Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3f0ed130-c978-4135-ae3e-448821f3a86f.roa
File:                     3f0ed130-c978-4135-ae3e-448821f3a86f.roa (raw, json)
Hash identifier:          Bh3ThqgDQBY9edzwE1Rp9JeNIH1ZgFw4ZK75fa/Ay1Q=
Subject key identifier:   E9:D3:E5:24:4A:BD:0A:6F:DE:C3:69:1D:BB:8B:68:AA:4F:A7:93:E9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1D24B254E479315B8C7A4B9E163A99AE8FDC7D84
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3f0ed130-c978-4135-ae3e-448821f3a86f.roa
Signing time:             Tue 28 Oct 2025 00:41:26 +0000
ROA not before:           Tue 28 Oct 2025 00:41:26 +0000
ROA not after:            Tue 02 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        57.196.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:24:b2:54:e4:79:31:5b:8c:7a:4b:9e:16:3a:99:ae:8f:dc:7d:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 28 00:41:26 2025 GMT
            Not After : Dec  2 23:59:59 2025 GMT
        Subject: serialNumber=bc199c9c4c93fe2e79dcd0d9cf50c0162aad0121160cc662a24c770918de643c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:0e:9e:b1:ec:5c:a2:6c:20:b9:af:f4:36:24:
                    a5:8c:0e:5d:e7:e1:f0:34:26:d5:49:47:99:d4:4a:
                    ff:a1:8c:6b:63:36:41:da:02:50:8d:8e:63:c1:3b:
                    a8:ae:1b:bd:ae:b3:a6:a0:e0:5f:5a:fc:68:b0:0d:
                    e9:ba:48:5b:c7:4f:2f:be:cd:72:d0:a4:bb:26:1a:
                    8d:99:e9:b9:82:3f:17:33:f4:b3:0d:b7:61:9f:ed:
                    d9:6b:59:43:64:41:6e:b6:cd:5e:46:8f:d2:3d:82:
                    f5:35:a7:67:46:33:d8:f8:98:9e:e4:32:de:e4:19:
                    b5:df:ae:c2:18:16:46:a4:5d:b9:e5:b9:f0:0a:b9:
                    66:16:cb:ef:77:8d:2c:c2:e1:fb:00:33:12:82:8f:
                    c0:76:fd:aa:31:c7:5a:e1:67:4f:c4:a4:a9:53:f3:
                    af:70:75:58:79:86:3f:b0:2c:d8:c3:4e:21:57:9a:
                    1a:0b:12:f5:18:24:c2:40:50:c9:83:1c:52:21:fc:
                    b4:19:00:5e:ea:5c:1b:2e:13:b3:1b:ae:0e:dc:8b:
                    77:b9:36:01:9a:b6:a2:be:70:b4:33:ae:0e:ec:d0:
                    f9:4f:4e:55:94:26:4c:42:8b:85:7b:19:44:07:d8:
                    87:92:08:34:92:09:61:cb:ee:2a:bc:ef:60:7d:31:
                    a0:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:D3:E5:24:4A:BD:0A:6F:DE:C3:69:1D:BB:8B:68:AA:4F:A7:93:E9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3f0ed130-c978-4135-ae3e-448821f3a86f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.196.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         cd:c2:17:22:d7:49:6c:38:5c:de:bb:54:20:e5:b6:05:37:ab:
         91:eb:bb:ab:6a:9a:57:68:d3:d0:bd:71:90:a2:8e:6d:de:89:
         55:98:1e:8f:9e:3b:e3:3b:07:34:8c:23:90:9a:c6:7d:33:0a:
         41:b9:8a:39:32:4a:3c:85:f1:a3:bf:ec:35:50:4d:b5:b9:d9:
         50:bc:ac:de:65:d1:05:2c:b8:62:cd:02:ba:e9:d1:5d:98:d5:
         15:db:66:68:fe:00:32:62:8b:a0:7b:56:cd:eb:a0:c0:bc:69:
         b8:c6:0b:1d:24:d6:cc:20:54:23:d8:e5:ca:f9:13:94:ce:6d:
         69:d4:54:ca:d9:15:a2:d7:73:8c:a1:2a:fe:66:2d:39:a7:b6:
         2a:8a:9b:3f:8b:9e:01:09:31:1a:a7:4d:68:8e:fa:34:07:fd:
         62:2d:1f:ce:67:ab:b5:ce:e9:67:6f:33:b4:aa:4b:f7:e2:fa:
         93:e4:e6:c9:45:e6:61:9a:62:65:66:dd:96:8e:12:b0:2b:b5:
         4f:c0:62:10:a0:05:11:f3:9e:fd:ba:3e:6d:a8:6a:82:3d:d2:
         9b:d9:65:44:4d:a6:fd:f4:48:27:cc:df:2c:4b:ee:4d:e3:22:
         c8:c5:5c:e4:b6:b9:1c:0a:56:08:2f:56:9d:36:b1:d7:0e:83:
         86:27:18:0d
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUHSSyVOR5MVuMekueFjqZro/cfYQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI4MDA0MTI2WhcNMjUxMjAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BiYzE5OWM5YzRjOTNmZTJlNzlkY2QwZDljZjUwYzAxNjJh
YWQwMTIxMTYwY2M2NjJhMjRjNzcwOTE4ZGU2NDNjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDMDp6x7FyibCC5r/Q2JKWMDl3n4fA0JtVJR5nUSv+hjGtj
NkHaAlCNjmPBO6iuG72us6ag4F9a/GiwDem6SFvHTy++zXLQpLsmGo2Z6bmCPxcz
9LMNt2Gf7dlrWUNkQW62zV5Gj9I9gvU1p2dGM9j4mJ7kMt7kGbXfrsIYFkakXbnl
ufAKuWYWy+93jSzC4fsAMxKCj8B2/aoxx1rhZ0/EpKlT869wdVh5hj+wLNjDTiFX
mhoLEvUYJMJAUMmDHFIh/LQZAF7qXBsuE7Mbrg7ci3e5NgGatqK+cLQzrg7s0PlP
TlWUJkxCi4V7GUQH2IeSCDSSCWHL7iq872B9MaB5AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU6dPlJEq9Cm/ew2kdu4toqk+nk+kwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNmMGVkMTMwLWM5NzgtNDEzNS1hZTNlLTQ0ODgyMWYzYTg2Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA5xDANBgkqhkiG9w0BAQsFAAOCAQEAzcIXItdJbDhc3rtUIOW2BTerkeu7
q2qaV2jT0L1xkKKObd6JVZgej5474zsHNIwjkJrGfTMKQbmKOTJKPIXxo7/sNVBN
tbnZULys3mXRBSy4Ys0CuunRXZjVFdtmaP4AMmKLoHtWzeugwLxpuMYLHSTWzCBU
I9jlyvkTlM5tadRUytkVotdzjKEq/mYtOae2KoqbP4ueAQkxGqdNaI76NAf9Yi0f
zmertc7pZ28ztKpL9+L6k+TmyUXmYZpiZWbdlo4SsCu1T8BiEKAFEfOe/bo+bahq
gj3Sm9llRE2m/fRIJ8zfLEvuTeMiyMVc5La5HApWCC9WnTax1w6DhicYDQ==
-----END CERTIFICATE-----