Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fbc52a03-e4e6-48a0-8f85-9d9f1f9d01e9.roa
File:                     fbc52a03-e4e6-48a0-8f85-9d9f1f9d01e9.roa (raw, json)
Hash identifier:          nD3sJCe1MoKI9LfO1bLelAtmQQdHTA9Ma8sLVseqxtk=
Subject key identifier:   71:78:48:CC:C4:29:28:6B:7E:F6:0A:3A:1A:24:A7:D7:20:FB:13:92
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5312E095704B93CB540ACD5F35C17B0F124BB435
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fbc52a03-e4e6-48a0-8f85-9d9f1f9d01e9.roa
Signing time:             Tue 18 Nov 2025 00:11:11 +0000
ROA not before:           Tue 18 Nov 2025 00:11:11 +0000
ROA not after:            Mon 16 Feb 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        65.80.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:12:e0:95:70:4b:93:cb:54:0a:cd:5f:35:c1:7b:0f:12:4b:b4:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 18 00:11:11 2025 GMT
            Not After : Feb 16 23:59:59 2026 GMT
        Subject: serialNumber=78e93cad2696f2013025f7eb8f4cb1e7e23d0a557adbe3b6f6a98bebfacb8133, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:2a:c6:72:af:e1:ca:ea:75:60:30:35:2b:08:
                    f1:4e:d7:3c:3f:de:a3:af:0b:34:e0:6f:87:c9:cc:
                    2e:aa:d8:43:81:bc:e5:a2:39:8d:f6:2c:01:00:04:
                    3f:2f:3e:89:e8:10:00:56:c6:39:15:bc:61:d2:19:
                    53:05:31:d2:0c:17:73:48:f1:cb:55:b6:7a:91:41:
                    f9:b1:f7:1a:02:3f:28:52:8c:2a:b3:9e:ce:f1:ad:
                    cc:99:52:27:81:61:61:21:9c:1d:15:e0:91:24:92:
                    4e:d0:d8:c5:91:87:a6:b4:3f:94:8c:8d:10:94:1a:
                    aa:cb:8b:90:d0:11:d2:72:58:88:3a:82:8f:9c:ed:
                    1d:46:0f:41:ff:d2:80:5a:3e:e9:41:52:fe:90:ed:
                    6a:aa:8a:03:55:ce:2d:65:2c:ad:94:ba:35:0a:01:
                    2c:e6:4a:5e:30:3d:4d:d8:c9:64:16:72:81:d7:00:
                    05:47:90:04:5b:e2:bc:43:0f:02:e9:ac:db:df:8a:
                    ed:e8:4d:95:5a:cc:e8:10:ba:5a:7d:8e:e0:50:31:
                    8f:83:1a:0e:6f:7a:ec:52:9d:f4:63:76:51:b8:87:
                    dc:14:9d:75:42:18:fa:4f:53:ae:9c:0d:f6:4f:9e:
                    ed:96:a6:7b:71:d9:5a:dc:1c:5e:8e:30:42:68:d8:
                    2a:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:78:48:CC:C4:29:28:6B:7E:F6:0A:3A:1A:24:A7:D7:20:FB:13:92
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fbc52a03-e4e6-48a0-8f85-9d9f1f9d01e9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  65.80.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         64:e8:56:b3:13:a7:c2:44:08:30:2b:95:35:58:9a:37:bd:37:
         44:f1:c4:c2:93:a1:bf:a3:ff:1e:85:92:d5:e7:a3:11:cb:da:
         2a:a6:f2:c1:19:1d:f4:3e:3a:40:10:c6:bf:18:f3:ef:47:d5:
         21:5a:6c:f6:e1:1a:ab:0c:33:f9:a0:53:41:2f:e1:ed:55:28:
         0d:1c:47:d3:ec:3b:31:82:59:cd:4c:46:8f:20:b0:89:f1:46:
         25:03:c3:2c:d5:09:95:ac:b9:81:7b:61:92:78:87:33:5f:54:
         a0:50:b1:62:f4:73:7e:d1:0a:70:83:b7:6d:04:07:6c:a0:1f:
         44:fd:10:96:44:d4:56:b5:a3:be:2d:09:4c:13:89:a1:eb:ac:
         93:31:db:a1:8a:cc:eb:ba:1a:9c:7b:10:fb:e7:6d:26:5b:20:
         2d:c9:37:5a:95:dd:79:4b:0e:44:8c:bc:92:40:43:5e:28:dd:
         5d:cc:34:31:6e:96:6d:b2:c0:c9:a7:1b:3b:0a:16:3f:a6:6b:
         8f:ff:3b:ef:51:52:f4:47:35:93:a5:33:01:83:28:a9:f0:01:
         43:83:8c:8e:40:3f:fe:4e:34:5d:5e:e6:99:05:cc:99:f8:aa:
         19:2d:df:ca:fe:82:0d:12:36:86:51:3f:d3:58:99:13:be:60:
         4f:89:77:92
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUUxLglXBLk8tUCs1fNcF7DxJLtDUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTE4MDAxMTExWhcNMjYwMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A3OGU5M2NhZDI2OTZmMjAxMzAyNWY3ZWI4ZjRjYjFlN2Uy
M2QwYTU1N2FkYmUzYjZmNmE5OGJlYmZhY2I4MTMzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDGKsZyr+HK6nVgMDUrCPFO1zw/3qOvCzTgb4fJzC6q2EOB
vOWiOY32LAEABD8vPonoEABWxjkVvGHSGVMFMdIMF3NI8ctVtnqRQfmx9xoCPyhS
jCqzns7xrcyZUieBYWEhnB0V4JEkkk7Q2MWRh6a0P5SMjRCUGqrLi5DQEdJyWIg6
go+c7R1GD0H/0oBaPulBUv6Q7WqqigNVzi1lLK2UujUKASzmSl4wPU3YyWQWcoHX
AAVHkARb4rxDDwLprNvfiu3oTZVazOgQulp9juBQMY+DGg5veuxSnfRjdlG4h9wU
nXVCGPpPU66cDfZPnu2Wpntx2VrcHF6OMEJo2CozAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUcXhIzMQpKGt+9go6GiSn1yD7E5IwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ZiYzUyYTAzLWU0ZTYtNDhhMC04Zjg1LTlkOWYxZjlkMDFlOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBBUDANBgkqhkiG9w0BAQsFAAOCAQEAZOhWsxOnwkQIMCuVNViaN703RPHE
wpOhv6P/HoWS1eejEcvaKqbywRkd9D46QBDGvxjz70fVIVps9uEaqwwz+aBTQS/h
7VUoDRxH0+w7MYJZzUxGjyCwifFGJQPDLNUJlay5gXthkniHM19UoFCxYvRzftEK
cIO3bQQHbKAfRP0QlkTUVrWjvi0JTBOJoeuskzHboYrM67oanHsQ++dtJlsgLck3
WpXdeUsORIy8kkBDXijdXcw0MW6WbbLAyacbOwoWP6Zrj/8771FS9Ec1k6UzAYMo
qfABQ4OMjkA//k40XV7mmQXMmfiqGS3fyv6CDRI2hlE/01iZE75gT4l3kg==
-----END CERTIFICATE-----