Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3de3c612-36d7-4d0e-8a61-dc9891466376.roa
File:                     3de3c612-36d7-4d0e-8a61-dc9891466376.roa (raw, json)
Hash identifier:          NoqClV0pxQlo6wkJ3RA0QUHCKr5j8osalJiCr34aEVQ=
Subject key identifier:   F4:4C:AF:AE:8B:31:A1:7E:36:86:93:51:7E:DA:19:AA:F0:08:E2:C0
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6D20893C8BEB456E8C2A44A2759AE91DFD0A7FF5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3de3c612-36d7-4d0e-8a61-dc9891466376.roa
Signing time:             Fri 03 Oct 2025 00:40:20 +0000
ROA not before:           Fri 03 Oct 2025 00:40:20 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        63.246.113.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:20:89:3c:8b:eb:45:6e:8c:2a:44:a2:75:9a:e9:1d:fd:0a:7f:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 00:40:20 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=6caff4ece72ccd5b4cf09405e77416c15a449a67f4b1796833833fcec80e7ffc, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:c0:a9:21:72:03:25:01:3e:86:5d:1f:ad:62:
                    dd:4c:92:56:1e:ed:8f:5e:d9:cc:83:27:4a:59:b2:
                    1b:4d:a3:75:50:77:26:d3:52:3c:c3:16:be:3d:fb:
                    f1:82:43:9d:90:2d:b5:f9:5d:7e:d0:e2:bd:04:c8:
                    c2:25:66:8d:bc:38:db:59:98:c2:3a:d3:2e:b3:7e:
                    9f:3a:20:30:61:09:5a:10:e4:3c:39:7a:b4:35:05:
                    60:8b:81:b1:b9:c9:79:14:98:75:88:d0:97:81:19:
                    ca:2a:a3:c3:92:1e:03:ee:5c:09:a7:69:16:8e:8c:
                    70:51:94:a4:6e:bc:88:fa:b4:41:e1:cd:af:11:1d:
                    ab:09:ff:16:15:3e:38:6e:22:da:01:9b:00:bd:84:
                    9e:e2:ea:3f:91:d5:48:6b:a0:80:dd:13:7a:b5:9f:
                    d7:7d:c4:46:41:6f:03:1f:b0:a7:c9:68:02:44:4e:
                    d3:06:d8:09:4b:fd:52:44:fe:71:8f:a4:85:dd:c8:
                    ca:9d:42:0b:25:c9:f3:47:77:bb:d4:1b:fd:8b:39:
                    6e:ed:64:07:b4:03:30:11:0d:7c:fa:76:30:b9:ce:
                    ce:e0:ee:0e:68:6a:68:cf:93:88:6c:84:73:39:80:
                    03:71:c7:35:96:86:88:c7:63:fe:c8:f4:b0:fa:81:
                    7c:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:4C:AF:AE:8B:31:A1:7E:36:86:93:51:7E:DA:19:AA:F0:08:E2:C0
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3de3c612-36d7-4d0e-8a61-dc9891466376.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  63.246.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:3d:49:30:63:e6:cc:3d:6a:90:bf:8e:df:13:51:e0:4f:be:
         76:43:2d:98:6b:ee:f9:9e:dc:96:7b:1e:95:21:20:55:f3:22:
         67:0b:12:24:ac:1f:fd:a5:93:38:39:0a:48:5c:59:71:4e:6b:
         f6:07:58:d6:7c:c6:ae:f8:30:3c:27:2b:5b:9d:25:df:90:8a:
         ec:a4:5d:34:41:60:78:30:6c:59:fa:30:9c:6a:58:08:84:51:
         2a:75:6b:24:5d:17:ab:75:31:ee:10:39:8b:f6:85:df:10:d5:
         42:c8:bc:42:77:84:1c:00:e4:b6:b0:2e:f3:0c:2d:ea:8a:d1:
         78:de:96:ca:65:8a:ac:e3:2b:6d:68:9c:8f:eb:ea:d3:79:48:
         a0:ff:84:da:fd:b0:9d:df:4a:3b:2c:eb:f3:cb:b3:3d:47:80:
         1e:1a:12:db:c5:c1:35:2f:3d:bb:06:87:1d:15:00:34:87:36:
         30:65:5a:5a:1f:fb:42:8a:b9:9b:9a:86:81:aa:ca:88:1d:20:
         ad:9a:05:bf:9b:05:c6:f3:e1:fd:c6:11:88:ba:67:ab:ac:d0:
         8f:fc:7f:82:33:73:c5:63:ee:1a:33:39:0f:41:34:03:0b:ad:
         1d:83:ed:37:3f:da:37:83:a9:a5:fa:8a:4a:41:1c:d1:93:11:
         e2:0e:d5:3e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbSCJPIvrRW6MKkSidZrpHf0Kf/UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMDA0MDIwWhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A2Y2FmZjRlY2U3MmNjZDViNGNmMDk0MDVlNzc0MTZjMTVh
NDQ5YTY3ZjRiMTc5NjgzMzgzM2ZjZWM4MGU3ZmZjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCmwKkhcgMlAT6GXR+tYt1MklYe7Y9e2cyDJ0pZshtNo3VQ
dybTUjzDFr49+/GCQ52QLbX5XX7Q4r0EyMIlZo28ONtZmMI60y6zfp86IDBhCVoQ
5Dw5erQ1BWCLgbG5yXkUmHWI0JeBGcoqo8OSHgPuXAmnaRaOjHBRlKRuvIj6tEHh
za8RHasJ/xYVPjhuItoBmwC9hJ7i6j+R1UhroIDdE3q1n9d9xEZBbwMfsKfJaAJE
TtMG2AlL/VJE/nGPpIXdyMqdQgslyfNHd7vUG/2LOW7tZAe0AzARDXz6djC5zs7g
7g5oamjPk4hshHM5gANxxzWWhojHY/7I9LD6gXz/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU9EyvrosxoX42hpNRftoZqvAI4sAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNkZTNjNjEyLTM2ZDctNGQwZS04YTYxLWRjOTg5MTQ2NjM3Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA/9nEwDQYJKoZIhvcNAQELBQADggEBABI9STBj5sw9apC/jt8TUeBPvnZD
LZhr7vme3JZ7HpUhIFXzImcLEiSsH/2lkzg5CkhcWXFOa/YHWNZ8xq74MDwnK1ud
Jd+QiuykXTRBYHgwbFn6MJxqWAiEUSp1ayRdF6t1Me4QOYv2hd8Q1ULIvEJ3hBwA
5LawLvMMLeqK0XjelspliqzjK21onI/r6tN5SKD/hNr9sJ3fSjss6/PLsz1HgB4a
EtvFwTUvPbsGhx0VADSHNjBlWlof+0KKuZuahoGqyogdIK2aBb+bBcbz4f3GEYi6
Z6us0I/8f4Izc8Vj7hozOQ9BNAMLrR2D7Tc/2jeDqaX6ikpBHNGTEeIO1T4=
-----END CERTIFICATE-----