Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/6b5bf93b-0a86-4e25-a20a-4c9828e1f847.roa
File:                     6b5bf93b-0a86-4e25-a20a-4c9828e1f847.roa (raw, json)
Hash identifier:          ThVTG29Dcgr+x3n9UNMOZlMA7QozfhMTLHf6VIhk/PM=
Subject key identifier:   15:93:D2:55:55:AC:AA:7D:C1:4E:F9:F6:E2:35:1D:3E:13:35:70:2D
Certificate issuer:       /CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
Certificate serial:       377532F9418EC14582F5936A2FDA4DE1182F2A8C
Authority key identifier: 6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/6b5bf93b-0a86-4e25-a20a-4c9828e1f847.roa
Signing time:             Tue 04 Mar 2025 23:00:42 +0000
ROA not before:           Tue 04 Mar 2025 23:00:42 +0000
ROA not after:            Tue 08 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.96.144.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:75:32:f9:41:8e:c1:45:82:f5:93:6a:2f:da:4d:e1:18:2f:2a:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
        Validity
            Not Before: Mar  4 23:00:42 2025 GMT
            Not After : Apr  8 23:59:59 2025 GMT
        Subject: CN=8cd8442f-235f-4171-84e6-8e1007a64c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:c7:17:c9:cf:e9:f1:17:93:9b:2e:df:b2:b5:
                    9b:c9:ab:34:44:a9:d1:13:70:46:e0:61:37:fe:e3:
                    4c:d4:1c:12:b1:24:94:ea:d2:11:82:33:80:1a:76:
                    11:1d:dc:5b:d2:6d:c8:f7:b1:a4:14:cc:2f:31:73:
                    af:2d:83:8d:a3:47:ae:0c:f8:77:b4:82:6e:01:5a:
                    ac:a2:96:7c:ee:af:1a:1a:f9:78:c9:29:9a:1f:da:
                    12:f7:85:65:21:d0:12:50:df:c5:b2:36:54:2e:65:
                    14:f3:4d:76:ff:ed:3f:78:97:11:85:7e:72:51:bc:
                    af:54:64:e8:ae:75:df:6e:a3:26:09:d5:c4:0f:d7:
                    d2:45:3c:0b:03:39:2e:e2:13:e2:92:6e:78:fa:b5:
                    b8:db:e6:65:53:68:ff:f1:33:b9:2b:44:07:45:67:
                    20:22:60:dd:fa:19:10:f7:17:33:5b:a0:92:2f:e5:
                    7d:bf:de:1c:84:e6:18:38:d5:c0:3d:22:4a:de:69:
                    0f:77:b2:4b:81:c4:f7:2a:85:0b:28:4c:77:c3:dd:
                    d4:db:11:5f:9a:ec:fa:0a:64:3d:a2:18:ca:30:6b:
                    af:76:8b:87:a0:68:6f:9e:4e:49:59:59:52:35:67:
                    5d:59:eb:ad:47:6c:5e:dd:6e:c3:be:cf:56:a3:4e:
                    39:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:93:D2:55:55:AC:AA:7D:C1:4E:F9:F6:E2:35:1D:3E:13:35:70:2D
            X509v3 Authority Key Identifier:
                keyid:6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/6b5bf93b-0a86-4e25-a20a-4c9828e1f847.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.96.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         08:f0:5e:98:a0:ed:8b:94:ae:41:e4:7f:81:72:fb:55:15:ef:
