Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2f243fe6-341e-47d0-b6c0-16d041ff88be.roa
File:                     2f243fe6-341e-47d0-b6c0-16d041ff88be.roa (raw, json)
Hash identifier:          W2t7fEV1ckLa474RH/JSJXmD5y0TpqfHzlJIGEVHwqw=
Subject key identifier:   73:67:9E:24:5B:FE:00:8A:5E:54:4F:8B:23:54:A7:A5:13:A4:04:6E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       28C0AF93A2AC682052073AA3C8945DB4163CBA30
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2f243fe6-341e-47d0-b6c0-16d041ff88be.roa
Signing time:             Thu 13 Nov 2025 00:51:50 +0000
ROA not before:           Thu 13 Nov 2025 00:51:50 +0000
ROA not after:            Thu 18 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        69.0.163.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:c0:af:93:a2:ac:68:20:52:07:3a:a3:c8:94:5d:b4:16:3c:ba:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 13 00:51:50 2025 GMT
            Not After : Dec 18 23:59:59 2025 GMT
        Subject: serialNumber=e0ccf494382a6b150736a113c7ef8071c1f34e40fea83f594567405fd8e57bb4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:7b:d2:5b:0b:ab:93:25:16:73:26:d6:fa:73:
                    0c:aa:3a:73:09:cf:c7:f4:f3:ca:bb:42:e8:03:49:
                    e1:f9:d4:e5:80:76:01:d3:35:12:1d:38:e5:cb:b1:
                    a3:67:67:63:00:0d:89:48:5b:9d:1c:47:52:2b:e9:
                    ff:10:83:c8:fe:33:56:30:25:11:b1:11:c3:c6:07:
                    f5:c1:db:e3:15:9e:b5:0a:3d:d8:98:e1:39:c8:02:
                    29:65:60:60:d1:6a:11:5c:6c:c8:8e:ad:cc:b5:71:
                    1d:16:48:7d:9b:91:de:55:e8:6b:63:78:85:c2:18:
                    83:3c:45:d2:c6:12:0a:99:c0:bb:d9:f7:59:69:dc:
                    8d:7b:c2:f0:76:af:9b:a1:fd:61:d5:60:be:9e:37:
                    d9:7e:7a:ea:17:a5:93:d3:c9:30:f8:3e:4f:24:cf:
                    06:d3:53:4e:d3:a6:3a:1b:ee:d4:40:57:7d:5d:0c:
                    2f:f5:7f:ca:5b:e8:3d:34:0c:76:78:c8:43:44:5c:
                    c5:a4:bb:f3:0d:07:d9:18:d1:cd:1c:5d:4a:87:2e:
                    67:a2:a9:dc:d8:ac:cf:d9:4c:ca:19:d7:27:6a:c7:
                    17:72:c5:8e:67:88:76:8a:87:a3:f6:72:38:2a:35:
                    ce:3c:e2:89:28:fa:c6:cf:44:82:8c:54:11:a2:09:
                    82:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:67:9E:24:5B:FE:00:8A:5E:54:4F:8B:23:54:A7:A5:13:A4:04:6E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2f243fe6-341e-47d0-b6c0-16d041ff88be.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  69.0.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:e3:f3:2b:21:ba:e6:b3:d2:d8:19:6f:a5:25:f4:8d:e2:29:
         08:6f:3e:07:c8:86:65:12:42:fd:94:93:a2:c0:d6:fc:9b:3b:
         8e:1e:85:12:7b:f6:2d:b0:3c:a3:df:a0:ae:45:2b:ca:1e:69:
         64:5f:27:f8:3d:59:22:21:19:ef:34:42:4c:df:5f:90:01:4b:
         7e:a8:2b:32:9b:1a:ac:e9:01:00:b9:aa:8f:22:38:00:0f:ef:
         a7:bd:01:74:2c:1c:19:0e:0a:b4:b4:65:3f:13:a8:63:26:7b:
         2e:25:b7:54:00:3b:54:16:bc:69:ca:93:67:fa:6f:01:72:97:
         75:28:fd:b0:a1:fc:c2:cf:1e:78:20:a8:21:aa:9c:04:93:7e:
         2a:ad:6f:1f:07:ee:62:b1:63:fe:41:c9:58:2b:81:dd:68:c7:
         29:e3:f4:54:be:96:71:5e:89:9c:de:89:1f:76:d7:69:f2:e5:
         74:d2:7d:43:d3:6f:49:f9:7f:e6:d9:93:3d:15:a8:b3:a1:da:
         7b:0e:fd:33:5a:98:bb:74:15:fc:ed:5b:69:f7:e5:7e:d7:0f:
         e7:e7:e3:5d:45:45:6d:69:b6:c8:0b:71:96:cc:7d:3b:f5:93:
         8b:59:01:31:8f:af:61:cd:ce:99:b0:e6:cc:aa:7a:91:47:29:
         21:65:8b:9d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKMCvk6KsaCBSBzqjyJRdtBY8ujAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEzMDA1MTUwWhcNMjUxMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BlMGNjZjQ5NDM4MmE2YjE1MDczNmExMTNjN2VmODA3MWMx
ZjM0ZTQwZmVhODNmNTk0NTY3NDA1ZmQ4ZTU3YmI0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDNe9JbC6uTJRZzJtb6cwyqOnMJz8f088q7QugDSeH51OWA
dgHTNRIdOOXLsaNnZ2MADYlIW50cR1Ir6f8Qg8j+M1YwJRGxEcPGB/XB2+MVnrUK
PdiY4TnIAillYGDRahFcbMiOrcy1cR0WSH2bkd5V6GtjeIXCGIM8RdLGEgqZwLvZ
91lp3I17wvB2r5uh/WHVYL6eN9l+euoXpZPTyTD4Pk8kzwbTU07Tpjob7tRAV31d
DC/1f8pb6D00DHZ4yENEXMWku/MNB9kY0c0cXUqHLmeiqdzYrM/ZTMoZ1ydqxxdy
xY5niHaKh6P2cjgqNc484oko+sbPRIKMVBGiCYItAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUc2eeJFv+AIpeVE+LI1SnpROkBG4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJmMjQzZmU2LTM0MWUtNDdkMC1iNmMwLTE2ZDA0MWZmODhiZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABFAKMwDQYJKoZIhvcNAQELBQADggEBAIvj8yshuuaz0tgZb6Ul9I3iKQhv
PgfIhmUSQv2Uk6LA1vybO44ehRJ79i2wPKPfoK5FK8oeaWRfJ/g9WSIhGe80Qkzf
X5ABS36oKzKbGqzpAQC5qo8iOAAP76e9AXQsHBkOCrS0ZT8TqGMmey4lt1QAO1QW
vGnKk2f6bwFyl3Uo/bCh/MLPHnggqCGqnASTfiqtbx8H7mKxY/5ByVgrgd1oxynj
9FS+lnFeiZzeiR9212ny5XTSfUPTb0n5f+bZkz0VqLOh2nsO/TNamLt0FfztW2n3
5X7XD+fn411FRW1ptsgLcZbMfTv1k4tZATGPr2HNzpmw5syqepFHKSFli50=
-----END CERTIFICATE-----