Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d92cf84d-536c-4213-86c8-c97fdb4209dc.roa
File:                     d92cf84d-536c-4213-86c8-c97fdb4209dc.roa (raw, json)
Hash identifier:          uEWXyr195D6totLhuvOCSnjyE6/xnnkaws704mVpv/c=
Subject key identifier:   99:89:C7:D9:D6:D3:83:63:81:D7:92:68:64:84:62:97:72:B7:BF:FC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       74BDD2A0BCC7D61E5D3CFBAC8422F57AE106DE5D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d92cf84d-536c-4213-86c8-c97fdb4209dc.roa
Signing time:             Wed 12 Nov 2025 00:40:06 +0000
ROA not before:           Wed 12 Nov 2025 00:40:06 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        40.194.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:bd:d2:a0:bc:c7:d6:1e:5d:3c:fb:ac:84:22:f5:7a:e1:06:de:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 00:40:06 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=1f2a8c9ad08c9eea5a05dbf511ccdd5220efe269c881a4ced0f679767537de80, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:58:7f:a8:43:b8:92:35:02:27:43:44:29:04:
                    ff:2b:59:6f:ac:f5:99:5a:ce:70:78:81:b8:23:d1:
                    41:23:58:f0:17:e3:2f:2b:67:c7:26:d4:0e:71:af:
                    09:36:46:bf:c4:34:0c:31:b4:a3:f8:5c:89:1a:67:
                    60:21:37:74:f5:61:28:28:77:46:4c:9e:4a:66:3d:
                    2b:d4:5d:77:11:90:2f:8a:74:fa:33:e3:66:89:1f:
                    f2:3b:2a:75:27:31:e8:39:76:1f:b9:cc:b5:74:b3:
                    20:50:2e:8e:82:d0:95:6f:f7:de:78:97:fa:ba:05:
                    4a:26:18:6c:99:55:55:1a:c5:a9:50:ec:26:bb:d2:
                    9a:ac:07:63:c6:ab:70:72:05:33:48:3f:ba:0f:a9:
                    c5:11:0e:ca:8b:4c:07:b4:c8:b3:ee:6e:23:ec:e9:
                    9b:df:ec:17:5d:04:0b:e2:a9:75:17:71:5b:1d:b9:
                    71:a6:42:07:75:bc:2d:9f:eb:9f:1c:b0:41:c5:6d:
                    14:fd:ae:10:66:e2:7f:dd:71:97:98:f0:33:24:7c:
                    b4:b2:ed:9e:7f:0f:69:de:52:a2:17:6c:32:03:80:
                    cf:73:c6:fb:5f:55:f2:5a:f6:2f:bc:f1:d6:47:15:
                    45:74:f3:e0:70:29:b3:de:c4:58:f9:67:e1:ab:ae:
                    67:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:89:C7:D9:D6:D3:83:63:81:D7:92:68:64:84:62:97:72:B7:BF:FC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d92cf84d-536c-4213-86c8-c97fdb4209dc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.194.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         ab:f8:62:fa:61:ac:69:09:6f:d5:b6:ac:4b:5d:73:56:d8:bf:
         c7:44:b1:0f:4d:cc:dd:25:ee:35:f4:ef:77:f0:05:ff:79:e2:
         07:ea:e8:dc:8d:88:e6:56:07:30:ff:25:e2:14:7f:7c:9d:4b:
         42:f8:64:4b:8a:97:19:50:ad:77:59:eb:28:d4:ab:2e:5b:12:
         c8:ef:88:bb:ca:ca:50:3f:7d:36:71:93:5e:42:65:df:7e:36:
         36:5d:1f:a0:0f:ad:88:de:74:d8:89:bd:c7:bf:52:04:2e:48:
         13:bd:c8:57:65:54:25:a4:74:a0:3e:bb:99:1a:3b:d5:5f:c3:
         53:5a:64:13:d1:95:14:12:8d:01:bf:f5:a4:c3:cc:b4:24:d3:
         90:e2:a7:25:a3:7b:75:3a:60:e1:21:9b:e6:dc:54:85:e2:c9:
         69:a2:d2:b8:a3:d9:8a:d0:86:b5:dd:e6:20:38:92:34:40:bd:
         5f:32:1f:0c:13:d8:43:09:c9:ea:a3:45:db:8f:ef:1e:01:80:
         a5:46:be:c9:6f:6d:c7:65:90:8d:34:18:b7:c6:50:69:cc:17:
         c9:0d:1f:ce:06:9b:82:a3:4d:e0:d5:ea:f9:2f:cc:71:e6:b5:
         6c:2a:d3:5d:fc:79:a0:91:8b:ee:c5:68:ee:93:b6:f5:23:fe:
         80:79:07:bb
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUdL3SoLzH1h5dPPushCL1euEG3l0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDA0MDA2WhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AxZjJhOGM5YWQwOGM5ZWVhNWEwNWRiZjUxMWNjZGQ1MjIw
ZWZlMjY5Yzg4MWE0Y2VkMGY2Nzk3Njc1MzdkZTgwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDdWH+oQ7iSNQInQ0QpBP8rWW+s9ZlaznB4gbgj0UEjWPAX
4y8rZ8cm1A5xrwk2Rr/ENAwxtKP4XIkaZ2AhN3T1YSgod0ZMnkpmPSvUXXcRkC+K
dPoz42aJH/I7KnUnMeg5dh+5zLV0syBQLo6C0JVv9954l/q6BUomGGyZVVUaxalQ
7Ca70pqsB2PGq3ByBTNIP7oPqcURDsqLTAe0yLPubiPs6Zvf7BddBAviqXUXcVsd
uXGmQgd1vC2f658csEHFbRT9rhBm4n/dcZeY8DMkfLSy7Z5/D2neUqIXbDIDgM9z
xvtfVfJa9i+88dZHFUV08+BwKbPexFj5Z+Grrmc1AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUmYnH2dbTg2OB15JoZIRil3K3v/wwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q5MmNmODRkLTUzNmMtNDIxMy04NmM4LWM5N2ZkYjQyMDlkYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAowjANBgkqhkiG9w0BAQsFAAOCAQEAq/hi+mGsaQlv1basS11zVti/x0Sx
D03M3SXuNfTvd/AF/3niB+ro3I2I5lYHMP8l4hR/fJ1LQvhkS4qXGVCtd1nrKNSr
LlsSyO+Iu8rKUD99NnGTXkJl3342Nl0foA+tiN502Im9x79SBC5IE73IV2VUJaR0
oD67mRo71V/DU1pkE9GVFBKNAb/1pMPMtCTTkOKnJaN7dTpg4SGb5txUheLJaaLS
uKPZitCGtd3mIDiSNEC9XzIfDBPYQwnJ6qNF24/vHgGApUa+yW9tx2WQjTQYt8ZQ
acwXyQ0fzgabgqNN4NXq+S/Mcea1bCrTXfx5oJGL7sVo7pO29SP+gHkHuw==
-----END CERTIFICATE-----