Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/5d6508ce-47a1-4002-b03b-9ce21b16cf60.roa
File:                     5d6508ce-47a1-4002-b03b-9ce21b16cf60.roa (raw, json)
Hash identifier:          thQfQkI08FzuxZxVKh9XalwGkkESyQ7twRdY1s69V0g=
Subject key identifier:   30:A0:B7:77:23:A3:90:86:31:02:8E:09:5D:69:C0:83:0F:40:68:F8
Certificate issuer:       /CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
Certificate serial:       4949DA547E2905271294F5CFFB458C0B4A763239
Authority key identifier: 6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/5d6508ce-47a1-4002-b03b-9ce21b16cf60.roa
Signing time:             Tue 04 Mar 2025 22:50:14 +0000
ROA not before:           Tue 04 Mar 2025 22:50:14 +0000
ROA not after:            Tue 08 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.96.14.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:49:da:54:7e:29:05:27:12:94:f5:cf:fb:45:8c:0b:4a:76:32:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
        Validity
            Not Before: Mar  4 22:50:14 2025 GMT
            Not After : Apr  8 23:59:59 2025 GMT
        Subject: CN=8cd8442f-235f-4171-84e6-8e1007a64c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:0f:8c:ed:f5:91:74:41:83:9e:5c:bf:12:3b:
                    f4:c4:12:03:df:62:29:e7:08:f1:a4:4c:50:1e:63:
                    23:d0:16:33:f5:fa:52:7e:87:88:ec:15:25:d0:9d:
                    7b:f1:97:54:0e:bb:70:7a:4e:8f:80:5e:08:27:86:
                    85:5b:f8:14:8f:91:8e:1c:96:62:88:c4:37:a2:ce:
                    c6:09:fd:5d:5b:de:46:ab:4a:50:4e:42:39:c7:f8:
                    f9:5d:2b:18:5a:70:35:40:02:d1:f7:09:66:43:0d:
                    35:34:7e:96:fd:bb:60:85:b0:37:0b:b6:20:3c:eb:
                    46:0a:13:62:e7:85:23:a7:e7:c0:36:cc:43:66:8c:
                    23:3b:ee:06:29:48:c0:91:39:13:fe:b9:2e:1b:f7:
                    0d:7c:20:5b:0c:55:2d:23:dc:02:1e:37:db:5e:77:
                    b7:86:2c:0c:6b:d8:30:73:19:fa:4f:41:14:b9:2b:
                    22:8b:5c:75:11:b5:45:80:5b:c3:9d:85:1c:c7:77:
                    8a:84:26:d9:6f:52:e3:db:c5:e0:76:9d:32:69:c6:
                    18:5d:cd:d5:7d:87:b3:29:1f:28:f1:d4:91:63:b8:
                    3e:fd:7f:04:91:4d:08:32:41:ca:18:f4:e9:1e:2c:
                    2a:ae:d9:ee:54:26:9d:bb:71:b3:49:d2:e0:3f:49:
                    57:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:A0:B7:77:23:A3:90:86:31:02:8E:09:5D:69:C0:83:0F:40:68:F8
            X509v3 Authority Key Identifier:
                keyid:6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/5d6508ce-47a1-4002-b03b-9ce21b16cf60.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.96.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:16:d3:9d:46:17:16:1c:99:99:3c:4d:e7:79:0a:8e:12:2a:
