Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/22f66e2d-2753-44a1-9aec-16b69cdffad1.roa
File:                     22f66e2d-2753-44a1-9aec-16b69cdffad1.roa (raw, json)
Hash identifier:          dnBsvhqCu4jH0BpAJnqi68+ex8s/nAirSto83awDkv8=
Subject key identifier:   4F:75:3A:6C:87:8E:07:8C:43:7D:F5:E3:6A:18:82:3B:9F:D8:A6:80
Certificate issuer:       /CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
Certificate serial:       1783A9B8C9618B0B7ED9535C67B94FA993F84CAF
Authority key identifier: 6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/22f66e2d-2753-44a1-9aec-16b69cdffad1.roa
Signing time:             Mon 10 Mar 2025 15:20:56 +0000
ROA not before:           Mon 10 Mar 2025 15:20:56 +0000
ROA not after:            Mon 14 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.96.1.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:83:a9:b8:c9:61:8b:0b:7e:d9:53:5c:67:b9:4f:a9:93:f8:4c:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
        Validity
            Not Before: Mar 10 15:20:56 2025 GMT
            Not After : Apr 14 23:59:59 2025 GMT
        Subject: CN=8cd8442f-235f-4171-84e6-8e1007a64c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:07:60:34:39:c0:cf:69:82:72:e5:a1:d7:fa:
                    24:22:23:23:0d:eb:43:04:5c:7b:78:2e:45:da:be:
                    0e:51:86:50:7a:0e:79:60:94:c8:dd:e8:4e:76:61:
                    83:8b:e6:94:57:68:da:9e:73:35:13:e0:16:45:f2:
                    55:fa:ef:20:14:73:cc:83:24:37:50:b9:b2:6f:a2:
                    9e:f9:67:9f:d2:0f:ad:72:9b:12:81:6f:4f:39:24:
                    c0:39:71:8f:c3:ec:24:17:80:18:e3:d4:e0:a4:22:
                    a4:69:4c:8f:87:93:68:9b:b9:4b:0b:d0:df:f3:c2:
                    43:a8:4e:27:d6:eb:f4:0b:80:12:2b:0a:4a:6d:ab:
                    bc:b5:be:d0:f8:69:05:b6:84:c1:a1:45:fa:f0:06:
                    ea:1f:2d:a4:6e:8c:98:12:4d:d8:38:1e:25:58:0f:
                    af:d0:44:50:9c:e0:d5:5c:1e:ce:bb:4c:72:9c:26:
                    6b:48:c6:9f:b8:c4:5a:d8:11:77:e6:98:72:01:73:
                    2a:0d:c3:63:09:01:9e:66:21:ba:37:87:a2:0b:50:
                    18:a8:9e:13:10:c6:be:70:61:42:ce:02:2d:9f:7f:
                    e3:80:1d:96:17:0a:77:76:5f:cb:4c:20:3b:ed:3b:
                    c1:7a:a4:b6:05:22:9b:a1:8a:8c:c8:0e:3f:ce:d5:
                    83:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:75:3A:6C:87:8E:07:8C:43:7D:F5:E3:6A:18:82:3B:9F:D8:A6:80
            X509v3 Authority Key Identifier:
                keyid:6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/22f66e2d-2753-44a1-9aec-16b69cdffad1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.96.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:fe:29:cf:b8:9d:b0:b8:3a:2a:99:70:0a:c6:fd:c8:2b:36:
