Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5752b4d6-9da4-44b3-80c5-238c0eccb401.roa
File:                     5752b4d6-9da4-44b3-80c5-238c0eccb401.roa (raw, json)
Hash identifier:          J74JwbdXIk2rv/O4nI6vp81FJOlMIFsPVmVpzBbNj20=
Subject key identifier:   F8:9D:9E:C4:84:1C:D2:18:06:D2:92:FD:57:45:53:11:71:F3:A7:77
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1E2F39AB75237BBCA3ACC2AF1AE3DB1D088B7885
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5752b4d6-9da4-44b3-80c5-238c0eccb401.roa
Signing time:             Fri 24 Oct 2025 00:11:31 +0000
ROA not before:           Fri 24 Oct 2025 00:11:31 +0000
ROA not after:            Fri 28 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        142.4.160.0/19 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:2f:39:ab:75:23:7b:bc:a3:ac:c2:af:1a:e3:db:1d:08:8b:78:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 24 00:11:31 2025 GMT
            Not After : Nov 28 23:59:59 2025 GMT
        Subject: serialNumber=469d52e26c5d7f4251ab28c8a326fec31c8350685a31c87518b16ab60dbe2d91, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:16:c7:c1:0d:49:0e:a5:de:84:90:35:fe:9c:
                    39:bc:4a:9e:12:58:7d:f1:22:1a:b0:86:53:8b:e4:
                    04:b6:ae:37:b1:42:40:c9:84:47:28:f0:ff:1d:16:
                    7d:53:93:63:9c:1a:2f:08:f7:84:db:0d:a3:7b:be:
                    15:f7:14:f4:57:f6:6b:6e:ee:8c:6f:7a:01:d3:3c:
                    3e:cc:1d:3e:4f:37:0c:d0:ac:6f:c4:6d:85:f3:20:
                    79:79:33:81:97:76:45:bc:b3:b5:ae:5a:6d:10:0e:
                    4f:03:c4:02:c7:fb:67:af:fd:e8:30:50:39:bc:57:
                    e8:7a:70:46:ba:a2:4e:d5:ff:6e:ac:79:4a:07:7a:
                    29:df:bf:9b:0c:4e:56:0d:bb:4d:15:5a:28:93:43:
                    58:43:ba:f2:b8:d0:a2:23:23:91:09:92:8d:ea:53:
                    88:4f:9a:7e:4b:82:be:71:67:64:07:2e:4e:3a:b0:
                    8d:10:1b:8b:42:02:d8:54:31:14:ce:6b:23:95:6d:
                    4d:e5:aa:a4:13:08:9e:7e:35:6f:91:8c:04:8f:ca:
                    20:49:4c:8f:65:4d:08:ad:f4:e9:63:c2:69:96:4e:
                    69:0a:e7:42:f5:ac:9f:24:18:8e:c8:85:ca:3c:8a:
                    aa:eb:f6:d7:72:da:f5:5c:73:d3:47:2f:3e:0f:c4:
                    c5:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:9D:9E:C4:84:1C:D2:18:06:D2:92:FD:57:45:53:11:71:F3:A7:77
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5752b4d6-9da4-44b3-80c5-238c0eccb401.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  142.4.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         c2:b8:a3:90:13:bd:0f:7d:ee:8a:f8:79:2b:97:4c:57:95:be:
         cd:18:0a:9e:4f:39:01:02:a2:45:8f:9c:b7:00:57:c1:fb:37:
         93:39:6a:30:b7:9b:c0:d8:a6:09:47:ca:0a:96:1c:a2:d4:5d:
         7f:f9:1c:8a:3a:52:a4:9d:f0:39:63:32:1f:2b:0a:18:3f:5c:
         c2:e3:85:b2:ac:0d:b5:90:fe:3b:9c:50:27:d4:b5:e5:4d:03:
         a1:b5:11:ec:4d:da:67:24:39:77:fb:08:2a:39:17:3f:09:e1:
         cf:50:39:62:e5:7b:c7:48:bb:ad:55:60:5c:c8:8b:e5:88:43:
         71:d4:53:12:ef:68:5a:f9:24:ce:d1:27:38:97:49:5f:f5:ab:
         cb:c3:39:01:7d:30:0b:03:96:4b:eb:ba:72:1f:18:85:39:8f:
         46:ad:4b:94:39:80:bc:1c:66:62:54:d9:d4:48:48:5c:92:cd:
         19:ca:76:b2:25:3a:fb:aa:8f:aa:af:78:60:59:c0:39:23:7d:
         1e:c9:b3:28:0f:96:6e:2e:46:de:1d:40:5e:8c:45:a2:8d:4e:
         a4:3f:48:2f:93:a1:11:65:88:94:81:e3:fb:3f:cb:8e:68:17:
         37:50:e8:82:13:ce:df:3f:d1:10:d1:89:6e:95:89:72:c5:f3:
         bf:de:84:32
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHi85q3Uje7yjrMKvGuPbHQiLeIUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI0MDAxMTMxWhcNMjUxMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A0NjlkNTJlMjZjNWQ3ZjQyNTFhYjI4YzhhMzI2ZmVjMzFj
ODM1MDY4NWEzMWM4NzUxOGIxNmFiNjBkYmUyZDkxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDjFsfBDUkOpd6EkDX+nDm8Sp4SWH3xIhqwhlOL5AS2rjex
QkDJhEco8P8dFn1Tk2OcGi8I94TbDaN7vhX3FPRX9mtu7oxvegHTPD7MHT5PNwzQ
rG/EbYXzIHl5M4GXdkW8s7WuWm0QDk8DxALH+2ev/egwUDm8V+h6cEa6ok7V/26s
eUoHeinfv5sMTlYNu00VWiiTQ1hDuvK40KIjI5EJko3qU4hPmn5Lgr5xZ2QHLk46
sI0QG4tCAthUMRTOayOVbU3lqqQTCJ5+NW+RjASPyiBJTI9lTQit9OljwmmWTmkK
50L1rJ8kGI7Ihco8iqrr9tdy2vVcc9NHLz4PxMWhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU+J2exIQc0hgG0pL9V0VTEXHzp3cwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU3NTJiNGQ2LTlkYTQtNDRiMy04MGM1LTIzOGMwZWNjYjQwMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAWOBKAwDQYJKoZIhvcNAQELBQADggEBAMK4o5ATvQ997or4eSuXTFeVvs0Y
Cp5POQECokWPnLcAV8H7N5M5ajC3m8DYpglHygqWHKLUXX/5HIo6UqSd8DljMh8r
Chg/XMLjhbKsDbWQ/jucUCfUteVNA6G1EexN2mckOXf7CCo5Fz8J4c9QOWLle8dI
u61VYFzIi+WIQ3HUUxLvaFr5JM7RJziXSV/1q8vDOQF9MAsDlkvrunIfGIU5j0at
S5Q5gLwcZmJU2dRISFySzRnKdrIlOvuqj6qveGBZwDkjfR7JsygPlm4uRt4dQF6M
RaKNTqQ/SC+ToRFliJSB4/s/y45oFzdQ6IITzt8/0RDRiW6ViXLF87/ehDI=
-----END CERTIFICATE-----