Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/71f683d0-a46e-47fa-bab4-7249267ca833.roa
File:                     71f683d0-a46e-47fa-bab4-7249267ca833.roa (raw, json)
Hash identifier:          wCdVEzklkwiAIlWlq3zJqO6+PeaqD7I1QervVN06wSI=
Subject key identifier:   4A:1B:83:36:B8:C0:AD:B8:45:74:B0:53:0B:A4:E3:E0:10:F4:47:B7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5266FE4DAACDC72B6B1F14CFC94DDC376A0308A9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/71f683d0-a46e-47fa-bab4-7249267ca833.roa
Signing time:             Wed 12 Nov 2025 00:20:11 +0000
ROA not before:           Wed 12 Nov 2025 00:20:11 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        1.179.60.0/23 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:66:fe:4d:aa:cd:c7:2b:6b:1f:14:cf:c9:4d:dc:37:6a:03:08:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 00:20:11 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=589db7cd5bfb7c7cdf3a16065d5cba71072b0148c414c2466fcdb36bdceac638, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:80:02:c4:68:ab:6a:a0:da:ab:3a:02:cc:8c:
                    9e:af:8f:16:b8:4c:6b:4f:10:58:26:b3:99:73:1a:
                    78:c7:49:72:7a:de:0f:87:a0:61:9b:46:86:4a:cb:
                    1a:da:52:da:73:85:dd:9d:15:61:08:3c:b6:ed:ec:
                    1d:0a:0e:96:b4:9c:04:87:92:65:00:ea:35:59:00:
                    f2:d7:4a:d4:6d:5e:d1:e0:4c:37:2f:80:e6:74:a3:
                    1d:68:9f:76:7c:24:60:04:9b:3d:6b:08:8b:ef:57:
                    75:9c:20:30:f7:8c:fd:30:71:db:40:d6:bc:a4:90:
                    d9:f6:05:a6:64:a5:09:ae:41:5a:3d:38:02:93:00:
                    ab:98:66:8d:4f:73:c8:1a:1f:21:6a:64:87:0d:48:
                    88:cf:f0:c1:f0:ed:bf:cd:08:f8:5a:fc:f7:d1:4e:
                    19:83:2a:d8:1d:1c:e4:b3:fd:65:62:c3:07:c2:ad:
                    65:26:ec:1e:b1:9b:4e:3c:50:ff:c5:56:2d:d0:a2:
                    ba:42:69:a7:3e:c9:e5:4d:31:3c:90:26:aa:d2:75:
                    59:99:ec:44:fa:90:1a:a3:72:e6:a2:72:98:3f:1a:
                    32:7d:5b:ad:63:6d:be:df:ce:20:cc:2f:8b:d7:f7:
                    e4:34:05:44:d5:1b:40:da:15:72:5a:c8:63:4d:27:
                    85:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:1B:83:36:B8:C0:AD:B8:45:74:B0:53:0B:A4:E3:E0:10:F4:47:B7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/71f683d0-a46e-47fa-bab4-7249267ca833.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  1.179.60.0/23

    Signature Algorithm: sha256WithRSAEncryption
         84:33:77:e1:ad:14:9c:be:af:48:49:7d:c0:0c:f6:80:a2:23:
         4c:34:50:ec:ad:00:4f:a2:19:5f:13:8e:67:1a:23:af:eb:93:
         c9:de:88:27:0b:2c:7b:a6:35:81:21:53:e9:37:f1:e1:17:32:
         24:0c:a3:c2:56:31:b2:4e:bc:06:26:dd:48:3c:57:b5:7f:fb:
         be:ce:cf:d1:b2:fd:2b:41:96:ab:f0:dc:a3:c3:fe:8b:75:a0:
         7e:ee:75:c0:2e:e4:70:a4:0e:39:e6:31:8e:15:56:0a:15:bc:
         90:c7:ce:53:47:0f:aa:30:09:a8:3f:cf:32:f1:12:98:0d:be:
         b7:6c:36:f0:ee:31:5c:c3:62:0c:d9:d2:7d:de:ed:51:2d:98:
         31:82:30:f3:da:41:7a:04:25:9b:fa:e7:e4:1e:ac:20:54:c3:
         b7:7e:dd:64:3b:e0:a2:a5:34:65:25:2b:6d:35:30:35:32:35:
         44:38:aa:04:84:4f:68:45:10:1f:26:aa:9e:54:6a:a7:06:09:
         e2:fe:24:36:67:f4:98:10:b6:da:a5:97:9c:dc:0b:58:73:f5:
         34:e5:78:b0:df:1b:84:18:57:e0:0e:8c:8b:a0:af:90:8b:be:
         eb:63:25:2c:de:e3:be:a0:51:df:d8:6c:89:34:9c:03:56:71:
         51:51:a1:34
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUmb+TarNxytrHxTPyU3cN2oDCKkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDAyMDExWhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A1ODlkYjdjZDViZmI3YzdjZGYzYTE2MDY1ZDVjYmE3MTA3
MmIwMTQ4YzQxNGMyNDY2ZmNkYjM2YmRjZWFjNjM4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJgALEaKtqoNqrOgLMjJ6vjxa4TGtPEFgms5lzGnjHSXJ6
3g+HoGGbRoZKyxraUtpzhd2dFWEIPLbt7B0KDpa0nASHkmUA6jVZAPLXStRtXtHg
TDcvgOZ0ox1on3Z8JGAEmz1rCIvvV3WcIDD3jP0wcdtA1rykkNn2BaZkpQmuQVo9
OAKTAKuYZo1Pc8gaHyFqZIcNSIjP8MHw7b/NCPha/PfRThmDKtgdHOSz/WViwwfC
rWUm7B6xm048UP/FVi3QorpCaac+yeVNMTyQJqrSdVmZ7ET6kBqjcuaicpg/GjJ9
W61jbb7fziDML4vX9+Q0BUTVG0DaFXJayGNNJ4WhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUShuDNrjArbhFdLBTC6Tj4BD0R7cwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzcxZjY4M2QwLWE0NmUtNDdmYS1iYWI0LTcyNDkyNjdjYTgzMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEBszwwDQYJKoZIhvcNAQELBQADggEBAIQzd+GtFJy+r0hJfcAM9oCiI0w0
UOytAE+iGV8TjmcaI6/rk8neiCcLLHumNYEhU+k38eEXMiQMo8JWMbJOvAYm3Ug8
V7V/+77Oz9Gy/StBlqvw3KPD/ot1oH7udcAu5HCkDjnmMY4VVgoVvJDHzlNHD6ow
Cag/zzLxEpgNvrdsNvDuMVzDYgzZ0n3e7VEtmDGCMPPaQXoEJZv65+QerCBUw7d+
3WQ74KKlNGUlK201MDUyNUQ4qgSET2hFEB8mqp5UaqcGCeL+JDZn9JgQttqll5zc
C1hz9TTleLDfG4QYV+AOjIugr5CLvutjJSze476gUd/YbIk0nANWcVFRoTQ=
-----END CERTIFICATE-----