         88:19:f4:e7:70:d8:f7:ce:56:94:ff:19:f1:c0:ef:e0:5f:9d:
         39:ae:2d:69:ac:a4:cf:99:d8:99:c1:d7:e0:70:90:fd:28:b5:
         02:0f:fe:36:f6:a7:6a:36:cf:10:7f:fe:5c:7e:1c:dd:24:5a:
         59:dc:bf:25:01:78:0f:7d:39:d1:69:79:8d:45:48:89:07:8e:
         71:7b:ac:a0:dc:b9:4b:78:6d:cf:6d:a1:d2:ea:4b:52:92:5c:
         6c:e4:00:5f:53:68:5c:12:ce:d8:06:94:af:f0:9b:49:3e:d7:
         2b:b1:e3:3e:0a:84:25:20:9c:3b:5c:df:6f:d8:8f:42:34:e1:
         7d:ba:5d:28:a6:86:5a:13:55:5b:6a:5c:17:09:5c:82:bd:04:
         9f:c3:aa:90:04:72:ab:e0:8a:ee:6b:5b:99:57:21:83:f4:f8:
         29:6d:85:71:58:d7:57:37:e2:ca:55:d2:10:aa:61:77:9f:6b:
         6d:59:69:ae:e6:8d:ae:aa:59:2d:3f:96:73:4c:41:0a:86:f1:
         b5:3e:bc:ea:bd:c7:ad:01:be:aa:58:87:c0:33:fe:5c:38:78:
         e8:1b:b7:6f:ba:21:29:75:73:14:9a:3a:b6:68:df:58:68:a7:
         5a:17:81:aa
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUN3Uy+UGOwUWC9ZNqL9pN4RgvKowwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1Mjk4YTQyZjJiYWJh
MWZhNzJmOGQyNzkzODg3OGMwHhcNMjUwMzA0MjMwMDQyWhcNMjUwNDA4MjM1OTU5
WjB6MUkwRwYDVQQFE0A5M2I2ZDA2ZjVkZGQxNTYxMWQ3ZWZhM2E4NzhmMTJjYTAx
NjFkNmE5ZmNkM2RkMzEzMjcwMTk1OTQ3YTQ3YzFjMS0wKwYDVQQDEyQ4Y2Q4NDQy
Zi0yMzVmLTQxNzEtODRlNi04ZTEwMDdhNjRjNjAwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtxxfJz+nxF5ObLt+ytZvJqzREqdETcEbgYTf+40zUHBKx
JJTq0hGCM4AadhEd3FvSbcj3saQUzC8xc68tg42jR64M+He0gm4BWqyilnzurxoa
+XjJKZof2hL3hWUh0BJQ38WyNlQuZRTzTXb/7T94lxGFfnJRvK9UZOiudd9uoyYJ
1cQP19JFPAsDOS7iE+KSbnj6tbjb5mVTaP/xM7krRAdFZyAiYN36GRD3FzNboJIv
5X2/3hyE5hg41cA9IkreaQ93skuBxPcqhQsoTHfD3dTbEV+a7PoKZD2iGMowa692
i4egaG+eTklZWVI1Z11Z661HbF7dbsO+z1ajTjk7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUFZPSVVWsqn3BTvn24jUdPhM1cC0wHwYDVR0jBBgwFoAUasw+faLnbZkR
D9Y5xBN+QkKZcNgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy82NzU1OTcwYy00
NzQ3LTQ5OWQtOTc3NC01ZTEzMDhjNTAxYTcvOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1
Mjk4YTQyZjJiYWJhMWZhNzJmOGQyNzkzODg3OGMuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTcyZDhkYjAtNDcyOC00ZmMxLWJkZDgtNDcx
MTI5ODY2MzYyLzZiNWJmOTNiLTBhODYtNGUyNS1hMjBhLTRjOTgyOGUxZjg0Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3MmQ4ZGIwLTQ3MjgtNGZjMS1iZGQ4
LTQ3MTEyOTg2NjM2Mi9iZ0UxRXFSU21LUXZLNnVoLW5MNDBuazRoNHcuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIjYJAwDQYJKoZIhvcNAQELBQADggEBAAjwXpig7YuUrkHkf4Fy+1UV74gZ
9Odw2PfOVpT/GfHA7+BfnTmuLWmspM+Z2JnB1+BwkP0otQIP/jb2p2o2zxB//lx+
HN0kWlncvyUBeA99OdFpeY1FSIkHjnF7rKDcuUt4bc9todLqS1KSXGzkAF9TaFwS
ztgGlK/wm0k+1yux4z4KhCUgnDtc32/Yj0I04X26XSimhloTVVtqXBcJXIK9BJ/D
qpAEcqvgiu5rW5lXIYP0+ClthXFY11c34spV0hCqYXefa21Zaa7mja6qWS0/lnNM
QQqG8bU+vOq9x60BvqpYh8Az/lw4eOgbt2+6ISl1cxSaOrZo31hop1oXgao=
-----END CERTIFICATE-----