Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8874e635-d9df-43c1-b44b-b12c7fe93bde.roa
File:                     8874e635-d9df-43c1-b44b-b12c7fe93bde.roa (raw, json)
Hash identifier:          jK58IH9slkWqtwpXbqsmwQW1kKCAVViQ678qv56JMfY=
Subject key identifier:   56:6C:1E:74:45:C9:F5:25:2E:8D:99:8C:E8:3A:76:25:0E:33:2A:9C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       56E23C61128A38CBE40C4A52DC3F252796EDB312
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8874e635-d9df-43c1-b44b-b12c7fe93bde.roa
Signing time:             Tue 11 Nov 2025 02:21:41 +0000
ROA not before:           Tue 11 Nov 2025 02:21:41 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        174.129.64.0/18 maxlen: 18
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:e2:3c:61:12:8a:38:cb:e4:0c:4a:52:dc:3f:25:27:96:ed:b3:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 02:21:41 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=26aa8dba6d3d251e0441d7cbb401badb5342ec362009a255bd632e15630e59a7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:e4:dd:7c:7e:0f:38:4e:ae:d7:b3:b0:6a:da:
                    8d:d3:b0:70:55:3c:95:8a:4a:23:4d:c7:88:15:f8:
                    47:73:6d:09:bc:5e:af:01:1c:5f:0e:c3:40:67:39:
                    37:99:82:f4:0c:40:e4:08:58:33:d6:16:86:81:eb:
                    2c:57:82:8b:14:7e:7b:d5:c8:04:c7:df:6f:8b:1c:
                    5b:7f:77:57:35:3c:2b:b5:d3:b1:84:b1:45:12:3b:
                    91:38:7b:4a:1f:44:b3:bd:31:70:c2:e7:16:3e:e3:
                    c3:7d:f9:30:2e:6b:8a:40:42:6f:73:27:05:7a:2a:
                    81:37:86:83:e8:ba:2b:98:22:ea:71:de:21:dc:fb:
                    04:67:7a:50:61:2d:c2:be:6d:40:0d:41:45:8d:a6:
                    77:ce:b3:9b:a6:bd:98:77:49:b1:9b:03:6d:eb:91:
                    3f:c2:03:d4:8a:f0:c8:3d:a3:bb:21:c7:64:35:cf:
                    93:28:05:82:9b:05:09:bd:9d:b5:4a:71:90:d8:f4:
                    e8:23:43:30:21:2b:79:ac:ff:d2:97:3f:4f:c5:7f:
                    15:3d:7d:c9:d4:26:34:ab:63:a9:2f:82:35:cc:7f:
                    49:6f:f6:14:f5:b9:d1:b3:18:cb:37:6a:b8:08:60:
                    84:c4:69:08:0c:b5:f2:87:66:9e:bf:b3:05:c0:31:
                    9f:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:6C:1E:74:45:C9:F5:25:2E:8D:99:8C:E8:3A:76:25:0E:33:2A:9C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8874e635-d9df-43c1-b44b-b12c7fe93bde.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  174.129.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         d2:9d:2c:0e:85:78:9b:e7:5b:58:09:96:5b:37:9b:7b:49:d8:
         af:92:09:ec:21:f7:e1:ed:70:cd:22:2c:ea:ed:94:5c:ec:a0:
         70:f0:4c:03:8d:89:93:80:41:e5:c6:f8:b0:97:e9:c2:e0:4f:
         2b:24:65:92:18:6d:12:f6:f8:b8:85:ab:c5:36:78:c0:7a:2d:
         be:98:bc:39:6f:5e:43:05:92:6f:72:52:cf:03:f2:2e:43:f0:
         84:e5:30:a7:a0:07:57:36:ce:1e:1b:44:c2:8a:24:d3:a5:86:
         42:bf:35:a5:2d:44:d0:ad:31:5f:ca:71:21:f2:c6:e5:02:c9:
         77:08:ac:53:11:85:a9:9d:6e:25:d0:cc:15:b9:18:b2:e3:d3:
         55:ab:15:6b:2f:73:41:56:cb:4f:69:0f:10:12:7c:1f:73:1f:
         5e:67:55:76:2b:e9:10:24:a5:7d:43:59:b1:f8:9b:31:3e:74:
         06:80:04:98:0e:20:5f:3e:f4:f0:7a:f1:f2:d7:09:0f:e5:e8:
         d2:5d:f9:bb:6a:19:43:7b:d8:90:d4:62:d8:f1:cf:36:bb:3c:
         ab:da:b7:eb:1f:ae:a3:de:3d:b7:df:71:1b:b5:10:d0:fc:5c:
         19:de:2d:ed:2d:ac:3d:f5:c8:eb:15:65:42:fc:f3:3e:25:13:
         51:39:48:77
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVuI8YRKKOMvkDEpS3D8lJ5btsxIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDIyMTQxWhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0AyNmFhOGRiYTZkM2QyNTFlMDQ0MWQ3Y2JiNDAxYmFkYjUz
NDJlYzM2MjAwOWEyNTViZDYzMmUxNTYzMGU1OWE3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCQ5N18fg84Tq7Xs7Bq2o3TsHBVPJWKSiNNx4gV+EdzbQm8
Xq8BHF8Ow0BnOTeZgvQMQOQIWDPWFoaB6yxXgosUfnvVyATH32+LHFt/d1c1PCu1
07GEsUUSO5E4e0ofRLO9MXDC5xY+48N9+TAua4pAQm9zJwV6KoE3hoPouiuYIupx
3iHc+wRnelBhLcK+bUANQUWNpnfOs5umvZh3SbGbA23rkT/CA9SK8Mg9o7shx2Q1
z5MoBYKbBQm9nbVKcZDY9OgjQzAhK3ms/9KXP0/FfxU9fcnUJjSrY6kvgjXMf0lv
9hT1udGzGMs3argIYITEaQgMtfKHZp6/swXAMZ+fAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUVmwedEXJ9SUujZmM6Dp2JQ4zKpwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg4NzRlNjM1LWQ5ZGYtNDNjMS1iNDRiLWIxMmM3ZmU5M2JkZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAaugUAwDQYJKoZIhvcNAQELBQADggEBANKdLA6FeJvnW1gJlls3m3tJ2K+S
Cewh9+HtcM0iLOrtlFzsoHDwTAONiZOAQeXG+LCX6cLgTyskZZIYbRL2+LiFq8U2
eMB6Lb6YvDlvXkMFkm9yUs8D8i5D8ITlMKegB1c2zh4bRMKKJNOlhkK/NaUtRNCt
MV/KcSHyxuUCyXcIrFMRhamdbiXQzBW5GLLj01WrFWsvc0FWy09pDxASfB9zH15n
VXYr6RAkpX1DWbH4mzE+dAaABJgOIF8+9PB68fLXCQ/l6NJd+btqGUN72JDUYtjx
zza7PKvat+sfrqPePbffcRu1END8XBneLe0trD31yOsVZUL88z4lE1E5SHc=
-----END CERTIFICATE-----