Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ca57515a-3058-4353-ab16-a7d94657f8f8.roa
File:                     ca57515a-3058-4353-ab16-a7d94657f8f8.roa (raw, json)
Hash identifier:          cX3xb3eNWKfDpNROIDF+yN5ljgiH8Hm6Y3ziM99Bisw=
Subject key identifier:   89:F9:BB:5D:E9:B7:0F:08:14:68:1C:93:88:73:9E:3B:60:F6:B9:8A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       729B0D99582328CA7B054EB4153AA6CD707366CE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ca57515a-3058-4353-ab16-a7d94657f8f8.roa
Signing time:             Wed 12 Nov 2025 02:40:09 +0000
ROA not before:           Wed 12 Nov 2025 02:40:09 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        40.252.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:9b:0d:99:58:23:28:ca:7b:05:4e:b4:15:3a:a6:cd:70:73:66:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 02:40:09 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=2b412759e27ca61220997597147455bedec77fa356b50c65eb37a697382ec354, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:1b:4f:17:2f:41:a3:32:e9:92:82:06:91:4a:
                    3b:25:90:8b:27:93:43:18:ce:26:41:d8:58:50:2c:
                    09:3a:85:ed:18:15:c8:b1:99:07:c1:ca:5f:94:b0:
                    5b:4a:28:70:da:98:e8:4b:a0:53:de:ec:f4:08:47:
                    d4:24:e1:07:b1:7c:75:bf:a7:fd:63:32:3a:3e:67:
                    d2:60:f5:88:62:d1:6c:88:2a:38:bb:6f:d9:b2:75:
                    f0:81:b0:61:d6:dd:46:57:ca:41:83:30:e9:dd:7a:
                    3b:0b:c3:a3:42:77:2e:c7:7f:a3:01:51:95:b2:8e:
                    8a:de:6d:f6:98:1b:d7:f8:dd:65:ce:d4:cd:dc:da:
                    0f:45:d9:66:95:29:19:fc:45:69:c3:9f:07:0e:92:
                    48:19:4e:d0:a1:db:62:6d:b0:4f:6c:2c:c7:1a:e4:
                    6f:35:d4:54:38:82:f2:61:ee:6b:ae:99:e9:ec:43:
                    36:75:ef:3e:86:24:db:04:e2:53:e1:ee:b1:da:72:
                    2b:f2:39:34:7e:31:41:c5:38:15:e6:7e:72:0b:ca:
                    62:a6:c2:84:fe:28:da:28:38:dc:8f:59:7f:06:16:
                    b2:36:3a:b3:5b:92:aa:ba:ac:b7:ef:e0:8d:11:f4:
                    31:3a:77:ba:cc:e9:68:d7:e9:13:c4:c9:31:12:1a:
                    15:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:F9:BB:5D:E9:B7:0F:08:14:68:1C:93:88:73:9E:3B:60:F6:B9:8A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ca57515a-3058-4353-ab16-a7d94657f8f8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.252.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         d3:4c:04:ca:af:a5:a0:48:10:f5:4b:a3:93:22:bb:7a:82:fc:
         a2:1e:ab:70:3b:08:a4:f2:ab:6b:71:d4:34:91:17:ad:a1:4e:
         45:64:c9:09:3c:13:70:3b:50:1f:34:9a:02:0a:70:d5:a1:21:
         81:8b:a9:32:63:04:fd:cc:19:ec:bd:f4:23:f9:24:33:aa:a5:
         e6:9f:72:e9:ec:9a:4e:a5:fe:fc:41:54:f8:54:55:86:ac:9e:
         3c:f6:a0:78:d6:9e:fb:5e:06:c1:89:30:7b:9d:16:f0:93:d0:
         41:4f:0e:4b:bc:79:36:95:7d:04:b0:cd:aa:67:f3:b4:b1:af:
         bc:db:48:75:26:16:17:77:4d:94:82:76:09:cc:6c:52:93:e0:
         0f:3c:64:a8:b1:e7:7b:a8:ac:7f:a6:9e:ed:a0:74:09:35:91:
         99:d3:f7:41:9a:f5:83:dd:ae:da:4b:ec:4d:c0:9d:c4:92:08:
         3f:0e:ae:95:bf:32:a3:7f:75:5f:8f:40:f8:36:62:b1:06:b0:
         bb:82:37:57:88:72:de:75:ad:4f:a6:08:a2:51:d0:7d:16:47:
         61:51:5b:1a:74:cc:d2:e4:ae:05:6c:e5:2d:4c:a9:30:80:4a:
         c4:3a:3b:c4:e6:db:21:91:00:d0:d4:76:2d:6c:3d:42:d4:13:
         f5:ed:82:75
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUcpsNmVgjKMp7BU60FTqmzXBzZs4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDI0MDA5WhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AyYjQxMjc1OWUyN2NhNjEyMjA5OTc1OTcxNDc0NTViZWRl
Yzc3ZmEzNTZiNTBjNjVlYjM3YTY5NzM4MmVjMzU0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCJG08XL0GjMumSggaRSjslkIsnk0MYziZB2FhQLAk6he0Y
FcixmQfByl+UsFtKKHDamOhLoFPe7PQIR9Qk4QexfHW/p/1jMjo+Z9Jg9Yhi0WyI
Kji7b9mydfCBsGHW3UZXykGDMOndejsLw6NCdy7Hf6MBUZWyjorebfaYG9f43WXO
1M3c2g9F2WaVKRn8RWnDnwcOkkgZTtCh22JtsE9sLMca5G811FQ4gvJh7muumens
QzZ17z6GJNsE4lPh7rHacivyOTR+MUHFOBXmfnILymKmwoT+KNooONyPWX8GFrI2
OrNbkqq6rLfv4I0R9DE6d7rM6WjX6RPEyTESGhWFAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUifm7Xem3DwgUaByTiHOeO2D2uYowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NhNTc1MTVhLTMwNTgtNDM1My1hYjE2LWE3ZDk0NjU3ZjhmOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAo/DANBgkqhkiG9w0BAQsFAAOCAQEA00wEyq+loEgQ9UujkyK7eoL8oh6r
cDsIpPKra3HUNJEXraFORWTJCTwTcDtQHzSaAgpw1aEhgYupMmME/cwZ7L30I/kk
M6ql5p9y6eyaTqX+/EFU+FRVhqyePPageNae+14GwYkwe50W8JPQQU8OS7x5NpV9
BLDNqmfztLGvvNtIdSYWF3dNlIJ2CcxsUpPgDzxkqLHne6isf6ae7aB0CTWRmdP3
QZr1g92u2kvsTcCdxJIIPw6ulb8yo391X49A+DZisQawu4I3V4hy3nWtT6YIolHQ
fRZHYVFbGnTM0uSuBWzlLUypMIBKxDo7xObbIZEA0NR2LWw9QtQT9e2CdQ==
-----END CERTIFICATE-----