Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bdb19a32-70e9-4c69-9856-b4ebce3d5a0c.roa
File:                     bdb19a32-70e9-4c69-9856-b4ebce3d5a0c.roa (raw, json)
Hash identifier:          o7dNAnUmziTH1dqefEx4Jq9hyd0qOsOgceLgLWn+L7Y=
Subject key identifier:   F5:57:B0:B9:4A:17:AA:89:23:BC:E8:B8:32:C6:0E:11:30:F2:30:7D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       44DF7654A8E850162F21E70EAAE1992CD70EE050
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bdb19a32-70e9-4c69-9856-b4ebce3d5a0c.roa
Signing time:             Fri 31 Oct 2025 20:53:28 +0000
ROA not before:           Fri 31 Oct 2025 20:53:28 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        75.2.112.0/20 maxlen: 20
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:df:76:54:a8:e8:50:16:2f:21:e7:0e:aa:e1:99:2c:d7:0e:e0:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 31 20:53:28 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=85e6bf3be1959b9d3187d3be3b8f999209998f96226ecd813fdeb993d2bc31c3, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:08:26:d9:a4:5d:0b:db:4d:53:b1:18:d2:09:
                    19:df:fa:74:45:df:f0:97:cc:0b:93:7e:3a:4b:f6:
                    81:6f:08:1e:65:4c:81:bf:51:5b:d4:51:69:97:62:
                    77:44:6a:3a:5b:98:bb:f5:35:4b:d2:d2:a5:6a:e0:
                    de:b7:6f:5f:4c:13:60:c2:47:fd:39:2d:29:7e:b3:
                    31:47:c8:71:ce:0c:4c:47:ea:5e:87:74:4a:0d:79:
                    10:52:ff:ea:9e:f8:22:ef:22:c0:21:e2:09:3f:35:
                    91:27:7d:11:a4:d0:20:54:76:0d:40:04:47:3b:a0:
                    59:c3:6d:5e:85:61:8c:7f:23:09:44:b9:4a:29:45:
                    08:c4:f8:2a:1c:52:dc:52:d7:d5:04:d2:3a:93:29:
                    13:e2:96:9e:17:6b:ce:ce:81:5a:e2:34:6f:25:e5:
                    b4:46:c1:3d:89:82:ac:f2:9b:6b:ef:f0:48:4a:81:
                    d5:7b:ac:28:73:c8:bd:2c:7b:99:e0:e7:37:53:c6:
                    b3:3c:9a:46:23:be:ab:c0:a3:ce:42:db:32:f5:60:
                    d5:4d:f5:d9:98:54:09:72:d3:f4:d2:f9:36:63:03:
                    43:8f:65:e0:08:d3:64:e7:33:98:c9:ef:91:c2:21:
                    d6:0d:20:22:27:30:ee:e2:55:a7:e6:e8:3e:59:c5:
                    32:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:57:B0:B9:4A:17:AA:89:23:BC:E8:B8:32:C6:0E:11:30:F2:30:7D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bdb19a32-70e9-4c69-9856-b4ebce3d5a0c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  75.2.112.0/20

    Signature Algorithm: sha256WithRSAEncryption
         b4:23:be:8a:e3:88:43:18:75:e9:11:bd:ee:48:d3:d7:e9:79:
         aa:f5:5a:23:94:0e:2f:b1:43:a5:73:2e:e4:38:d2:d1:42:a3:
         0c:69:66:af:8b:9c:0d:ff:3f:8b:13:3b:d1:6b:24:a7:16:9f:
         d1:26:30:3f:37:ff:d7:08:7f:98:d3:0b:d6:b1:3f:e0:ee:0a:
         56:35:67:a6:23:59:7a:72:3d:26:0e:1b:40:f0:ea:81:3a:cc:
         3a:8a:6c:3f:3a:7a:95:a1:94:2f:44:09:3a:3e:9e:e4:56:53:
         94:a4:e5:09:7b:f1:64:19:27:fc:ae:2f:06:54:4d:60:92:5c:
         6a:a1:ac:8b:fc:1d:46:dd:bf:fa:9c:20:09:5d:84:ac:b5:ee:
         fc:64:d6:da:b0:2b:7d:eb:27:3d:d2:60:a7:17:30:ec:3f:3f:
         9b:4c:75:05:2e:fd:2f:b9:4f:0c:59:89:ef:ae:98:ff:01:f9:
         ea:a8:84:17:8a:38:52:c0:af:e2:7d:78:6e:c0:a7:0d:e5:7c:
         e4:22:81:e1:07:8c:9e:f3:f0:61:70:d3:9a:5b:75:1f:6d:dd:
         51:83:f4:ac:3b:4c:da:75:76:e9:61:bb:9a:64:d3:57:8d:32:
         da:63:4d:52:35:69:30:17:51:79:23:e9:a8:5c:18:7e:c4:2b:
         37:f4:55:27
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURN92VKjoUBYvIecOquGZLNcO4FAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDMxMjA1MzI4WhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A4NWU2YmYzYmUxOTU5YjlkMzE4N2QzYmUzYjhmOTk5MjA5
OTk4Zjk2MjI2ZWNkODEzZmRlYjk5M2QyYmMzMWMzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/CCbZpF0L201TsRjSCRnf+nRF3/CXzAuTfjpL9oFvCB5l
TIG/UVvUUWmXYndEajpbmLv1NUvS0qVq4N63b19ME2DCR/05LSl+szFHyHHODExH
6l6HdEoNeRBS/+qe+CLvIsAh4gk/NZEnfRGk0CBUdg1ABEc7oFnDbV6FYYx/IwlE
uUopRQjE+CocUtxS19UE0jqTKRPilp4Xa87OgVriNG8l5bRGwT2Jgqzym2vv8EhK
gdV7rChzyL0se5ng5zdTxrM8mkYjvqvAo85C2zL1YNVN9dmYVAly0/TS+TZjA0OP
ZeAI02TnM5jJ75HCIdYNICInMO7iVafm6D5ZxTKTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU9VewuUoXqokjvOi4MsYOETDyMH0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JkYjE5YTMyLTcwZTktNGM2OS05ODU2LWI0ZWJjZTNkNWEwYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBARLAnAwDQYJKoZIhvcNAQELBQADggEBALQjvorjiEMYdekRve5I09fpear1
WiOUDi+xQ6VzLuQ40tFCowxpZq+LnA3/P4sTO9FrJKcWn9EmMD83/9cIf5jTC9ax
P+DuClY1Z6YjWXpyPSYOG0Dw6oE6zDqKbD86epWhlC9ECTo+nuRWU5Sk5Ql78WQZ
J/yuLwZUTWCSXGqhrIv8HUbdv/qcIAldhKy17vxk1tqwK33rJz3SYKcXMOw/P5tM
dQUu/S+5TwxZie+umP8B+eqohBeKOFLAr+J9eG7Apw3lfOQigeEHjJ7z8GFw05pb
dR9t3VGD9Kw7TNp1dulhu5pk01eNMtpjTVI1aTAXUXkj6ahcGH7EKzf0VSc=
-----END CERTIFICATE-----