         ca:5e:fd:c7:c6:7d:63:50:69:6c:20:c7:e9:a6:5c:07:67:3e:
         73:5e:01:ee:86:63:ef:1a:f1:e0:0b:67:16:2b:0e:88:84:6e:
         8f:83:d1:6e:c8:28:e8:76:24:21:59:1d:ca:78:2b:7e:42:82:
         eb:80:89:2e:30:29:ea:50:9a:0f:99:2f:95:0d:82:2c:13:ed:
         ca:bc:0c:74:68:bc:a4:7d:ad:dd:ef:e5:a6:98:c8:0d:5e:77:
         f3:44:6a:6e:31:dc:f7:eb:e9:18:b4:98:2f:f0:83:59:b4:64:
         c8:7d:7e:40:92:96:e6:be:ca:c1:c9:6f:89:91:7f:b0:f7:86:
         a2:cc:33:fc:73:ed:3b:70:1d:fa:22:55:8a:85:62:9c:7e:78:
         b9:34:e7:82:d7:7d:cb:4f:be:20:ad:74:52:39:aa:dc:01:bc:
         f3:2e:fc:0c:6d:6d:fd:e5:43:37:0d:c1:2c:b2:b3:2c:68:69:
         ce:ae:ca:bc:9d:5b:73:7a:75:62:7b:5b:dc:8f:dc:53:9e:87:
         b7:73:08:52:2d:f2:8d:ff:7a:e9:b3:26:84:d4:73:42:c8:0c:
         33:39:54:bd:c4:a0:26:b1:3d:0f:24:d6:c9:95:99:2a:b5:3c:
         15:f0:9d:0c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSUnaVH4pBScSlPXP+0WMC0p2MjkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1Mjk4YTQyZjJiYWJh
MWZhNzJmOGQyNzkzODg3OGMwHhcNMjUwMzA0MjI1MDE0WhcNMjUwNDA4MjM1OTU5
WjB6MUkwRwYDVQQFE0A0YTFlNmM1NTQxMWI5YjM0NDBiODMwMGYyNjcyNTljM2Ix
NTg3N2FjMTQzYTg0NjZjNWJjZGNiNjUxNjcxZTc1MS0wKwYDVQQDEyQ4Y2Q4NDQy
Zi0yMzVmLTQxNzEtODRlNi04ZTEwMDdhNjRjNjAwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCyD4zt9ZF0QYOeXL8SO/TEEgPfYinnCPGkTFAeYyPQFjP1
+lJ+h4jsFSXQnXvxl1QOu3B6To+AXggnhoVb+BSPkY4clmKIxDeizsYJ/V1b3kar
SlBOQjnH+PldKxhacDVAAtH3CWZDDTU0fpb9u2CFsDcLtiA860YKE2LnhSOn58A2
zENmjCM77gYpSMCRORP+uS4b9w18IFsMVS0j3AIeN9ted7eGLAxr2DBzGfpPQRS5
KyKLXHURtUWAW8OdhRzHd4qEJtlvUuPbxeB2nTJpxhhdzdV9h7MpHyjx1JFjuD79
fwSRTQgyQcoY9OkeLCqu2e5UJp27cbNJ0uA/SVfVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUMKC3dyOjkIYxAo4JXWnAgw9AaPgwHwYDVR0jBBgwFoAUasw+faLnbZkR
D9Y5xBN+QkKZcNgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy82NzU1OTcwYy00
NzQ3LTQ5OWQtOTc3NC01ZTEzMDhjNTAxYTcvOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1
Mjk4YTQyZjJiYWJhMWZhNzJmOGQyNzkzODg3OGMuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTcyZDhkYjAtNDcyOC00ZmMxLWJkZDgtNDcx
MTI5ODY2MzYyLzVkNjUwOGNlLTQ3YTEtNDAwMi1iMDNiLTljZTIxYjE2Y2Y2MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3MmQ4ZGIwLTQ3MjgtNGZjMS1iZGQ4
LTQ3MTEyOTg2NjM2Mi9iZ0UxRXFSU21LUXZLNnVoLW5MNDBuazRoNHcuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAjYA4wDQYJKoZIhvcNAQELBQADggEBAIwW051GFxYcmZk8Ted5Co4SKspe
/cfGfWNQaWwgx+mmXAdnPnNeAe6GY+8a8eALZxYrDoiEbo+D0W7IKOh2JCFZHcp4
K35CguuAiS4wKepQmg+ZL5UNgiwT7cq8DHRovKR9rd3v5aaYyA1ed/NEam4x3Pfr
6Ri0mC/wg1m0ZMh9fkCSlua+ysHJb4mRf7D3hqLMM/xz7TtwHfoiVYqFYpx+eLk0
54LXfctPviCtdFI5qtwBvPMu/Axtbf3lQzcNwSyysyxoac6uyrydW3N6dWJ7W9yP
3FOeh7dzCFIt8o3/eumzJoTUc0LIDDM5VL3EoCaxPQ8k1smVmSq1PBXwnQw=
-----END CERTIFICATE-----