Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/93da312c-9a87-4802-ae6d-e784f74c131d.roa
File:                     93da312c-9a87-4802-ae6d-e784f74c131d.roa (raw, json)
Hash identifier:          2fx7RhWe9CsU+L450K6f53FVtcfS1+ZAqdJJmTRIZ54=
Subject key identifier:   4C:66:B6:BB:8D:37:3D:D8:32:CC:F2:61:11:05:42:47:38:34:C2:27
Certificate issuer:       /CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
Certificate serial:       7BC5FD790C2F3ED2372DF0050C6596E3AFA7AB4A
Authority key identifier: 6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/93da312c-9a87-4802-ae6d-e784f74c131d.roa
Signing time:             Fri 07 Mar 2025 15:00:08 +0000
ROA not before:           Fri 07 Mar 2025 15:00:08 +0000
ROA not after:            Fri 11 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.96.4.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:c5:fd:79:0c:2f:3e:d2:37:2d:f0:05:0c:65:96:e3:af:a7:ab:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
        Validity
            Not Before: Mar  7 15:00:08 2025 GMT
            Not After : Apr 11 23:59:59 2025 GMT
        Subject: CN=8cd8442f-235f-4171-84e6-8e1007a64c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:62:2a:1b:23:b4:c9:7f:aa:b8:a7:46:97:d9:
                    2d:d2:e8:56:2e:64:63:31:c9:bd:20:74:55:f4:2e:
                    bd:65:c5:bb:ef:28:11:7d:71:18:86:bd:2b:37:44:
                    63:66:f3:6c:40:c0:20:63:a6:58:dc:e4:60:56:44:
                    d4:e0:7b:ab:ee:4f:a9:3e:cd:b9:67:bc:cf:4a:7a:
                    57:63:57:c7:53:d6:70:bc:64:a6:b6:45:94:61:a2:
                    82:c0:b5:9e:f8:cb:dc:c7:d4:89:b7:99:00:cf:17:
                    22:4a:3b:07:30:23:89:6d:8f:2b:f8:8a:f5:9e:ad:
                    88:36:75:f0:a8:15:38:da:55:ae:57:d7:6e:e0:6a:
                    cb:9e:9b:f3:5e:42:a9:62:4c:36:25:ad:84:83:d9:
                    20:dd:8f:50:8f:e2:14:1e:62:01:59:25:3a:df:ff:
                    2f:cf:72:f6:14:eb:47:c9:b2:fe:31:ba:81:22:78:
                    ba:da:04:f6:d3:ed:03:56:b4:3e:67:2c:dc:b9:b4:
                    74:c5:0f:74:d0:ef:e1:9c:a6:b7:b2:fe:b3:6b:6c:
                    5d:5a:c6:da:b7:4b:4e:70:0a:f4:3b:f0:aa:0d:e1:
                    20:9b:01:a1:3d:c8:0e:18:d3:41:ec:34:b2:69:2e:
                    04:16:15:3d:1b:fe:05:ab:05:53:9d:26:a5:8c:61:
                    9d:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:66:B6:BB:8D:37:3D:D8:32:CC:F2:61:11:05:42:47:38:34:C2:27
            X509v3 Authority Key Identifier:
                keyid:6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/93da312c-9a87-4802-ae6d-e784f74c131d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.96.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:76:04:9d:e5:07:9c:15:e5:15:18:0b:bb:17:a9:18:c9:bb:
         f2:bb:29:3d:21:fa:12:43:dc:99:e4:62:f2:46:47:6a:a3:b7:
         30:55:54:99:f9:3b:e1:1a:cd:69:eb:27:81:16:67:a5:71:25:
         af:fd:f2:f9:0c:84:b9:10:d0:10:85:a8:2f:72:fa:65:06:14:
         6a:46:40:17:fe:e1:b4:5b:be:cf:88:66:d8:2d:87:24:2f:e8:
         b8:4d:50:ba:28:79:6f:ce:91:8a:c0:e3:d3:b4:00:a2:cf:65:
         e2:80:7d:5a:0c:02:97:fe:6d:1d:e2:19:98:4c:4f:fc:7d:50:
         1d:73:b3:bc:99:63:a3:cc:28:69:f0:d2:ce:9f:1d:e9:2b:3c:
         25:ef:c3:91:a3:16:f0:de:ae:a2:3d:a4:a7:12:17:aa:e1:85:
         ac:75:54:74:89:5b:a1:f0:8f:1a:de:4a:49:1b:1c:21:c6:e9:
         aa:fc:6a:9c:d4:08:13:c0:72:75:de:ab:81:ac:e3:f9:2b:da:
         d3:ce:6a:05:2c:12:e2:f8:db:31:90:28:59:03:75:96:e1:44:
         63:95:88:80:d7:ab:de:33:0b:94:cd:e8:62:68:ab:46:48:48:
         f7:df:dc:ec:58:be:0e:9b:bf:6e:75:c6:ab:26:0c:0a:65:81:
         ed:2f:9d:8c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUe8X9eQwvPtI3LfAFDGWW46+nq0owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1Mjk4YTQyZjJiYWJh
MWZhNzJmOGQyNzkzODg3OGMwHhcNMjUwMzA3MTUwMDA4WhcNMjUwNDExMjM1OTU5
WjB6MUkwRwYDVQQFE0A2MmE4YmY3MTVkZGQyZDlkNTIzMjllOTUzNzIzYzg1NTg0
ODMzMzk1YWM1M2IzZDI5MjdlNDE3ZWQ3MzMyY2FjMS0wKwYDVQQDEyQ4Y2Q4NDQy
Zi0yMzVmLTQxNzEtODRlNi04ZTEwMDdhNjRjNjAwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+YiobI7TJf6q4p0aX2S3S6FYuZGMxyb0gdFX0Lr1lxbvv
KBF9cRiGvSs3RGNm82xAwCBjpljc5GBWRNTge6vuT6k+zblnvM9KeldjV8dT1nC8
ZKa2RZRhooLAtZ74y9zH1Im3mQDPFyJKOwcwI4ltjyv4ivWerYg2dfCoFTjaVa5X
127gasuem/NeQqliTDYlrYSD2SDdj1CP4hQeYgFZJTrf/y/PcvYU60fJsv4xuoEi
eLraBPbT7QNWtD5nLNy5tHTFD3TQ7+Gcprey/rNrbF1axtq3S05wCvQ78KoN4SCb
AaE9yA4Y00HsNLJpLgQWFT0b/gWrBVOdJqWMYZ1HAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTGa2u403PdgyzPJhEQVCRzg0wicwHwYDVR0jBBgwFoAUasw+faLnbZkR
D9Y5xBN+QkKZcNgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy82NzU1OTcwYy00
NzQ3LTQ5OWQtOTc3NC01ZTEzMDhjNTAxYTcvOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1
Mjk4YTQyZjJiYWJhMWZhNzJmOGQyNzkzODg3OGMuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTcyZDhkYjAtNDcyOC00ZmMxLWJkZDgtNDcx
MTI5ODY2MzYyLzkzZGEzMTJjLTlhODctNDgwMi1hZTZkLWU3ODRmNzRjMTMxZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3MmQ4ZGIwLTQ3MjgtNGZjMS1iZGQ4
LTQ3MTEyOTg2NjM2Mi9iZ0UxRXFSU21LUXZLNnVoLW5MNDBuazRoNHcuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAjYAQwDQYJKoZIhvcNAQELBQADggEBAGl2BJ3lB5wV5RUYC7sXqRjJu/K7
KT0h+hJD3JnkYvJGR2qjtzBVVJn5O+EazWnrJ4EWZ6VxJa/98vkMhLkQ0BCFqC9y
+mUGFGpGQBf+4bRbvs+IZtgthyQv6LhNULooeW/OkYrA49O0AKLPZeKAfVoMApf+
bR3iGZhMT/x9UB1zs7yZY6PMKGnw0s6fHekrPCXvw5GjFvDerqI9pKcSF6rhhax1
VHSJW6HwjxreSkkbHCHG6ar8apzUCBPAcnXeq4Gs4/kr2tPOagUsEuL42zGQKFkD
dZbhRGOViIDXq94zC5TN6GJoq0ZISPff3OxYvg6bv251xqsmDAplge0vnYw=
-----END CERTIFICATE-----