Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b333edec-2534-44b9-ad9f-aa583e3cd647.roa
File:                     b333edec-2534-44b9-ad9f-aa583e3cd647.roa (raw, json)
Hash identifier:          VGrVeVOAuh/hJlwq2n0Og/ioWn52KP+cLLZ+MfdGzmg=
Subject key identifier:   7A:24:36:A4:DD:A9:23:6F:C2:67:1F:47:40:05:0C:41:A2:F0:9E:E3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       41DEEB469CA3FD846D6EE0C355BEF6DBD7053E4C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b333edec-2534-44b9-ad9f-aa583e3cd647.roa
Signing time:             Tue 14 Oct 2025 22:11:15 +0000
ROA not before:           Tue 14 Oct 2025 22:11:15 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.84.176.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:de:eb:46:9c:a3:fd:84:6d:6e:e0:c3:55:be:f6:db:d7:05:3e:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 14 22:11:15 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=ac3dd8c4fe2de7c4b762c5e397455a2679626c781486b7fb1a41cd1e1a275034, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:18:47:4e:bf:82:3b:15:44:b6:6f:e2:40:48:
                    1b:3e:af:00:98:9c:8e:49:15:6a:c4:e0:81:41:23:
                    97:95:e5:8a:99:d1:89:df:ae:0f:ab:f1:e3:46:db:
                    09:ea:80:01:52:02:3a:68:ec:97:86:0b:e9:92:4f:
                    e6:dc:e4:25:c0:1f:a2:3d:28:52:33:e8:8e:88:d1:
                    6f:3c:5a:2d:41:be:c7:c6:08:9c:c9:82:a7:5d:19:
                    a3:98:3a:ef:71:fd:e0:b3:cd:52:e8:41:04:32:a7:
                    1b:4f:36:b0:77:17:7b:63:1d:0b:5d:9b:8d:f1:fe:
                    25:3c:41:37:38:0e:45:00:20:6d:1f:b7:d9:67:46:
                    ed:ac:0a:b7:b8:23:44:c5:a2:87:12:ea:e3:16:89:
                    0e:38:5c:a0:e5:b5:b6:cf:d1:7c:c4:37:3f:2f:57:
                    89:62:ba:d7:fc:2e:98:02:7c:76:15:f8:ec:83:ec:
                    25:ae:dc:eb:c3:2b:df:a9:0d:bb:2a:79:e4:b8:de:
                    10:08:85:a5:f4:45:57:0f:8f:ba:3d:0f:bf:3a:ec:
                    00:fa:35:59:49:3f:6e:49:cd:19:35:3a:07:71:de:
                    df:2e:ac:32:de:1e:5a:b8:cb:c0:f4:66:2a:2d:a3:
                    91:5f:7d:12:c1:0b:77:45:50:7d:5a:b0:e3:ab:41:
                    ab:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:24:36:A4:DD:A9:23:6F:C2:67:1F:47:40:05:0C:41:A2:F0:9E:E3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b333edec-2534-44b9-ad9f-aa583e3cd647.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.84.176.0/23

    Signature Algorithm: sha256WithRSAEncryption
         09:61:09:8e:ce:20:d5:3b:8f:98:e4:3d:64:86:bb:72:a0:f3:
         7b:01:24:7d:85:b6:62:b8:a1:3b:86:95:50:70:ad:71:90:45:
         49:a3:dd:e3:d0:2d:f2:3e:09:ad:95:23:9d:a3:41:8c:41:85:
         92:cf:06:5f:c7:37:83:e9:6a:50:68:37:bd:9d:d6:41:c1:6a:
         b9:08:b1:7e:8e:46:08:06:b8:73:23:ab:6d:70:01:fd:50:bf:
         d3:8d:3d:7f:ab:14:4d:ab:a3:a3:a6:1b:f4:e1:fb:b1:df:11:
         3c:4e:b7:89:25:5b:82:c6:fb:f7:8b:7d:de:5c:00:b3:bb:84:
         0f:a6:2c:bd:4a:d9:1f:67:78:92:fb:4f:61:fe:a2:07:74:c9:
         e4:90:4f:9c:5b:d7:41:41:fd:82:1c:c1:c1:00:2e:86:64:ad:
         13:b0:e3:ee:4a:1e:ac:87:ab:9a:c9:9d:25:a2:f9:68:f3:ff:
         25:85:f9:0b:64:72:e1:24:d3:8d:dd:e6:cb:eb:13:66:ba:9a:
         68:f3:f6:d5:6e:a8:f5:ad:38:39:e7:15:5f:68:ad:b3:7d:e9:
         59:a3:38:b5:ff:a7:88:41:8a:87:2d:3d:f0:61:b6:61:18:2c:
         8d:c0:52:e3:58:a5:52:29:aa:b9:d2:26:ec:b4:dd:75:63:7a:
         2b:8f:0a:47
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQd7rRpyj/YRtbuDDVb7229cFPkwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE0MjIxMTE1WhcNMjUxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BhYzNkZDhjNGZlMmRlN2M0Yjc2MmM1ZTM5NzQ1NWEyNjc5
NjI2Yzc4MTQ4NmI3ZmIxYTQxY2QxZTFhMjc1MDM0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtGEdOv4I7FUS2b+JASBs+rwCYnI5JFWrE4IFBI5eV5YqZ
0Ynfrg+r8eNG2wnqgAFSAjpo7JeGC+mST+bc5CXAH6I9KFIz6I6I0W88Wi1BvsfG
CJzJgqddGaOYOu9x/eCzzVLoQQQypxtPNrB3F3tjHQtdm43x/iU8QTc4DkUAIG0f
t9lnRu2sCre4I0TFoocS6uMWiQ44XKDltbbP0XzENz8vV4liutf8LpgCfHYV+OyD
7CWu3OvDK9+pDbsqeeS43hAIhaX0RVcPj7o9D7867AD6NVlJP25JzRk1Ogdx3t8u
rDLeHlq4y8D0Zioto5FffRLBC3dFUH1asOOrQauhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUeiQ2pN2pI2/CZx9HQAUMQaLwnuMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2IzMzNlZGVjLTI1MzQtNDRiOS1hZDlmLWFhNTgzZTNjZDY0Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFjVLAwDQYJKoZIhvcNAQELBQADggEBAAlhCY7OINU7j5jkPWSGu3Kg83sB
JH2FtmK4oTuGlVBwrXGQRUmj3ePQLfI+Ca2VI52jQYxBhZLPBl/HN4PpalBoN72d
1kHBarkIsX6ORggGuHMjq21wAf1Qv9ONPX+rFE2ro6OmG/Th+7HfETxOt4klW4LG
+/eLfd5cALO7hA+mLL1K2R9neJL7T2H+ogd0yeSQT5xb10FB/YIcwcEALoZkrROw
4+5KHqyHq5rJnSWi+Wjz/yWF+QtkcuEk043d5svrE2a6mmjz9tVuqPWtODnnFV9o
rbN96VmjOLX/p4hBioctPfBhtmEYLI3AUuNYpVIpqrnSJuy03XVjeiuPCkc=
-----END CERTIFICATE-----