Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/844abc15-f137-4ba6-91a9-3db90fdebd62.roa
File:                     844abc15-f137-4ba6-91a9-3db90fdebd62.roa (raw, json)
Hash identifier:          mRRiMCVc4+v9pUHyHEYaN7rc14c2AJaSzFqvDsXdpVA=
Subject key identifier:   5B:D4:8B:EB:3B:EC:23:F2:E1:A7:05:FB:03:AA:CD:F8:54:2B:39:CC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4A6883B1608D73BA63B62E11DA8110F339CF2CBA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/844abc15-f137-4ba6-91a9-3db90fdebd62.roa
Signing time:             Tue 30 Sep 2025 00:12:26 +0000
ROA not before:           Tue 30 Sep 2025 00:12:26 +0000
ROA not after:            Tue 04 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.27.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:68:83:b1:60:8d:73:ba:63:b6:2e:11:da:81:10:f3:39:cf:2c:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 30 00:12:26 2025 GMT
            Not After : Nov  4 23:59:59 2025 GMT
        Subject: serialNumber=e2fdb69cf705eaa8adc6b61f33ed5d8055208bea235cc6279c45312244695d1d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:65:46:db:ba:0d:88:d6:d7:e3:9f:65:b4:4c:
                    ea:ed:e3:b6:27:bd:95:d7:29:dc:6b:46:77:c1:b9:
                    9c:ba:7e:ce:c5:00:f6:9d:8d:c9:36:6c:d3:30:85:
                    45:15:bf:5e:a9:34:2d:b1:90:d5:b9:87:49:db:86:
                    d9:20:00:25:d7:c2:16:f9:59:97:fb:5c:a1:38:b2:
                    a5:70:bb:07:5a:46:27:86:4e:17:3a:e3:8e:d7:08:
                    a5:1b:e7:c1:98:fd:cc:08:11:a8:e1:9d:06:03:66:
                    10:7d:ff:8d:e8:3c:2a:70:51:d0:2b:70:9a:89:0c:
                    f8:c9:bf:fe:84:7a:8a:14:f7:2c:09:8e:11:e4:6b:
                    8b:5a:31:6d:6f:af:23:49:f2:57:d2:76:cb:f6:be:
                    3f:20:62:40:b6:b9:5f:18:a4:f2:62:46:96:53:f3:
                    87:2b:e1:d8:be:1d:c7:a0:e5:98:56:6e:10:c8:f5:
                    f0:57:c9:ea:5f:32:f5:90:83:c6:78:6d:18:78:bb:
                    5a:f0:6d:16:45:72:93:44:58:63:7b:d1:c9:a8:50:
                    5c:4e:7c:80:c9:55:bf:46:5a:ad:f9:51:b9:59:92:
                    01:a5:0c:5e:44:f7:b3:ed:f9:24:ca:9c:8d:cc:8a:
                    b7:aa:da:c8:0b:15:df:33:fa:9b:dc:88:89:71:43:
                    a2:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:D4:8B:EB:3B:EC:23:F2:E1:A7:05:FB:03:AA:CD:F8:54:2B:39:CC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/844abc15-f137-4ba6-91a9-3db90fdebd62.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.27.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         79:21:04:0b:a0:a7:b5:85:4e:d8:44:19:f2:48:46:24:c1:40:
         0f:3e:6b:3e:17:40:50:87:4a:f3:2b:b8:20:55:b3:e3:48:0f:
         f0:6b:db:07:b2:95:4f:3a:ac:c6:d5:22:fc:1e:0c:8b:6e:6b:
         e0:d5:12:d4:8e:29:25:36:68:4e:7e:a4:ec:d7:b1:2f:17:f7:
         35:10:31:e6:c0:45:37:aa:62:6b:d6:1f:df:2a:a2:ef:3d:14:
         cd:74:f5:5c:22:ce:56:73:fc:2e:6b:44:34:ab:cf:cc:cc:13:
         4b:8f:81:91:3e:1f:0d:d0:d2:e4:6c:6a:c1:55:40:9a:96:a5:
         54:c7:73:9c:d6:08:07:86:40:6a:87:ce:3b:ee:5e:4c:03:88:
         d2:95:ef:a1:28:24:aa:dd:24:42:68:78:89:99:dc:60:3f:f3:
         f5:fd:b3:e2:cf:59:f3:e6:d4:c9:80:fa:ec:5c:7e:88:ae:a6:
         39:cf:e9:a9:4f:cb:8e:6b:9f:f9:84:ad:7f:f6:b2:bd:de:3f:
         6c:a8:67:3b:7f:8c:08:15:07:3a:93:0c:9a:5d:9d:af:83:b3:
         97:3f:ad:a4:45:dc:13:cf:e2:2e:46:16:e1:fb:e7:08:f1:3f:
         61:27:c5:4a:09:10:31:f8:97:5a:34:6a:37:35:f6:05:ec:12:
         d2:c3:79:74
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUSmiDsWCNc7pjti4R2oEQ8znPLLowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTMwMDAxMjI2WhcNMjUxMTA0MjM1OTU5
WjB6MUkwRwYDVQQFE0BlMmZkYjY5Y2Y3MDVlYWE4YWRjNmI2MWYzM2VkNWQ4MDU1
MjA4YmVhMjM1Y2M2Mjc5YzQ1MzEyMjQ0Njk1ZDFkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7ZUbbug2I1tfjn2W0TOrt47YnvZXXKdxrRnfBuZy6fs7F
APadjck2bNMwhUUVv16pNC2xkNW5h0nbhtkgACXXwhb5WZf7XKE4sqVwuwdaRieG
Thc6447XCKUb58GY/cwIEajhnQYDZhB9/43oPCpwUdArcJqJDPjJv/6EeooU9ywJ
jhHka4taMW1vryNJ8lfSdsv2vj8gYkC2uV8YpPJiRpZT84cr4di+Hceg5ZhWbhDI
9fBXyepfMvWQg8Z4bRh4u1rwbRZFcpNEWGN70cmoUFxOfIDJVb9GWq35UblZkgGl
DF5E97Pt+STKnI3Mireq2sgLFd8z+pvciIlxQ6IFAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUW9SL6zvsI/LhpwX7A6rN+FQrOcwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg0NGFiYzE1LWYxMzctNGJhNi05MWE5LTNkYjkwZmRlYmQ2Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQGzANBgkqhkiG9w0BAQsFAAOCAQEAeSEEC6CntYVO2EQZ8khGJMFADz5r
PhdAUIdK8yu4IFWz40gP8GvbB7KVTzqsxtUi/B4Mi25r4NUS1I4pJTZoTn6k7Nex
Lxf3NRAx5sBFN6pia9Yf3yqi7z0UzXT1XCLOVnP8LmtENKvPzMwTS4+BkT4fDdDS
5GxqwVVAmpalVMdznNYIB4ZAaofOO+5eTAOI0pXvoSgkqt0kQmh4iZncYD/z9f2z
4s9Z8+bUyYD67Fx+iK6mOc/pqU/Ljmuf+YStf/ayvd4/bKhnO3+MCBUHOpMMml2d
r4Ozlz+tpEXcE8/iLkYW4fvnCPE/YSfFSgkQMfiXWjRqNzX2BewS0sN5dA==
-----END CERTIFICATE-----