Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6b816526-e2a1-4137-8d6a-34a37b0ba6c8.roa
File:                     6b816526-e2a1-4137-8d6a-34a37b0ba6c8.roa (raw, json)
Hash identifier:          vNRvuzsCInwE9IXZpD1HWs+jRBN47j+0vB2fb1EapII=
Subject key identifier:   91:71:E1:66:6C:92:94:93:57:FA:CD:F8:2B:A0:43:01:49:4C:A7:92
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3588CD392C058E05E3D795596CB899C584834C4D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6b816526-e2a1-4137-8d6a-34a37b0ba6c8.roa
Signing time:             Sat 15 Nov 2025 00:30:13 +0000
ROA not before:           Sat 15 Nov 2025 00:30:13 +0000
ROA not after:            Sat 20 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        165.70.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:88:cd:39:2c:05:8e:05:e3:d7:95:59:6c:b8:99:c5:84:83:4c:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 15 00:30:13 2025 GMT
            Not After : Dec 20 23:59:59 2025 GMT
        Subject: serialNumber=e896f2b924f1336ac7f6a4b63eed1e7143aa32c9f3d68166d675990b870b4629, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:cd:05:1f:2f:c8:0a:8f:a6:e1:2c:eb:cb:e9:
                    9f:fa:c8:81:ad:83:4d:6a:61:47:86:c9:7f:0c:53:
                    f1:98:66:47:d0:87:da:90:db:65:12:60:25:c2:c6:
                    1e:59:6c:0f:09:4c:ea:2d:0c:fd:72:d4:ee:2a:2c:
                    5b:81:0f:78:40:76:77:92:ed:45:80:78:1c:17:4e:
                    bf:1f:eb:27:2b:bd:dc:18:a1:a7:62:d5:9b:02:35:
                    85:3e:a1:6b:12:9b:99:fb:a3:d0:fd:2b:53:dc:92:
                    48:d9:a2:c7:37:41:6a:17:c8:1e:b8:5e:73:e6:ef:
                    4a:40:a8:02:8b:f0:45:cb:c0:92:60:ea:a0:18:59:
                    92:50:7d:04:2f:96:5c:2a:3a:8f:b2:e6:68:85:76:
                    f5:b4:c6:6c:b5:4b:32:9c:3c:48:61:b4:65:3a:55:
                    34:8a:dc:88:de:3a:ad:a6:8d:88:94:4c:56:08:0e:
                    d2:5b:6a:e0:f3:83:90:c8:c6:42:c8:95:b1:f9:c7:
                    25:6b:d0:29:e2:e1:a3:02:db:cd:79:6a:92:4f:c8:
                    b3:ef:a0:8c:b0:d7:5f:39:f8:69:be:47:18:9d:63:
                    37:6f:6c:b1:57:a8:0e:8a:b4:b9:88:12:e8:1b:d5:
                    e0:e8:c7:f5:57:37:8b:16:24:b1:71:9c:02:69:9a:
                    e3:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:71:E1:66:6C:92:94:93:57:FA:CD:F8:2B:A0:43:01:49:4C:A7:92
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6b816526-e2a1-4137-8d6a-34a37b0ba6c8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.70.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         4a:3e:38:6a:d9:f2:4e:ad:1d:d8:d5:7f:71:2c:82:d6:95:54:
         49:f0:5f:aa:5e:a3:c6:78:6e:0d:8a:0b:50:f2:13:5c:10:86:
         d5:38:0e:e4:fe:56:2e:35:d6:42:bd:ca:75:f1:e8:2b:8c:ce:
         4d:ea:96:ed:1b:db:de:2e:b9:f0:24:5a:d4:36:af:8e:3f:e6:
         79:6b:0e:d7:9d:8b:e1:20:9f:72:4b:53:b2:b3:27:3c:4f:e5:
         aa:a5:c3:4d:26:2b:4c:a4:e7:22:97:fa:8d:7f:c1:17:db:36:
         2a:b3:de:1f:66:8f:f4:09:8c:e4:f8:ce:5c:87:91:96:d4:44:
         55:a0:e1:ef:8e:af:83:2d:65:19:1f:5b:22:2f:57:3b:8a:05:
         fa:21:3c:1e:c7:44:02:de:68:b4:b7:08:99:a1:49:ef:5d:fe:
         d8:82:5d:56:0d:83:d4:d3:ba:2a:d5:09:8e:db:45:b2:90:9f:
         62:df:2d:91:a6:0a:ee:35:aa:eb:d2:2d:a3:a1:08:4c:08:81:
         a9:84:b2:16:e7:78:e7:56:ee:dc:e8:bc:bf:f0:a6:a9:d1:1f:
         eb:d6:c8:fc:e6:46:fc:be:a8:03:7a:fd:f0:69:e2:bb:72:24:
         99:10:37:b6:30:47:c7:7b:85:1c:e4:cd:8d:5a:0e:a2:ec:68:
         d2:31:88:cc
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUNYjNOSwFjgXj15VZbLiZxYSDTE0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTE1MDAzMDEzWhcNMjUxMjIwMjM1OTU5
WjB6MUkwRwYDVQQFE0BlODk2ZjJiOTI0ZjEzMzZhYzdmNmE0YjYzZWVkMWU3MTQz
YWEzMmM5ZjNkNjgxNjZkNjc1OTkwYjg3MGI0NjI5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCdzQUfL8gKj6bhLOvL6Z/6yIGtg01qYUeGyX8MU/GYZkfQ
h9qQ22USYCXCxh5ZbA8JTOotDP1y1O4qLFuBD3hAdneS7UWAeBwXTr8f6ycrvdwY
oadi1ZsCNYU+oWsSm5n7o9D9K1PckkjZosc3QWoXyB64XnPm70pAqAKL8EXLwJJg
6qAYWZJQfQQvllwqOo+y5miFdvW0xmy1SzKcPEhhtGU6VTSK3IjeOq2mjYiUTFYI
DtJbauDzg5DIxkLIlbH5xyVr0Cni4aMC2815apJPyLPvoIyw1185+Gm+RxidYzdv
bLFXqA6KtLmIEugb1eDox/VXN4sWJLFxnAJpmuOPAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUkXHhZmySlJNX+s34K6BDAUlMp5IwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzZiODE2NTI2LWUyYTEtNDEzNy04ZDZhLTM0YTM3YjBiYTZjOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwClRjANBgkqhkiG9w0BAQsFAAOCAQEASj44atnyTq0d2NV/cSyC1pVUSfBf
ql6jxnhuDYoLUPITXBCG1TgO5P5WLjXWQr3KdfHoK4zOTeqW7Rvb3i658CRa1Dav
jj/meWsO152L4SCfcktTsrMnPE/lqqXDTSYrTKTnIpf6jX/BF9s2KrPeH2aP9AmM
5PjOXIeRltREVaDh746vgy1lGR9bIi9XO4oF+iE8HsdEAt5otLcImaFJ713+2IJd
Vg2D1NO6KtUJjttFspCfYt8tkaYK7jWq69Ito6EITAiBqYSyFud451bu3Oi8v/Cm
qdEf69bI/OZG/L6oA3r98Gniu3IkmRA3tjBHx3uFHOTNjVoOouxo0jGIzA==
-----END CERTIFICATE-----