Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ef7c7fbd-7e17-4e28-91a6-c01f8f23e2f7.roa
File:                     ef7c7fbd-7e17-4e28-91a6-c01f8f23e2f7.roa (raw, json)
Hash identifier:          K8685sz0PK9UMa30xEAOnmSDIOBcjCiart85+nYSXko=
Subject key identifier:   21:47:1A:A9:41:4B:F3:AB:CD:C9:AA:4B:4A:05:36:52:C0:3B:C8:10
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       76AD371F8C0D55A4C26159F37C3E18F54849B375
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ef7c7fbd-7e17-4e28-91a6-c01f8f23e2f7.roa
Signing time:             Tue 18 Nov 2025 00:00:10 +0000
ROA not before:           Tue 18 Nov 2025 00:00:10 +0000
ROA not after:            Mon 16 Feb 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        98.75.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:ad:37:1f:8c:0d:55:a4:c2:61:59:f3:7c:3e:18:f5:48:49:b3:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 18 00:00:10 2025 GMT
            Not After : Feb 16 23:59:59 2026 GMT
        Subject: serialNumber=d1f4f3ae76c1bc617cc43ad7181145cae9b006c5fee7a4f5601ae9fb443f2a7c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:04:0e:6b:ca:52:31:6d:a6:1e:f9:4a:14:a3:
                    b7:e1:43:a3:dc:4c:17:aa:f4:c7:15:5d:9d:aa:2d:
                    3e:76:ad:27:96:77:5f:af:d6:3e:9f:e5:9a:b9:ef:
                    31:49:a0:0d:dc:15:55:99:52:58:49:1e:1e:18:18:
                    f8:92:51:4a:ca:0e:58:76:aa:0e:cc:b1:2a:5b:75:
                    35:59:75:6d:de:93:52:8a:41:fe:f5:b4:a1:01:68:
                    5f:5d:4e:61:0c:4f:b1:d1:ee:6d:eb:39:09:a5:9a:
                    ca:70:17:99:f4:8d:fa:98:91:7c:b3:92:d1:11:42:
                    8f:68:a9:bf:05:00:d1:f2:76:57:c3:83:59:c5:13:
                    64:1f:e1:d9:7a:02:b6:f6:a4:c4:02:14:f2:ab:64:
                    e4:4f:7c:30:52:4c:b8:4c:82:97:00:78:75:d0:4d:
                    1c:59:f1:62:d1:6b:d8:c1:87:74:72:19:0c:fa:76:
                    fd:e3:d7:a8:ff:55:e6:49:45:b1:a3:74:bb:c1:00:
                    5e:c9:ac:11:70:55:67:e0:9d:1a:fa:fd:5a:c0:bb:
                    9c:1c:8f:76:e4:6b:e6:dc:63:47:19:63:89:db:4e:
                    35:18:25:10:f0:7d:57:ab:57:fd:9b:dd:9a:e9:8f:
                    5b:66:ec:fb:9c:2b:d7:c4:65:bc:f1:7e:c6:8e:8f:
                    c6:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:47:1A:A9:41:4B:F3:AB:CD:C9:AA:4B:4A:05:36:52:C0:3B:C8:10
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ef7c7fbd-7e17-4e28-91a6-c01f8f23e2f7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  98.75.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         76:e3:c3:90:5f:eb:27:f7:5c:52:05:a2:ef:53:e8:64:83:fe:
         1c:b8:3a:86:fe:92:e6:f0:20:08:2b:85:af:84:cd:28:28:dd:
         a5:55:07:5c:c1:07:d0:4c:a9:85:f8:d0:46:33:7f:f8:e6:85:
         d2:af:a7:d4:8a:dc:c4:c2:32:b1:fd:26:94:b8:ee:8d:70:fc:
         d2:80:eb:a6:82:f6:f2:13:0f:6f:8a:b2:7e:12:6a:2a:6c:76:
         a7:6f:84:d4:e7:9f:27:b1:f7:ff:3b:4c:f8:8d:4b:88:c1:bf:
         9b:ca:b8:57:58:2d:cc:34:d0:f1:2f:4f:e5:db:2e:3c:63:c9:
         07:12:c6:b3:b6:11:df:d5:46:bb:14:95:74:c8:1b:53:0e:c1:
         dd:b1:ee:3b:06:dc:b8:10:ea:5b:48:14:62:70:2a:f0:a7:2d:
         11:9b:96:d0:9c:12:53:7d:6c:66:82:4b:d2:76:f2:70:02:97:
         3e:a9:c9:a8:de:9a:ea:1c:76:86:bd:7b:b8:c1:7c:cb:d4:52:
         9d:8f:11:e8:c1:81:fa:3a:89:f6:a6:99:02:2b:42:59:65:fc:
         0d:d1:62:0a:f7:d3:b8:fe:0d:37:43:d5:f5:70:a2:c7:3b:97:
         01:c1:cd:c8:ba:01:5f:54:e5:ae:84:6f:a6:28:44:dc:c7:89:
         0b:a4:83:e1
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUdq03H4wNVaTCYVnzfD4Y9UhJs3UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTE4MDAwMDEwWhcNMjYwMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0BkMWY0ZjNhZTc2YzFiYzYxN2NjNDNhZDcxODExNDVjYWU5
YjAwNmM1ZmVlN2E0ZjU2MDFhZTlmYjQ0M2YyYTdjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCiBA5rylIxbaYe+UoUo7fhQ6PcTBeq9McVXZ2qLT52rSeW
d1+v1j6f5Zq57zFJoA3cFVWZUlhJHh4YGPiSUUrKDlh2qg7MsSpbdTVZdW3ek1KK
Qf71tKEBaF9dTmEMT7HR7m3rOQmlmspwF5n0jfqYkXyzktERQo9oqb8FANHydlfD
g1nFE2Qf4dl6Arb2pMQCFPKrZORPfDBSTLhMgpcAeHXQTRxZ8WLRa9jBh3RyGQz6
dv3j16j/VeZJRbGjdLvBAF7JrBFwVWfgnRr6/VrAu5wcj3bka+bcY0cZY4nbTjUY
JRDwfVerV/2b3Zrpj1tm7PucK9fEZbzxfsaOj8ahAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUIUcaqUFL86vNyapLSgU2UsA7yBAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2VmN2M3ZmJkLTdlMTctNGUyOC05MWE2LWMwMWY4ZjIzZTJmNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBiSzANBgkqhkiG9w0BAQsFAAOCAQEAduPDkF/rJ/dcUgWi71PoZIP+HLg6
hv6S5vAgCCuFr4TNKCjdpVUHXMEH0EyphfjQRjN/+OaF0q+n1IrcxMIysf0mlLju
jXD80oDrpoL28hMPb4qyfhJqKmx2p2+E1OefJ7H3/ztM+I1LiMG/m8q4V1gtzDTQ
8S9P5dsuPGPJBxLGs7YR39VGuxSVdMgbUw7B3bHuOwbcuBDqW0gUYnAq8KctEZuW
0JwSU31sZoJL0nbycAKXPqnJqN6a6hx2hr17uMF8y9RSnY8R6MGB+jqJ9qaZAitC
WWX8DdFiCvfTuP4NN0PV9XCixzuXAcHNyLoBX1TlroRvpihE3MeJC6SD4Q==
-----END CERTIFICATE-----