Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d4a21000-3e1d-4970-8585-41d9313167de.roa
File:                     d4a21000-3e1d-4970-8585-41d9313167de.roa (raw, json)
Hash identifier:          6/xBajbJCLYSa16I4siNKB8SZ+G2Q/ww9tUxaRfPJqU=
Subject key identifier:   5F:7F:F2:9C:74:4A:B2:B2:4D:22:E4:4D:A6:63:F0:B4:2D:E4:3E:4E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       72F66C19D7CC71BBA9814386D8A83B4CF80F40B6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d4a21000-3e1d-4970-8585-41d9313167de.roa
Signing time:             Fri 03 Oct 2025 00:51:13 +0000
ROA not before:           Fri 03 Oct 2025 00:51:13 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.77.140.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:f6:6c:19:d7:cc:71:bb:a9:81:43:86:d8:a8:3b:4c:f8:0f:40:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 00:51:13 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=e90e0c4c6a2705934c5977b6ecd1f83f79b6cbd2cb6765b512276074ce3c68a4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:e7:4f:92:5e:01:aa:58:e2:c1:42:a7:dc:ac:
                    c9:7d:34:d5:d0:47:9c:18:06:d2:31:71:20:c1:8a:
                    3f:8d:11:19:29:d9:01:a3:bf:4b:76:9a:bc:bb:2e:
                    4d:73:f8:49:ac:4a:27:a7:90:e8:e9:0d:49:72:1b:
                    b2:67:5a:2e:13:8b:6a:79:1d:b6:39:d9:0f:de:5d:
                    52:04:ca:8b:4f:ff:23:3f:9d:27:08:bd:bb:5c:65:
                    d0:27:69:6a:96:aa:d8:3c:63:11:6e:e2:5c:73:c2:
                    dd:4b:b1:2b:a9:e1:dc:0b:74:26:0f:19:36:74:f4:
                    a0:8f:e7:22:d3:db:04:0f:99:49:a9:85:34:11:d2:
                    e3:f6:5c:5b:03:55:84:3f:c7:0d:54:05:21:18:1e:
                    42:99:05:c1:8e:f4:0d:ed:56:75:34:e6:d0:0f:5a:
                    e7:9c:77:82:6e:14:76:ca:92:a1:fe:a2:f1:a9:47:
                    b0:93:80:f4:5e:dc:28:1d:b9:f7:b3:3e:3f:5a:31:
                    ec:1d:8f:81:0a:8f:d1:4c:18:4d:52:ac:4e:ba:56:
                    94:49:7c:56:8c:8d:81:51:c7:cb:78:bb:75:34:2e:
                    4c:70:d7:7d:9a:f7:2a:c1:c4:4d:4f:d3:ba:22:c6:
                    1d:64:a7:24:54:44:97:ed:90:77:33:e3:95:7e:d2:
                    a8:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:7F:F2:9C:74:4A:B2:B2:4D:22:E4:4D:A6:63:F0:B4:2D:E4:3E:4E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d4a21000-3e1d-4970-8585-41d9313167de.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.77.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:dd:da:a6:cd:e0:54:53:b7:9f:d7:2d:42:fc:70:52:eb:1d:
         cb:78:83:a7:35:51:d6:5b:26:23:d7:a0:2f:e4:52:36:ae:56:
         ac:f9:4c:62:89:8d:e6:a4:36:18:8b:85:80:43:63:77:6e:7b:
         f9:f6:e4:12:88:e7:4f:fb:a3:88:46:0d:6f:49:1d:e6:29:1a:
         9b:8b:59:30:dc:df:42:6e:0c:e3:70:45:3d:10:4c:8b:eb:a7:
         6e:91:2a:05:a2:24:3e:f2:ae:f1:b6:77:08:24:db:ec:f5:35:
         1e:43:9d:c1:55:ca:54:05:4f:ed:aa:82:9b:0b:08:d4:15:49:
         37:04:69:b8:ce:24:9b:1d:ff:32:bc:96:e0:ed:9e:bf:b8:c0:
         95:20:8d:46:d2:54:b1:f8:2f:02:57:4c:2a:cb:f1:7b:d9:98:
         86:6e:3f:46:a0:14:80:d5:9b:49:5e:a6:c5:b4:51:37:42:34:
         54:d3:04:78:99:0b:95:17:85:ff:8d:f0:86:f7:66:7e:39:1a:
         3a:37:7f:cd:16:3c:8a:0d:ce:11:dc:3f:d0:66:46:a5:46:fb:
         64:62:49:dd:8d:5f:f4:fe:ee:9c:5e:d9:82:4f:6d:f6:09:3a:
         97:66:a5:b9:18:f4:ff:48:3c:66:ca:8c:fd:13:87:9d:c3:2a:
         d7:33:07:5b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcvZsGdfMcbupgUOG2Kg7TPgPQLYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMDA1MTEzWhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BlOTBlMGM0YzZhMjcwNTkzNGM1OTc3YjZlY2QxZjgzZjc5
YjZjYmQyY2I2NzY1YjUxMjI3NjA3NGNlM2M2OGE0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCv50+SXgGqWOLBQqfcrMl9NNXQR5wYBtIxcSDBij+NERkp
2QGjv0t2mry7Lk1z+EmsSienkOjpDUlyG7JnWi4Ti2p5HbY52Q/eXVIEyotP/yM/
nScIvbtcZdAnaWqWqtg8YxFu4lxzwt1LsSup4dwLdCYPGTZ09KCP5yLT2wQPmUmp
hTQR0uP2XFsDVYQ/xw1UBSEYHkKZBcGO9A3tVnU05tAPWuecd4JuFHbKkqH+ovGp
R7CTgPRe3CgdufezPj9aMewdj4EKj9FMGE1SrE66VpRJfFaMjYFRx8t4u3U0Lkxw
132a9yrBxE1P07oixh1kpyRURJftkHcz45V+0qjvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUX3/ynHRKsrJNIuRNpmPwtC3kPk4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q0YTIxMDAwLTNlMWQtNDk3MC04NTg1LTQxZDkzMTMxNjdkZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjTYwwDQYJKoZIhvcNAQELBQADggEBAC3d2qbN4FRTt5/XLUL8cFLrHct4
g6c1UdZbJiPXoC/kUjauVqz5TGKJjeakNhiLhYBDY3due/n25BKI50/7o4hGDW9J
HeYpGpuLWTDc30JuDONwRT0QTIvrp26RKgWiJD7yrvG2dwgk2+z1NR5DncFVylQF
T+2qgpsLCNQVSTcEabjOJJsd/zK8luDtnr+4wJUgjUbSVLH4LwJXTCrL8XvZmIZu
P0agFIDVm0lepsW0UTdCNFTTBHiZC5UXhf+N8Ib3Zn45Gjo3f80WPIoNzhHcP9Bm
RqVG+2RiSd2NX/T+7pxe2YJPbfYJOpdmpbkY9P9IPGbKjP0Th53DKtczB1s=
-----END CERTIFICATE-----