3ofdBP1NQbtogkiKYzN4n6LF
xiqsCSqxKSsvJY43prE7rkLMgl8o7N6+tFJweLj8fruDoSwDL6ZVr3XorNbLithv
LB7elgGoVkmxcrb9RaIPoDJvLm/AwbZUzlwP2LI222yghIgU/t3WZr2XT4Iec1j0
Ve5gopE9DWMLHRSSr4JiPC53zu0fPAqJphvbr3eqDMTKxpsO03odm2TxoiWVqVhl
5Lfb2sljMxt9bq5sWjl1qfl/YAC5b0+ogyIvQ82SbJ4m7HP1smzMY+hQpXqHOEd9
HvNtmS3Aurfhmf56f2PNEaiCUkHkNvX6F76SYS+x1aBmFh8ZW/vVSM9kog==
-----END CERTIFICATE-----