Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/27aa4a44-05a2-4c66-9025-06c44b84e125.roa
File:                     27aa4a44-05a2-4c66-9025-06c44b84e125.roa (raw, json)
Hash identifier:          DeFAYMLlQtPcsuCfmebXJ1lNXu8XRvHL9sbc0IWkkmY=
Subject key identifier:   57:5D:00:CD:D2:08:F0:70:DD:5B:5D:A5:91:A2:E9:44:A5:BE:FC:F1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2F153ECC9D947F5D6CE0B1F162B1A356667AEB3B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/27aa4a44-05a2-4c66-9025-06c44b84e125.roa
Signing time:             Tue 14 Oct 2025 17:41:23 +0000
ROA not before:           Tue 14 Oct 2025 17:41:23 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        70.132.16.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:15:3e:cc:9d:94:7f:5d:6c:e0:b1:f1:62:b1:a3:56:66:7a:eb:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 14 17:41:23 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=42c6cfbf9f0d217133cfdcabcdbf92ba7b0380797be0d3af31a4c138613bf029, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:0c:a6:3f:9e:30:0a:cb:d4:81:7f:c1:75:a8:
                    5b:9c:fd:be:79:04:ef:da:54:18:51:34:42:9e:61:
                    06:a3:d8:3d:d0:31:5c:e1:90:bb:a5:e1:28:8f:0a:
                    97:28:c9:8c:f4:c5:82:07:74:dc:15:7a:2c:dc:fe:
                    87:14:8f:fa:3d:a3:8a:63:bf:ba:ec:11:27:a0:d5:
                    c4:a7:58:e3:bf:b3:dd:3c:f9:dd:60:cd:05:03:6b:
                    bd:4e:ca:fc:df:87:f3:53:52:44:85:be:df:b7:ed:
                    63:97:8a:dd:f1:07:a8:e1:dd:19:bf:16:70:33:fa:
                    5e:67:38:4e:af:10:06:93:09:04:37:50:f8:26:7f:
                    6d:01:82:92:80:49:36:13:ab:fc:34:39:37:3f:bb:
                    d7:65:53:1b:a5:d2:42:92:a5:5d:94:ea:9e:be:6c:
                    04:b3:af:31:7b:83:ac:50:16:79:95:d8:75:52:3f:
                    32:56:2a:d5:95:44:b5:e3:ee:fa:3d:63:81:98:76:
                    9f:49:4c:df:0a:33:c6:ba:dd:6a:0e:8b:e3:0b:e0:
                    ff:27:ea:51:d8:2a:b9:a5:89:ce:4c:0c:dc:21:92:
                    c2:02:b9:c7:01:35:fd:b5:02:e0:bd:14:98:79:85:
                    a6:38:04:2d:4e:83:1b:6b:a8:84:e5:a8:d4:b1:2b:
                    af:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:5D:00:CD:D2:08:F0:70:DD:5B:5D:A5:91:A2:E9:44:A5:BE:FC:F1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/27aa4a44-05a2-4c66-9025-06c44b84e125.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  70.132.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8b:c9:09:99:e3:0a:2a:35:de:6e:9c:6b:cd:03:48:42:b4:f0:
         25:ad:c7:f9:38:d6:15:c0:dd:41:90:d6:39:7f:7d:81:d1:5d:
         e5:e7:5c:a3:5d:67:37:45:79:b9:a9:5d:35:29:60:86:5f:fc:
         1d:d8:a8:ef:e6:50:b9:fa:b8:f8:49:05:0a:9b:df:fe:e4:ce:
         04:1c:6a:70:97:7d:5d:9b:b1:9d:23:d0:c2:21:25:d8:06:4b:
         9f:31:cc:7b:ca:b3:66:82:0e:5e:06:c1:27:dd:4c:9c:03:08:
         e1:3c:2f:94:eb:32:cd:f0:95:ec:60:6f:47:1b:bb:c7:5f:49:
         85:77:47:44:ee:c4:8b:05:5e:ff:6e:a9:c2:31:d6:d9:4e:8b:
         22:39:0b:da:26:fc:36:0c:1a:dc:44:8a:41:3c:ef:dc:4b:22:
         e5:b3:d6:f6:cc:2e:96:6d:2f:92:c5:d0:02:6e:6e:10:d2:1f:
         55:35:2a:a3:0b:0e:b7:7e:38:24:11:4e:fe:04:29:39:0b:dc:
         48:be:6e:4d:2c:e2:d9:55:63:32:54:f8:da:4b:2b:cf:4f:fb:
         84:56:65:94:7a:69:6e:4c:cb:f0:89:d7:a6:db:d7:6c:3c:c1:
         6b:4c:2c:8b:1e:5c:f9:09:16:50:e4:98:30:42:33:7d:08:a0:
         c5:ba:35:b3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULxU+zJ2Uf11s4LHxYrGjVmZ66zswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE0MTc0MTIzWhcNMjUxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A0MmM2Y2ZiZjlmMGQyMTcxMzNjZmRjYWJjZGJmOTJiYTdi
MDM4MDc5N2JlMGQzYWYzMWE0YzEzODYxM2JmMDI5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCfDKY/njAKy9SBf8F1qFuc/b55BO/aVBhRNEKeYQaj2D3Q
MVzhkLul4SiPCpcoyYz0xYIHdNwVeizc/ocUj/o9o4pjv7rsESeg1cSnWOO/s908
+d1gzQUDa71Oyvzfh/NTUkSFvt+37WOXit3xB6jh3Rm/FnAz+l5nOE6vEAaTCQQ3
UPgmf20BgpKASTYTq/w0OTc/u9dlUxul0kKSpV2U6p6+bASzrzF7g6xQFnmV2HVS
PzJWKtWVRLXj7vo9Y4GYdp9JTN8KM8a63WoOi+ML4P8n6lHYKrmlic5MDNwhksIC
uccBNf21AuC9FJh5haY4BC1OgxtrqITlqNSxK69tAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUV10AzdII8HDdW12lkaLpRKW+/PEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI3YWE0YTQ0LTA1YTItNGM2Ni05MDI1LTA2YzQ0Yjg0ZTEyNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJGhBAwDQYJKoZIhvcNAQELBQADggEBAIvJCZnjCio13m6ca80DSEK08CWt
x/k41hXA3UGQ1jl/fYHRXeXnXKNdZzdFebmpXTUpYIZf/B3YqO/mULn6uPhJBQqb
3/7kzgQcanCXfV2bsZ0j0MIhJdgGS58xzHvKs2aCDl4GwSfdTJwDCOE8L5TrMs3w
lexgb0cbu8dfSYV3R0TuxIsFXv9uqcIx1tlOiyI5C9om/DYMGtxEikE879xLIuWz
1vbMLpZtL5LF0AJubhDSH1U1KqMLDrd+OCQRTv4EKTkL3Ei+bk0s4tlVYzJU+NpL
K89P+4RWZZR6aW5My/CJ16bb12w8wWtMLIseXPkJFlDkmDBCM30IoMW6NbM=
-----END CERTIFICATE-----