Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/31d1b808-e86d-4470-94d3-43f282680e9f.roa
File:                     31d1b808-e86d-4470-94d3-43f282680e9f.roa (raw, json)
Hash identifier:          pwc6eC8q5w8MKuGS05fVykJgBsfLYBQF3i8Cmemp9xc=
Subject key identifier:   2A:D6:E4:00:12:B5:8C:75:CB:07:33:BC:78:A0:E0:BE:C5:63:B1:E3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       60E4D3FEB9554AB55782FC336D5A335ADDEE72E9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/31d1b808-e86d-4470-94d3-43f282680e9f.roa
Signing time:             Tue 11 Nov 2025 01:51:02 +0000
ROA not before:           Tue 11 Nov 2025 01:51:02 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        134.127.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:e4:d3:fe:b9:55:4a:b5:57:82:fc:33:6d:5a:33:5a:dd:ee:72:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 01:51:02 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=840fe27ea501fc89558c6b7345ea4075f9b30b930b95408f49e1011a8e37147d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:c7:4f:e1:3a:18:e1:13:90:a2:51:2f:a1:01:
                    09:f8:fb:02:0d:f6:9b:cb:d1:1c:98:1a:5c:ff:e3:
                    0d:55:66:29:2b:05:92:66:3f:42:f8:9b:8d:c5:b2:
                    87:76:27:72:cf:82:8a:aa:78:ce:24:14:7d:12:6d:
                    10:a9:53:02:c5:37:84:18:0a:84:db:08:c3:9a:6e:
                    e1:75:fd:22:42:22:c5:69:b7:c3:c7:0d:d7:0e:f7:
                    7d:6f:74:1f:c2:49:84:57:bc:bf:b4:64:a1:54:5f:
                    d2:03:97:72:b5:de:4b:45:9a:fb:88:aa:29:02:bb:
                    dd:cf:0f:d9:d6:75:07:c4:ed:3c:ad:90:3f:45:09:
                    70:c0:e3:9f:77:fc:e3:1e:31:56:40:93:6a:85:54:
                    8b:5a:4e:74:ed:28:c4:a6:b4:4e:db:4a:96:ac:b8:
                    07:86:b4:fa:33:bf:3e:3e:8e:93:04:5f:80:ac:e5:
                    9c:ba:35:68:ad:fc:fb:27:29:a6:c1:0a:f0:c3:b0:
                    af:31:6d:50:de:49:8f:bf:46:c9:f7:d2:8f:8c:39:
                    9b:5c:50:f1:b3:32:e0:86:bb:93:b2:fe:33:f2:67:
                    05:34:44:20:07:a7:92:74:e3:46:88:75:5d:30:58:
                    ae:74:26:5a:23:aa:94:21:fb:ef:4a:3c:6c:cd:aa:
                    8d:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:D6:E4:00:12:B5:8C:75:CB:07:33:BC:78:A0:E0:BE:C5:63:B1:E3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/31d1b808-e86d-4470-94d3-43f282680e9f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.127.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         5a:92:8b:1e:12:08:80:b4:03:04:b6:8d:36:56:a5:d9:f6:d9:
         4a:ed:de:49:21:81:b1:87:2a:85:b7:b1:cb:15:e2:25:88:f8:
         70:7d:a2:6d:68:18:e2:3c:06:01:c0:42:d2:b9:64:ec:d9:a9:
         9b:2a:29:58:86:24:1a:3a:0f:95:9d:b2:65:ff:62:73:4f:40:
         04:c8:b9:19:32:38:03:2e:87:88:48:6c:1b:07:49:6b:ba:6c:
         1f:0d:7b:c7:50:af:84:2a:65:be:77:e9:49:91:67:ec:3b:3e:
         00:4b:65:2b:4f:50:d5:e3:62:bc:44:17:e5:c0:4d:01:e5:f4:
         cf:a7:70:47:c9:a6:a9:2a:eb:1f:85:81:29:2c:ef:ac:43:98:
         10:3c:ed:9f:d0:9c:f7:04:ca:ca:c7:fd:a2:80:91:1f:a9:32:
         16:a3:13:36:75:e7:74:21:d6:c8:dc:62:69:d0:ed:6f:e7:61:
         a1:db:68:f1:33:ac:a4:34:b3:db:4f:a1:7b:06:59:a0:7e:78:
         53:03:58:e4:52:17:cf:5d:01:23:c0:f1:5d:a0:31:6c:b5:07:
         34:72:73:f7:09:a1:d6:9a:69:9e:1f:af:ac:1d:53:64:20:dc:
         e2:ff:43:b1:14:51:6a:43:1e:b7:60:6f:f5:be:02:88:ca:c7:
         a3:b3:db:56
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUYOTT/rlVSrVXgvwzbVozWt3ucukwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDE1MTAyWhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A4NDBmZTI3ZWE1MDFmYzg5NTU4YzZiNzM0NWVhNDA3NWY5
YjMwYjkzMGI5NTQwOGY0OWUxMDExYThlMzcxNDdkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5x0/hOhjhE5CiUS+hAQn4+wIN9pvL0RyYGlz/4w1VZikr
BZJmP0L4m43Fsod2J3LPgoqqeM4kFH0SbRCpUwLFN4QYCoTbCMOabuF1/SJCIsVp
t8PHDdcO931vdB/CSYRXvL+0ZKFUX9IDl3K13ktFmvuIqikCu93PD9nWdQfE7Tyt
kD9FCXDA4593/OMeMVZAk2qFVItaTnTtKMSmtE7bSpasuAeGtPozvz4+jpMEX4Cs
5Zy6NWit/PsnKabBCvDDsK8xbVDeSY+/Rsn30o+MOZtcUPGzMuCGu5Oy/jPyZwU0
RCAHp5J040aIdV0wWK50JlojqpQh++9KPGzNqo3HAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUKtbkABK1jHXLBzO8eKDgvsVjseMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzMxZDFiODA4LWU4NmQtNDQ3MC05NGQzLTQzZjI4MjY4MGU5Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCGfzANBgkqhkiG9w0BAQsFAAOCAQEAWpKLHhIIgLQDBLaNNlal2fbZSu3e
SSGBsYcqhbexyxXiJYj4cH2ibWgY4jwGAcBC0rlk7NmpmyopWIYkGjoPlZ2yZf9i
c09ABMi5GTI4Ay6HiEhsGwdJa7psHw17x1CvhCplvnfpSZFn7Ds+AEtlK09Q1eNi
vEQX5cBNAeX0z6dwR8mmqSrrH4WBKSzvrEOYEDztn9Cc9wTKysf9ooCRH6kyFqMT
NnXndCHWyNxiadDtb+dhodto8TOspDSz20+hewZZoH54UwNY5FIXz10BI8DxXaAx
bLUHNHJz9wmh1pppnh+vrB1TZCDc4v9DsRRRakMet2Bv9b4CiMrHo7PbVg==
-----END CERTIFICATE-----