Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/2c3d7247-e07b-4d1c-a6ee-ebaa13fbd9cb.roa
File:                     2c3d7247-e07b-4d1c-a6ee-ebaa13fbd9cb.roa (raw, json)
Hash identifier:          hMelMGPwhePC29C92B1tcuNSogH0wU3bMKzi0228wS4=
Subject key identifier:   F5:29:EC:A3:61:DF:80:CC:0B:A9:E1:B5:3C:B0:3A:10:51:A6:5E:DD
Certificate issuer:       /CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
Certificate serial:       437FDBDB30E392FE4E39574FC72232D9D3306C3A
Authority key identifier: 6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/2c3d7247-e07b-4d1c-a6ee-ebaa13fbd9cb.roa
Signing time:             Mon 17 Mar 2025 15:40:01 +0000
ROA not before:           Mon 17 Mar 2025 15:40:01 +0000
ROA not after:            Mon 21 Apr 2025 23:59:59 +0000
asID:                     801
IP address blocks:        35.96.246.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:7f:db:db:30:e3:92:fe:4e:39:57:4f:c7:22:32:d9:d3:30:6c:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
        Validity
            Not Before: Mar 17 15:40:01 2025 GMT
            Not After : Apr 21 23:59:59 2025 GMT
        Subject: CN=8cd8442f-235f-4171-84e6-8e1007a64c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:12:25:60:96:83:78:72:e1:eb:7f:b4:6b:c2:
                    f0:07:f8:1d:1f:eb:bb:33:03:63:cf:37:51:86:2b:
                    65:42:eb:d5:6f:10:0c:3e:85:33:1f:01:b0:d8:11:
                    24:2c:37:86:e6:72:bf:8c:91:74:06:34:68:55:1c:
                    ce:98:1b:7d:db:24:e6:10:32:4a:61:c7:65:8c:95:
                    6c:2a:44:1a:08:eb:72:ea:11:e8:17:e1:6a:33:c9:
                    00:fd:d7:f4:47:aa:e2:3f:d8:58:26:67:7f:17:4f:
                    cb:be:c2:3b:8e:b1:34:09:3c:54:4a:dc:3c:fb:f0:
                    f6:14:79:4c:fc:af:0a:48:e5:5b:82:63:97:cd:79:
                    25:22:80:52:a2:a5:29:6b:37:47:24:6c:ff:80:a9:
                    94:80:c9:40:91:6a:69:e8:a0:2c:0b:16:41:8e:34:
                    cc:b8:c4:d3:1c:2f:6b:ac:de:e5:0a:3f:e0:b1:25:
                    af:9a:4b:4b:55:59:7f:47:d8:e7:19:cc:74:0b:3b:
                    bc:9b:ac:ee:f0:6f:96:62:38:f4:8b:00:9e:61:d4:
                    9e:2f:91:c4:3d:58:2d:95:26:37:b9:8e:9b:d4:b9:
                    85:fe:f1:03:34:d7:12:0b:c5:b8:90:ef:70:26:e2:
                    29:26:03:c9:dc:36:65:65:c1:2e:2f:82:40:30:97:
                    b7:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:29:EC:A3:61:DF:80:CC:0B:A9:E1:B5:3C:B0:3A:10:51:A6:5E:DD
            X509v3 Authority Key Identifier:
                keyid:6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/2c3d7247-e07b-4d1c-a6ee-ebaa13fbd9cb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.96.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:25:d1:39:21:d7:76:cb:6b:76:ef:b7:6b:84:61:7b:7a:49:
