Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b5e9ed4e-9291-4b63-a0c4-15b7a3bfcf69.roa
File:                     b5e9ed4e-9291-4b63-a0c4-15b7a3bfcf69.roa (raw, json)
Hash identifier:          GIW6XXTTKAA1EborKkposzQyCjyB0oTkxHP6yfN89/M=
Subject key identifier:   AE:AB:26:56:11:94:7E:FD:15:FE:4F:F1:CA:D8:7E:B6:46:83:48:98
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6D105E551C854D409A80BA1BCB3511931FF32CCE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b5e9ed4e-9291-4b63-a0c4-15b7a3bfcf69.roa
Signing time:             Fri 03 Oct 2025 00:01:24 +0000
ROA not before:           Fri 03 Oct 2025 00:01:24 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        107.152.133.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:10:5e:55:1c:85:4d:40:9a:80:ba:1b:cb:35:11:93:1f:f3:2c:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 00:01:24 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=5e6539800e3ea0fe743f6fe770bc1ebf7a0d32895d4f24a08c184655073865ba, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:f7:5f:db:1b:af:34:e8:f3:ae:65:9d:e5:7a:
                    32:b5:c0:d2:78:7d:d9:49:74:ba:da:fe:d9:25:d6:
                    77:16:b1:24:80:35:53:10:0c:e9:c3:2f:9d:da:d9:
                    e0:1d:eb:55:b4:76:0e:79:8e:3d:f4:d2:9a:cc:f0:
                    a9:c9:af:9b:bc:3d:3f:c9:73:55:ca:e1:96:da:9d:
                    d6:39:9d:c4:7c:35:69:9a:6a:a3:83:4e:96:70:f6:
                    76:45:45:6b:35:e1:89:10:a3:72:78:86:69:ee:63:
                    6f:81:90:aa:fa:12:0f:f6:88:f4:10:6b:f3:9d:39:
                    e8:55:17:2e:45:b0:84:5f:d6:f4:ee:6b:b9:51:71:
                    1b:09:87:54:ff:62:4f:b3:02:12:14:af:b9:b7:47:
                    6c:a3:10:0c:ca:17:c1:cb:1d:49:2d:c8:77:08:bb:
                    86:fd:35:6c:a3:1f:41:15:4f:b3:24:25:f0:75:0c:
                    9a:f4:15:f2:f9:bc:6b:de:bd:5c:ee:19:6f:06:3d:
                    8f:3c:0f:6a:ce:ed:92:2e:51:08:0d:7a:6c:96:0f:
                    86:95:7b:ca:6f:82:eb:20:2e:a4:55:a6:6c:78:19:
                    5b:42:5c:22:84:89:be:9e:2c:8d:da:7f:99:f1:5c:
                    d0:e6:5c:3f:65:85:e9:98:a7:c6:b7:36:3f:c3:5c:
                    d8:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:AB:26:56:11:94:7E:FD:15:FE:4F:F1:CA:D8:7E:B6:46:83:48:98
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b5e9ed4e-9291-4b63-a0c4-15b7a3bfcf69.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.152.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:2c:30:bb:b4:9c:7c:81:78:54:9c:18:50:0a:d7:92:41:c0:
         cb:d8:b3:f9:bc:e4:cd:7d:90:72:36:4c:9b:bb:bf:1a:88:33:
         5b:ac:7b:c5:81:21:6a:49:66:bd:c9:3e:e7:f8:c5:6e:0d:2e:
         b4:98:c5:96:ea:56:ac:2c:c9:76:10:f4:76:9d:72:a8:26:46:
         f1:89:f7:76:35:05:e3:d4:8f:91:6e:26:13:10:2a:19:a3:e0:
         d9:ff:0b:aa:47:d8:64:de:a3:2d:9a:99:0a:f1:6b:15:bb:56:
         22:27:bb:a2:e0:0b:1c:68:d6:a5:93:8c:6e:87:f4:76:82:6a:
         61:61:8d:66:99:cf:ce:c3:f0:0d:8f:29:e2:53:27:4e:a3:75:
         41:62:7e:0e:49:4b:87:aa:a6:ef:46:af:a9:13:68:7f:80:2b:
         ed:29:0c:0a:ab:f0:1e:b7:45:d6:34:02:a5:fa:c4:30:3c:4f:
         ed:67:90:a5:ef:4b:5b:12:5c:6f:4b:b8:0f:31:fd:b5:9b:30:
         47:f1:71:17:6d:23:0e:0e:9d:bf:e8:86:32:d4:81:52:d9:9c:
         c7:49:9a:19:b4:55:15:59:0c:35:7e:9d:e4:59:8c:bf:be:f3:
         b7:3f:bd:42:3b:4a:9a:53:b4:a5:eb:ac:43:19:ad:f3:ad:a0:
         60:50:c7:74
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbRBeVRyFTUCagLobyzURkx/zLM4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMDAwMTI0WhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A1ZTY1Mzk4MDBlM2VhMGZlNzQzZjZmZTc3MGJjMWViZjdh
MGQzMjg5NWQ0ZjI0YTA4YzE4NDY1NTA3Mzg2NWJhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDe91/bG6806POuZZ3lejK1wNJ4fdlJdLra/tkl1ncWsSSA
NVMQDOnDL53a2eAd61W0dg55jj300prM8KnJr5u8PT/Jc1XK4ZbandY5ncR8NWma
aqODTpZw9nZFRWs14YkQo3J4hmnuY2+BkKr6Eg/2iPQQa/OdOehVFy5FsIRf1vTu
a7lRcRsJh1T/Yk+zAhIUr7m3R2yjEAzKF8HLHUktyHcIu4b9NWyjH0EVT7MkJfB1
DJr0FfL5vGvevVzuGW8GPY88D2rO7ZIuUQgNemyWD4aVe8pvgusgLqRVpmx4GVtC
XCKEib6eLI3af5nxXNDmXD9lhemYp8a3Nj/DXNhlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUrqsmVhGUfv0V/k/xyth+tkaDSJgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I1ZTllZDRlLTkyOTEtNGI2My1hMGM0LTE1YjdhM2JmY2Y2OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABrmIUwDQYJKoZIhvcNAQELBQADggEBAEMsMLu0nHyBeFScGFAK15JBwMvY
s/m85M19kHI2TJu7vxqIM1use8WBIWpJZr3JPuf4xW4NLrSYxZbqVqwsyXYQ9Had
cqgmRvGJ93Y1BePUj5FuJhMQKhmj4Nn/C6pH2GTeoy2amQrxaxW7ViInu6LgCxxo
1qWTjG6H9HaCamFhjWaZz87D8A2PKeJTJ06jdUFifg5JS4eqpu9Gr6kTaH+AK+0p
DAqr8B63RdY0AqX6xDA8T+1nkKXvS1sSXG9LuA8x/bWbMEfxcRdtIw4Onb/ohjLU
gVLZnMdJmhm0VRVZDDV+neRZjL++87c/vUI7SppTtKXrrEMZrfOtoGBQx3Q=
-----END CERTIFICATE-----