Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b653a6ba-e264-4c79-866b-a64349cb5eeb.roa
File:                     b653a6ba-e264-4c79-866b-a64349cb5eeb.roa (raw, json)
Hash identifier:          y8emlI6fOv9KjDAtCFLOpIF+fhLdKvkZnYvMheT0AmI=
Subject key identifier:   39:C1:66:55:83:B4:47:D3:6D:8A:CA:AB:B9:1C:EB:5F:5F:7D:9C:B0
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       257812E730B1B5ACF122F019BF2B62FF67F0ADD9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b653a6ba-e264-4c79-866b-a64349cb5eeb.roa
Signing time:             Thu 13 Nov 2025 00:00:49 +0000
ROA not before:           Thu 13 Nov 2025 00:00:49 +0000
ROA not after:            Thu 18 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.23.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:78:12:e7:30:b1:b5:ac:f1:22:f0:19:bf:2b:62:ff:67:f0:ad:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 13 00:00:49 2025 GMT
            Not After : Dec 18 23:59:59 2025 GMT
        Subject: serialNumber=21c98b9c47631bdf0abc29bdec15fe9ffabf8043028a20c4498b55bf0f096d54, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:12:37:d5:a7:b0:d7:77:69:fd:e6:03:4d:b6:
                    33:e0:ff:70:21:95:80:e8:b9:f9:05:73:9a:13:61:
                    8a:c9:c8:ca:2e:d6:cc:3c:ec:3a:c9:06:49:99:97:
                    5e:ae:c9:38:9f:1f:93:6e:fd:bb:75:1b:4b:fb:ef:
                    10:4f:13:43:03:8d:c7:52:25:6f:bb:19:95:af:b9:
                    d1:45:1e:29:33:cb:cb:1c:75:71:21:5f:5b:e1:d7:
                    69:75:23:08:bc:03:80:73:10:99:c6:4b:cc:49:60:
                    e5:33:a2:91:18:01:5b:ce:c1:db:8a:9d:85:7b:32:
                    08:31:4e:a0:1c:7e:37:d5:57:1e:d6:5b:1c:e0:37:
                    35:68:fa:5b:42:bc:48:79:dc:c6:9e:7d:77:d7:ff:
                    28:32:d4:9a:a2:13:ad:e1:07:5f:fb:bc:a2:e3:1f:
                    bf:27:59:98:d5:f4:c5:10:d8:66:89:2c:e6:8d:c5:
                    93:10:b7:53:41:cf:53:9d:75:ad:58:12:a9:de:68:
                    99:98:c0:24:f9:2d:15:f3:b2:07:38:cc:34:9d:60:
                    f7:a7:df:f5:d9:f2:d4:a0:69:ab:37:b0:a9:62:fb:
                    c8:da:ca:2a:c2:d2:cf:5a:d7:a7:73:60:68:c1:54:
                    28:c4:62:c8:49:19:60:13:9a:8a:29:94:42:1d:0b:
                    2f:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:C1:66:55:83:B4:47:D3:6D:8A:CA:AB:B9:1C:EB:5F:5F:7D:9C:B0
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b653a6ba-e264-4c79-866b-a64349cb5eeb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.23.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         07:48:94:77:8d:8f:74:ea:7d:5c:29:a1:7a:44:02:8e:a9:e1:
         7d:c5:50:e9:98:93:33:18:33:ef:e0:a8:36:ec:9a:60:74:23:
         10:0f:02:e8:00:47:b2:21:2a:78:36:e8:1f:82:e6:af:a4:32:
         2c:7c:88:74:b1:19:19:72:48:9a:e6:e2:bd:9c:ce:64:74:24:
         13:e5:3a:5f:2c:18:f7:90:2d:43:a6:ca:34:51:9e:0b:21:ef:
         d6:a4:73:eb:8b:7e:57:05:a2:2a:f4:1b:c5:70:0a:b5:d3:bf:
         a3:a7:96:d0:19:a7:78:e2:76:96:b1:89:c3:9d:4d:e9:ff:bd:
         41:c6:76:ea:83:90:f7:48:15:cf:5f:fc:f2:4e:36:f4:7b:80:
         2d:3a:bb:53:cc:26:91:bc:ac:da:5b:c2:b2:7b:19:93:87:64:
         11:53:fa:49:e4:7f:60:52:49:62:0f:61:06:3e:43:2d:39:18:
         e3:c8:07:b3:96:88:38:90:b9:66:c8:73:65:8b:ac:81:e5:b1:
         1d:0b:f6:50:a5:f9:a1:28:11:85:bb:22:2b:3e:69:f6:b3:e9:
         dd:90:7d:e4:b7:b8:0b:82:72:12:33:87:26:12:76:09:33:2b:
         80:62:11:52:70:64:5c:cb:d9:ca:d2:d5:87:79:0c:db:7d:40:
         79:66:18:e7
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUJXgS5zCxtazxIvAZvyti/2fwrdkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEzMDAwMDQ5WhcNMjUxMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AyMWM5OGI5YzQ3NjMxYmRmMGFiYzI5YmRlYzE1ZmU5ZmZh
YmY4MDQzMDI4YTIwYzQ0OThiNTViZjBmMDk2ZDU0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8EjfVp7DXd2n95gNNtjPg/3AhlYDoufkFc5oTYYrJyMou
1sw87DrJBkmZl16uyTifH5Nu/bt1G0v77xBPE0MDjcdSJW+7GZWvudFFHikzy8sc
dXEhX1vh12l1Iwi8A4BzEJnGS8xJYOUzopEYAVvOwduKnYV7MggxTqAcfjfVVx7W
WxzgNzVo+ltCvEh53MaefXfX/ygy1JqiE63hB1/7vKLjH78nWZjV9MUQ2GaJLOaN
xZMQt1NBz1Odda1YEqneaJmYwCT5LRXzsgc4zDSdYPen3/XZ8tSgaas3sKli+8ja
yirC0s9a16dzYGjBVCjEYshJGWATmooplEIdCy/XAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUOcFmVYO0R9NtisqruRzrX199nLAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I2NTNhNmJhLWUyNjQtNGM3OS04NjZiLWE2NDM0OWNiNWVlYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4FzANBgkqhkiG9w0BAQsFAAOCAQEAB0iUd42PdOp9XCmhekQCjqnhfcVQ
6ZiTMxgz7+CoNuyaYHQjEA8C6ABHsiEqeDboH4Lmr6QyLHyIdLEZGXJImubivZzO
ZHQkE+U6XywY95AtQ6bKNFGeCyHv1qRz64t+VwWiKvQbxXAKtdO/o6eW0BmneOJ2
lrGJw51N6f+9QcZ26oOQ90gVz1/88k429HuALTq7U8wmkbys2lvCsnsZk4dkEVP6
SeR/YFJJYg9hBj5DLTkY48gHs5aIOJC5ZshzZYusgeWxHQv2UKX5oSgRhbsiKz5p
9rPp3ZB95Le4C4JyEjOHJhJ2CTMrgGIRUnBkXMvZytLVh3kM231AeWYY5w==
-----END CERTIFICATE-----