         2e:46:8c:c0:bf:83:d9:61:e9:5f:35:e2:17:1e:fa:79:38:7e:
         f5:eb:0b:a4:ff:94:c4:32:6b:4a:e5:65:d3:76:98:88:b9:36:
         fa:e1:12:f8:22:3a:91:6b:f8:a6:a2:d2:d5:45:bb:6e:74:c8:
         22:cd:88:0b:85:1f:a8:0c:59:c7:18:09:a3:b6:ff:bd:3e:40:
         87:75:cf:67:64:98:b3:78:74:d9:c7:a3:eb:cd:87:f6:d9:54:
         44:7e:55:05:7d:01:50:24:c3:94:db:5d:51:98:a6:91:48:28:
         2e:3b:52:b7:ba:45:e6:1e:29:f0:4c:c0:40:b9:8e:ad:3e:90:
         fa:c1:3e:e3:d0:71:79:d3:c5:27:b2:a3:5d:76:6e:97:19:91:
         73:5c:bf:df:ab:6b:14:a7:6a:41:07:6e:2b:17:14:03:51:87:
         d5:b9:c9:83:f6:a7:93:3f:c7:90:c6:f6:b1:2a:4e:54:5b:4d:
         9c:28:8d:14:e0:5d:2d:de:46:8f:f1:43:ca:f2:e6:66:15:f6:
         41:16:9a:b4:9f:64:8a:c8:37:2d:73:a0:f8:90:fc:17:a1:3e:
         80:b3:7c:4c:18:3b:0e:7b:5c:0d:fa:76:b6:aa:21:af:88:9e:
         32:67:6e:89
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQ3/b2zDjkv5OOVdPxyIy2dMwbDowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1Mjk4YTQyZjJiYWJh
MWZhNzJmOGQyNzkzODg3OGMwHhcNMjUwMzE3MTU0MDAxWhcNMjUwNDIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BjZjdkNzQ1ZDhlZDcyNTcyMjYyYmViZWY2M2Q0ZTI5NmRi
NzU0NjFiMTgzZmE3YTM5NDA3MjgwNDhhMjZhMGNmMS0wKwYDVQQDEyQ4Y2Q4NDQy
Zi0yMzVmLTQxNzEtODRlNi04ZTEwMDdhNjRjNjAwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDrEiVgloN4cuHrf7RrwvAH+B0f67szA2PPN1GGK2VC69Vv
EAw+hTMfAbDYESQsN4bmcr+MkXQGNGhVHM6YG33bJOYQMkphx2WMlWwqRBoI63Lq
EegX4WozyQD91/RHquI/2FgmZ38XT8u+wjuOsTQJPFRK3Dz78PYUeUz8rwpI5VuC
Y5fNeSUigFKipSlrN0ckbP+AqZSAyUCRamnooCwLFkGONMy4xNMcL2us3uUKP+Cx
Ja+aS0tVWX9H2OcZzHQLO7ybrO7wb5ZiOPSLAJ5h1J4vkcQ9WC2VJje5jpvUuYX+
8QM01xILxbiQ73Am4ikmA8ncNmVlwS4vgkAwl7cxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU9Snso2HfgMwLqeG1PLA6EFGmXt0wHwYDVR0jBBgwFoAUasw+faLnbZkR
D9Y5xBN+QkKZcNgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy82NzU1OTcwYy00
NzQ3LTQ5OWQtOTc3NC01ZTEzMDhjNTAxYTcvOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1
Mjk4YTQyZjJiYWJhMWZhNzJmOGQyNzkzODg3OGMuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTcyZDhkYjAtNDcyOC00ZmMxLWJkZDgtNDcx
MTI5ODY2MzYyLzJjM2Q3MjQ3LWUwN2ItNGQxYy1hNmVlLWViYWExM2ZiZDljYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3MmQ4ZGIwLTQ3MjgtNGZjMS1iZGQ4
LTQ3MTEyOTg2NjM2Mi9iZ0UxRXFSU21LUXZLNnVoLW5MNDBuazRoNHcuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAjYPYwDQYJKoZIhvcNAQELBQADggEBAGcl0Tkh13bLa3bvt2uEYXt6SS5G
jMC/g9lh6V814hce+nk4fvXrC6T/lMQya0rlZdN2mIi5NvrhEvgiOpFr+Kai0tVF
u250yCLNiAuFH6gMWccYCaO2/70+QId1z2dkmLN4dNnHo+vNh/bZVER+VQV9AVAk
w5TbXVGYppFIKC47Ure6ReYeKfBMwEC5jq0+kPrBPuPQcXnTxSeyo112bpcZkXNc
v9+raxSnakEHbisXFANRh9W5yYP2p5M/x5DG9rEqTlRbTZwojRTgXS3eRo/xQ8ry
5mYV9kEWmrSfZIrINy1zoPiQ/BehPoCzfEwYOw57XA36draqIa+InjJnbok=
-----END CERTIFICATE-----