Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/46d95802-c80e-48cb-8f8e-746d414d0f7f.roa
File:                     46d95802-c80e-48cb-8f8e-746d414d0f7f.roa (raw, json)
Hash identifier:          G6aQ9PhkAo7uzlO7nckZwJWzlKG76VpGAFJx2kq0LIg=
Subject key identifier:   FD:1A:02:8F:BD:84:8C:00:BB:04:0D:E2:C8:3E:7B:34:78:DE:96:A2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7D8404D1F55DB29F07932095C5053790FBE53B2B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/46d95802-c80e-48cb-8f8e-746d414d0f7f.roa
Signing time:             Sun 16 Nov 2025 00:00:34 +0000
ROA not before:           Sun 16 Nov 2025 00:00:34 +0000
ROA not after:            Sun 21 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.77.237.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:84:04:d1:f5:5d:b2:9f:07:93:20:95:c5:05:37:90:fb:e5:3b:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 16 00:00:34 2025 GMT
            Not After : Dec 21 23:59:59 2025 GMT
        Subject: serialNumber=fafa5fff6853e8247e25e099bf77e6e2988c537c1ada4b88239621cc9f240da9, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:35:c7:ef:02:a2:c4:2b:91:9c:53:f5:17:9e:
                    53:7a:eb:9f:ae:c6:79:1d:f1:52:11:b1:62:13:7b:
                    e4:02:1d:7b:f4:bf:3a:3a:de:a9:37:80:c5:95:db:
                    42:03:2e:ed:10:9d:88:1e:85:e0:5c:98:50:3e:5e:
                    97:5b:43:25:8e:f9:22:0a:b2:6e:d0:80:2d:66:c6:
                    24:5f:8d:a0:a3:49:d0:9c:3f:91:da:38:1d:7f:5f:
                    42:70:78:b9:7d:b9:8f:52:bb:4a:5f:2d:24:89:44:
                    e3:8c:fd:77:e7:1f:c0:0f:6b:f1:fe:79:4a:5f:e8:
                    a0:a9:81:54:2f:85:67:20:16:85:bd:ef:f7:83:25:
                    ce:2e:3b:75:ea:aa:b2:75:5a:a5:f5:91:bb:c4:d2:
                    96:1f:54:23:32:ac:58:b9:50:b1:ab:6e:a7:1e:48:
                    61:93:4c:d3:51:94:77:68:b2:00:f4:0a:05:82:b2:
                    b5:4e:6f:aa:d1:8d:3b:2e:1f:99:88:25:10:61:4a:
                    7d:6c:db:a6:5a:6c:0f:b8:67:9f:22:fc:08:00:20:
                    fe:68:fe:a6:39:ab:c7:f1:10:5f:96:6f:c1:64:91:
                    07:e0:ab:06:03:7a:bb:ce:60:4a:fd:ce:07:e0:1b:
                    7b:88:c9:7b:f2:8e:cd:4f:a9:4b:f0:7c:e5:64:9d:
                    85:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:1A:02:8F:BD:84:8C:00:BB:04:0D:E2:C8:3E:7B:34:78:DE:96:A2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/46d95802-c80e-48cb-8f8e-746d414d0f7f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.77.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d5:3d:92:0a:23:e7:bb:67:2a:9b:49:34:e8:b5:6c:0b:d2:a7:
         c0:ec:10:4c:ad:c1:49:a3:1d:a9:c7:d7:08:53:31:84:b2:14:
         a2:88:5b:03:35:64:3d:5e:9f:9b:23:dd:98:ab:9d:1b:1b:6e:
         4b:74:47:d3:9c:e5:ea:28:0e:ff:27:8b:ff:24:24:4a:d5:7a:
         83:04:a9:1d:ad:e6:40:b1:67:b1:40:e6:de:ca:07:37:c7:6d:
         1a:e5:19:d2:59:3a:90:8d:e7:43:67:82:41:63:5d:ef:71:7b:
         dd:21:af:ed:f3:3b:49:7a:9f:0f:94:f4:66:1d:0f:e1:a8:e2:
         49:81:62:9f:76:59:f1:57:b5:0e:04:0e:45:85:16:8d:f9:bd:
         0e:18:0f:ae:18:18:29:71:cd:bc:5b:28:e5:51:22:ff:11:60:
         66:61:56:08:7a:0a:40:18:1a:0b:22:30:37:e9:cd:20:87:9f:
         a4:e8:a4:70:ad:b7:1b:50:e8:34:ec:04:a8:d2:ce:35:d2:4c:
         e4:aa:bb:1f:cc:0b:92:b9:b7:73:0a:bc:86:a9:f1:7e:9a:66:
         55:94:f9:2a:c4:5d:32:be:3a:1c:99:51:0d:2c:9e:84:03:e1:
         9d:d7:37:1d:db:c7:2f:4f:6b:91:93:dc:8d:0f:cf:0e:91:8d:
         6b:e3:ed:b9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfYQE0fVdsp8HkyCVxQU3kPvlOyswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTE2MDAwMDM0WhcNMjUxMjIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BmYWZhNWZmZjY4NTNlODI0N2UyNWUwOTliZjc3ZTZlMjk4
OGM1MzdjMWFkYTRiODgyMzk2MjFjYzlmMjQwZGE5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDVNcfvAqLEK5GcU/UXnlN665+uxnkd8VIRsWITe+QCHXv0
vzo63qk3gMWV20IDLu0QnYgeheBcmFA+XpdbQyWO+SIKsm7QgC1mxiRfjaCjSdCc
P5HaOB1/X0JweLl9uY9Su0pfLSSJROOM/XfnH8APa/H+eUpf6KCpgVQvhWcgFoW9
7/eDJc4uO3XqqrJ1WqX1kbvE0pYfVCMyrFi5ULGrbqceSGGTTNNRlHdosgD0CgWC
srVOb6rRjTsuH5mIJRBhSn1s26ZabA+4Z58i/AgAIP5o/qY5q8fxEF+Wb8FkkQfg
qwYDervOYEr9zgfgG3uIyXvyjs1PqUvwfOVknYX/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/RoCj72EjAC7BA3iyD57NHjelqIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ2ZDk1ODAyLWM4MGUtNDhjYi04ZjhlLTc0NmQ0MTRkMGY3Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjTe0wDQYJKoZIhvcNAQELBQADggEBANU9kgoj57tnKptJNOi1bAvSp8Ds
EEytwUmjHanH1whTMYSyFKKIWwM1ZD1en5sj3ZirnRsbbkt0R9Oc5eooDv8ni/8k
JErVeoMEqR2t5kCxZ7FA5t7KBzfHbRrlGdJZOpCN50NngkFjXe9xe90hr+3zO0l6
nw+U9GYdD+Go4kmBYp92WfFXtQ4EDkWFFo35vQ4YD64YGClxzbxbKOVRIv8RYGZh
Vgh6CkAYGgsiMDfpzSCHn6TopHCttxtQ6DTsBKjSzjXSTOSqux/MC5K5t3MKvIap
8X6aZlWU+SrEXTK+OhyZUQ0snoQD4Z3XNx3bxy9Pa5GT3I0Pzw6RjWvj7bk=
-----END CERTIFICATE-----