Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/711afc9c-219b-409d-9c7f-0d2fb54ac829.roa
File:                     711afc9c-219b-409d-9c7f-0d2fb54ac829.roa (raw, json)
Hash identifier:          X7gUQurGqkZx1+uW7KXKaupad6AKQNITiGqnFnKt4f4=
Subject key identifier:   C3:EC:56:75:C3:2F:AD:9F:5A:24:86:30:34:17:89:FB:B0:79:F5:D7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3E738EA87ACF9A016736C5015D3807767CD6FF31
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/711afc9c-219b-409d-9c7f-0d2fb54ac829.roa
Signing time:             Tue 11 Nov 2025 00:50:06 +0000
ROA not before:           Tue 11 Nov 2025 00:50:06 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        119.13.128.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:73:8e:a8:7a:cf:9a:01:67:36:c5:01:5d:38:07:76:7c:d6:ff:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 00:50:06 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=7b558b7fabd61158dcf57d6b1fe53794cd4ab01b3c92b0229475b754af33e429, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:93:74:58:72:19:3b:42:3d:bc:eb:95:db:87:
                    cc:bd:0a:89:ff:38:16:28:f3:5d:25:32:dd:8a:64:
                    e6:e6:e5:e4:0a:84:74:59:54:42:3f:bc:8a:8f:f8:
                    51:80:0d:c6:3f:8f:08:ed:f6:13:26:ea:73:6e:65:
                    7c:4f:82:1d:92:14:a7:29:63:ef:e8:94:aa:06:24:
                    09:c1:c8:94:8e:05:9a:09:06:aa:8b:f0:24:ff:93:
                    cb:7b:75:1d:31:ce:6e:ea:54:2e:d3:c0:e2:90:00:
                    98:b0:65:94:f1:21:7d:7e:dc:6c:50:c7:8c:8d:70:
                    b2:c3:0f:d7:2a:5e:e2:0c:6d:d5:1b:64:50:04:fd:
                    88:38:db:19:ba:54:65:4c:f6:a1:f8:a7:1c:69:f5:
                    71:30:66:9c:e4:d4:19:7e:9f:6f:17:39:82:65:b8:
                    80:e3:f1:52:e0:25:23:7f:3e:4e:f2:8f:f7:f6:10:
                    7c:2e:3c:fa:c8:1d:48:36:5b:8e:37:78:20:96:03:
                    0d:f9:32:83:63:5d:5c:9f:21:a7:d0:1e:8d:61:45:
                    80:21:fb:dd:5e:17:0b:f6:48:a5:0f:36:6d:04:15:
                    d6:7b:e0:70:1f:4c:fb:ad:29:56:a5:84:8d:a0:8d:
                    8e:71:f4:11:6a:0d:1b:8f:12:68:ad:b1:1e:1b:ea:
                    b5:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:EC:56:75:C3:2F:AD:9F:5A:24:86:30:34:17:89:FB:B0:79:F5:D7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/711afc9c-219b-409d-9c7f-0d2fb54ac829.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  119.13.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         7d:09:df:e6:c5:2a:0e:3e:47:a5:64:0a:17:0b:d6:6b:a0:47:
         0a:45:5c:79:ce:95:18:56:78:bc:29:4b:4c:74:0b:f7:41:03:
         84:f0:cd:82:c8:64:42:96:cd:08:8d:97:9c:dd:8d:37:05:67:
         67:10:dd:14:cb:18:a2:5c:d2:84:43:3c:2e:f9:34:81:16:54:
         52:40:51:11:19:c9:93:35:6f:cf:cb:cd:be:25:4e:e2:c1:60:
         83:40:8b:ab:d3:99:c8:d8:3c:3b:0d:dc:74:2c:69:ca:3d:91:
         17:9f:82:81:76:e2:bb:1b:2d:2c:3c:02:bf:a3:b2:90:4a:a1:
         1d:a0:fa:1e:24:eb:b9:d9:7c:37:ae:f2:8c:62:58:e4:33:c5:
         b2:a7:8a:46:13:90:be:fa:fa:e2:05:e6:da:0a:36:f3:d6:bb:
         da:44:fa:89:56:23:7d:0f:1b:5c:1e:bc:d5:cf:8c:01:32:0b:
         f0:d8:7b:d1:1d:81:8f:5e:6a:32:fe:c4:cc:d8:36:10:18:26:
         82:ad:05:a1:25:9c:a3:c2:67:5e:3c:7c:c0:9e:70:41:db:6d:
         45:e3:63:24:c1:7e:1e:fe:24:6b:e8:8c:80:14:4e:ec:d9:81:
         99:ea:b8:ac:8d:87:25:36:e1:fe:c1:21:4c:59:26:89:0e:18:
         a1:a4:c4:61
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPnOOqHrPmgFnNsUBXTgHdnzW/zEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDA1MDA2WhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A3YjU1OGI3ZmFiZDYxMTU4ZGNmNTdkNmIxZmU1Mzc5NGNk
NGFiMDFiM2M5MmIwMjI5NDc1Yjc1NGFmMzNlNDI5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDLk3RYchk7Qj2865Xbh8y9Con/OBYo810lMt2KZObm5eQK
hHRZVEI/vIqP+FGADcY/jwjt9hMm6nNuZXxPgh2SFKcpY+/olKoGJAnByJSOBZoJ
BqqL8CT/k8t7dR0xzm7qVC7TwOKQAJiwZZTxIX1+3GxQx4yNcLLDD9cqXuIMbdUb
ZFAE/Yg42xm6VGVM9qH4pxxp9XEwZpzk1Bl+n28XOYJluIDj8VLgJSN/Pk7yj/f2
EHwuPPrIHUg2W443eCCWAw35MoNjXVyfIafQHo1hRYAh+91eFwv2SKUPNm0EFdZ7
4HAfTPutKValhI2gjY5x9BFqDRuPEmitsR4b6rW7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUw+xWdcMvrZ9aJIYwNBeJ+7B59dcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzcxMWFmYzljLTIxOWItNDA5ZC05YzdmLTBkMmZiNTRhYzgyOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAR3DYAwDQYJKoZIhvcNAQELBQADggEBAH0J3+bFKg4+R6VkChcL1mugRwpF
XHnOlRhWeLwpS0x0C/dBA4TwzYLIZEKWzQiNl5zdjTcFZ2cQ3RTLGKJc0oRDPC75
NIEWVFJAUREZyZM1b8/Lzb4lTuLBYINAi6vTmcjYPDsN3HQsaco9kRefgoF24rsb
LSw8Ar+jspBKoR2g+h4k67nZfDeu8oxiWOQzxbKnikYTkL76+uIF5toKNvPWu9pE
+olWI30PG1wevNXPjAEyC/DYe9EdgY9eajL+xMzYNhAYJoKtBaElnKPCZ148fMCe
cEHbbUXjYyTBfh7+JGvojIAUTuzZgZnquKyNhyU24f7BIUxZJokOGKGkxGE=
-----END CERTIFICATE-----