Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bfcfe9a0-5cb3-497e-a0bc-f735c12c78a0.roa
File:                     bfcfe9a0-5cb3-497e-a0bc-f735c12c78a0.roa (raw, json)
Hash identifier:          AsKmC/WvczWGrop0ZLiQfc7apiE4LVav3nmGoV41a7U=
Subject key identifier:   97:96:65:31:2E:83:F8:C2:35:F5:B8:1E:7B:6B:0E:C7:EC:9E:E4:60
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       520C9D8C87AFF8680459D6252CB6278E6A817E86
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bfcfe9a0-5cb3-497e-a0bc-f735c12c78a0.roa
Signing time:             Wed 05 Nov 2025 00:31:01 +0000
ROA not before:           Wed 05 Nov 2025 00:31:01 +0000
ROA not after:            Wed 10 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        203.110.198.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:0c:9d:8c:87:af:f8:68:04:59:d6:25:2c:b6:27:8e:6a:81:7e:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  5 00:31:01 2025 GMT
            Not After : Dec 10 23:59:59 2025 GMT
        Subject: serialNumber=29146774fb84ad9ce08360107b7984647cc9e97eedcfe251f4eead4085c6e80b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:3b:96:0d:22:ff:3f:e1:db:58:b9:7e:9d:a1:
                    44:5a:a0:5d:05:37:7c:1f:23:af:d5:4b:8e:68:38:
                    e5:70:14:2e:10:5f:30:66:46:4e:0b:ef:1d:b6:58:
                    4e:a9:a2:86:2b:5a:8a:79:89:6c:cc:bd:c6:30:32:
                    96:f4:f5:57:04:c4:67:c2:41:b4:ca:b5:29:68:28:
                    e0:03:12:87:ca:09:d9:0a:f1:f1:e3:fa:22:82:3d:
                    59:c2:f6:85:70:f9:cd:a9:1b:65:db:bb:54:b3:2a:
                    da:13:45:bc:85:6a:0f:5a:6a:7c:e6:93:e0:2e:1a:
                    90:6a:f9:9b:fa:64:88:ce:6d:c6:27:a7:22:d8:89:
                    45:85:01:4f:a2:37:88:b6:04:a8:61:1a:fd:ec:81:
                    f5:4c:f9:c2:60:57:ca:ee:2a:0d:84:3a:63:31:50:
                    ae:47:87:54:c9:9b:0c:76:d3:3e:1e:05:93:a7:8e:
                    9f:d4:47:03:a8:08:0e:02:68:84:51:8a:fa:b7:5a:
                    bb:d4:7a:54:14:8b:22:78:7a:24:59:de:52:9e:ab:
                    78:f4:35:bb:71:64:c5:99:99:e5:9d:a5:21:3d:81:
                    7d:bb:d9:be:0a:27:b2:8f:1e:40:87:a0:82:84:b4:
                    d9:f4:6a:80:ed:0b:25:75:34:ff:c3:44:e0:66:55:
                    39:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:96:65:31:2E:83:F8:C2:35:F5:B8:1E:7B:6B:0E:C7:EC:9E:E4:60
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bfcfe9a0-5cb3-497e-a0bc-f735c12c78a0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.110.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:2d:3e:18:a3:92:e2:c3:f3:c6:ae:ea:5d:dc:c3:0b:64:bc:
         82:67:fb:a3:7d:92:d1:63:19:17:44:9b:23:3e:de:3d:ac:46:
         07:fd:ac:33:7d:bc:8d:d5:b7:ae:73:7a:ea:b3:bd:39:16:ef:
         5f:e8:2e:4f:37:3d:d4:ce:bb:e3:47:a1:62:e7:41:46:1b:ec:
         48:51:a1:5b:0f:31:58:48:f7:12:b2:3e:8c:68:e8:a6:1a:4f:
         e0:c3:33:4d:c3:4a:dc:f9:44:19:20:c4:2a:db:10:6f:9d:89:
         e1:5e:a4:3a:36:00:15:c1:44:f8:21:40:ae:85:47:8f:30:74:
         77:1c:27:c8:b8:74:34:d0:51:f6:40:ce:48:48:b5:16:a2:c7:
         99:81:b1:8f:39:01:af:3c:68:51:b5:11:ab:a1:3f:eb:c5:9b:
         0b:13:4a:0c:fe:28:b0:96:37:92:cf:88:15:c7:18:1b:9b:c7:
         9c:74:87:6f:4a:d4:20:78:82:0e:71:56:7e:2e:d0:03:2b:87:
         83:cf:55:c3:54:db:05:c0:11:d5:d7:22:e3:c3:74:54:33:18:
         83:9c:40:01:c6:e9:d7:a2:0a:59:68:52:61:a7:28:ed:b2:6f:
         62:96:6a:c4:48:b6:f2:95:92:c7:24:13:81:9d:ad:67:8c:ce:
         e4:43:7a:37
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUgydjIev+GgEWdYlLLYnjmqBfoYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTA1MDAzMTAxWhcNMjUxMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0AyOTE0Njc3NGZiODRhZDljZTA4MzYwMTA3Yjc5ODQ2NDdj
YzllOTdlZWRjZmUyNTFmNGVlYWQ0MDg1YzZlODBiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDnO5YNIv8/4dtYuX6doURaoF0FN3wfI6/VS45oOOVwFC4Q
XzBmRk4L7x22WE6pooYrWop5iWzMvcYwMpb09VcExGfCQbTKtSloKOADEofKCdkK
8fHj+iKCPVnC9oVw+c2pG2Xbu1SzKtoTRbyFag9aanzmk+AuGpBq+Zv6ZIjObcYn
pyLYiUWFAU+iN4i2BKhhGv3sgfVM+cJgV8ruKg2EOmMxUK5Hh1TJmwx20z4eBZOn
jp/URwOoCA4CaIRRivq3WrvUelQUiyJ4eiRZ3lKeq3j0NbtxZMWZmeWdpSE9gX27
2b4KJ7KPHkCHoIKEtNn0aoDtCyV1NP/DROBmVTldAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUl5ZlMS6D+MI19bgee2sOx+ye5GAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JmY2ZlOWEwLTVjYjMtNDk3ZS1hMGJjLWY3MzVjMTJjNzhhMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADLbsYwDQYJKoZIhvcNAQELBQADggEBAA4tPhijkuLD88au6l3cwwtkvIJn
+6N9ktFjGRdEmyM+3j2sRgf9rDN9vI3Vt65zeuqzvTkW71/oLk83PdTOu+NHoWLn
QUYb7EhRoVsPMVhI9xKyPoxo6KYaT+DDM03DStz5RBkgxCrbEG+dieFepDo2ABXB
RPghQK6FR48wdHccJ8i4dDTQUfZAzkhItRaix5mBsY85Aa88aFG1EauhP+vFmwsT
Sgz+KLCWN5LPiBXHGBubx5x0h29K1CB4gg5xVn4u0AMrh4PPVcNU2wXAEdXXIuPD
dFQzGIOcQAHG6deiClloUmGnKO2yb2KWasRItvKVksckE4GdrWeMzuRDejc=
-----END CERTIFICATE-----