         80:cd:69:93:57:5e:0e:a0:44:ec:e5:e8:51:fc:08:4c:3c:74:
         17:8b:3d:0a:06:fd:fe:83:bf:82:e4:b0:c1:32:fa:07:66:1b:
         c3:70:3c:17:7c:2f:a5:d1:6d:0d:72:2e:cc:19:e4:c8:ad:0c:
         d7:cd:bb:89:80:c8:07:b8:5a:6c:d4:42:8e:6f:fa:8d:51:52:
         54:8a:5b:07:95:e5:fe:02:ef:70:8e:07:d6:45:df:b7:b7:6c:
         89:5d:c4:bb:4f:fe:01:91:f3:14:69:f5:2b:9c:1d:5a:8f:7e:
         8f:0a:43:e2:41:2e:0e:1d:1a:30:8f:18:66:2e:f1:c6:fa:f2:
         fe:85:3e:f0:c8:1c:76:bf:92:52:d4:1c:b0:08:22:ef:02:b1:
         31:0f:af:d7:e9:f9:7c:ae:22:7f:d8:4a:cf:be:a1:70:60:39:
         84:51:bd:db:8e:50:9f:0a:f6:a1:4d:61:4d:c9:f7:22:f6:6c:
         4b:65:ee:d5:71:3c:3f:27:a2:63:61:62:c9:04:14:1e:b6:72:
         68:7f:3b:ac:c3:15:4f:6c:f2:87:ae:19:4f:78:15:77:ec:e2:
         b4:7c:14:65:50:59:d0:9f:20:c0:c5:e0:26:10:3f:a4:05:fa:
         df:ff:ea:7e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUF4OpuMlhiwt+2VNcZ7lPqZP4TK8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1Mjk4YTQyZjJiYWJh
MWZhNzJmOGQyNzkzODg3OGMwHhcNMjUwMzEwMTUyMDU2WhcNMjUwNDE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A4NzYxN2E1MWM0Yzc5ZDAzYmRmNzdhOWFiOWViZDZkZjA3
N2YzY2Q1YTU1Mjk5ZGMzNWU0YTVmZDQ1ZWZhMzRiMS0wKwYDVQQDEyQ4Y2Q4NDQy
Zi0yMzVmLTQxNzEtODRlNi04ZTEwMDdhNjRjNjAwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDcB2A0OcDPaYJy5aHX+iQiIyMN60MEXHt4LkXavg5RhlB6
DnlglMjd6E52YYOL5pRXaNqeczUT4BZF8lX67yAUc8yDJDdQubJvop75Z5/SD61y
mxKBb085JMA5cY/D7CQXgBjj1OCkIqRpTI+Hk2ibuUsL0N/zwkOoTifW6/QLgBIr
Ckptq7y1vtD4aQW2hMGhRfrwBuofLaRujJgSTdg4HiVYD6/QRFCc4NVcHs67THKc
JmtIxp+4xFrYEXfmmHIBcyoNw2MJAZ5mIbo3h6ILUBionhMQxr5wYULOAi2ff+OA
HZYXCnd2X8tMIDvtO8F6pLYFIpuhiozIDj/O1YOtAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUT3U6bIeOB4xDffXjahiCO5/YpoAwHwYDVR0jBBgwFoAUasw+faLnbZkR
D9Y5xBN+QkKZcNgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy82NzU1OTcwYy00
NzQ3LTQ5OWQtOTc3NC01ZTEzMDhjNTAxYTcvOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1
Mjk4YTQyZjJiYWJhMWZhNzJmOGQyNzkzODg3OGMuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTcyZDhkYjAtNDcyOC00ZmMxLWJkZDgtNDcx
MTI5ODY2MzYyLzIyZjY2ZTJkLTI3NTMtNDRhMS05YWVjLTE2YjY5Y2RmZmFkMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3MmQ4ZGIwLTQ3MjgtNGZjMS1iZGQ4
LTQ3MTEyOTg2NjM2Mi9iZ0UxRXFSU21LUXZLNnVoLW5MNDBuazRoNHcuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAjYAEwDQYJKoZIhvcNAQELBQADggEBAD7+Kc+4nbC4OiqZcArG/cgrNoDN
aZNXXg6gROzl6FH8CEw8dBeLPQoG/f6Dv4LksMEy+gdmG8NwPBd8L6XRbQ1yLswZ
5MitDNfNu4mAyAe4WmzUQo5v+o1RUlSKWweV5f4C73COB9ZF37e3bIldxLtP/gGR
8xRp9SucHVqPfo8KQ+JBLg4dGjCPGGYu8cb68v6FPvDIHHa/klLUHLAIIu8CsTEP
r9fp+XyuIn/YSs++oXBgOYRRvduOUJ8K9qFNYU3J9yL2bEtl7tVxPD8nomNhYskE
FB62cmh/O6zDFU9s8oeuGU94FXfs4rR8FGVQWdCfIMDF4CYQP6QF+t//6n4=
-----END CERTIFICATE-----