Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/2ca5264c-7bf5-4248-b6ad-dd9cf57a2be3.roa
File:                     2ca5264c-7bf5-4248-b6ad-dd9cf57a2be3.roa (raw, json)
Hash identifier:          H4bvHHh9I4Q1/zWtY6hUzdPcp+sHZp630RaIIoyisbk=
Subject key identifier:   92:7A:E6:87:9A:95:37:1E:F4:9A:24:54:CC:BA:88:7A:6F:50:D8:38
Certificate issuer:       /CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
Certificate serial:       6AA8C12DD271677FAEE2FE279DDEEB7FE7E2E282
Authority key identifier: 6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/2ca5264c-7bf5-4248-b6ad-dd9cf57a2be3.roa
Signing time:             Fri 21 Mar 2025 00:50:08 +0000
ROA not before:           Fri 21 Mar 2025 00:50:08 +0000
ROA not after:            Fri 25 Apr 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        35.96.244.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:a8:c1:2d:d2:71:67:7f:ae:e2:fe:27:9d:de:eb:7f:e7:e2:e2:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
        Validity
            Not Before: Mar 21 00:50:08 2025 GMT
            Not After : Apr 25 23:59:59 2025 GMT
        Subject: CN=8cd8442f-235f-4171-84e6-8e1007a64c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:b2:ca:cf:c2:e4:33:6b:85:8c:56:66:75:67:
                    4e:ea:f4:e4:ee:ca:df:b0:45:2d:2f:f7:68:36:70:
                    9d:48:62:66:bf:be:25:be:5f:c4:a5:dd:54:34:9e:
                    4a:eb:ca:cd:45:09:b7:0f:f5:05:28:93:b7:68:04:
                    39:cd:6d:59:95:f8:82:e5:65:2a:e0:b1:23:37:36:
                    9b:40:96:3e:48:78:6e:2a:62:c3:c7:e4:35:8c:43:
                    46:68:c4:67:87:4c:9d:42:cd:64:02:ae:48:a8:6a:
                    bd:46:5a:c1:ea:ae:56:e2:a0:ae:64:dd:dd:db:bb:
                    6b:8f:09:b1:57:2a:19:d3:f4:e8:b3:e0:41:2d:af:
                    96:8d:8a:37:4c:28:0a:dc:60:34:d4:d2:b2:26:23:
                    e7:1b:70:55:f5:2d:55:42:32:9f:9c:9b:9e:d4:aa:
                    8a:d1:1d:73:d6:7f:e0:85:b1:3d:e9:d1:cc:0d:24:
                    00:7a:d9:a7:ad:45:9e:d2:9f:85:b2:ca:e3:d1:43:
                    db:43:a9:99:00:9c:12:9e:40:76:c9:21:6b:7c:2e:
                    b7:50:ae:5e:cc:f4:ab:43:d1:89:bf:eb:9b:1d:bb:
                    e6:13:5f:fb:79:2a:73:52:f4:85:14:49:93:5f:2c:
                    58:78:cd:94:e1:75:8e:ff:fa:f2:2f:86:2e:e8:f6:
                    2b:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:7A:E6:87:9A:95:37:1E:F4:9A:24:54:CC:BA:88:7A:6F:50:D8:38
            X509v3 Authority Key Identifier:
                keyid:6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/2ca5264c-7bf5-4248-b6ad-dd9cf57a2be3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.96.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:51:d2:19:70:e8:f2:45:55:49:04:d4:d4:09:cd:a7:54:de:
         ee:c3:c6:74:a9:78:4f:92:4e:bf:ca:8e:00:18:61:c6:02:2f:
         07:c4:34:4a:e7:0c:4a:7d:6f:03:a5:c4:a6:44:25:69:6c:04:
         8e:49:ed:a5:b8:11:28:c9:76:39:b1:af:5b:89:b1:6b:6a:7e:
         30:09:05:75:2c:2f:af:c5:1f:b6:d3:b4:ce:c6:27:9a:8c:37:
         02:3d:6e:7b:4e:ea:92:76:83:07:33:55:83:7a:a4:9b:99:3f:
         c1:c6:db:f5:b8:80:e2:df:8b:e1:94:26:bc:e2:2b:82:d1:aa:
         33:fd:6c:36:21:14:fb:bf:43:d4:c1:44:ff:c7:ab:15:46:20:
         39:e6:42:8c:d9:59:b8:10:df:c4:42:40:4b:a8:aa:27:a8:1c:
         e0:78:6b:23:1f:ba:b8:7b:7f:7b:99:7e:02:1b:71:a8:74:8d:
         65:db:d5:d9:ed:d3:f6:7c:58:dd:d7:a9:10:2c:6a:de:4e:21:
         1a:b6:7e:1d:82:e2:67:ee:cf:27:be:14:cd:7a:00:b5:49:2b:
         a4:9d:7b:d3:a1:2d:ab:a3:94:bf:56:f9:e5:97:c3:f9:ee:a1:
         06:6b:5b:81:96:3a:b8:20:c3:a8:5a:a9:27:a3:7f:10:46:f6:
         c1:42:3b:b0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUaqjBLdJxZ3+u4v4nnd7rf+fi4oIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1Mjk4YTQyZjJiYWJh
MWZhNzJmOGQyNzkzODg3OGMwHhcNMjUwMzIxMDA1MDA4WhcNMjUwNDI1MjM1OTU5
WjB6MUkwRwYDVQQFE0AxNWJhMGFjZDFhOGU5MDE5OTM5MmMxZjllNmM0NTMxMTky
N2UxZjRkZGJlMzIzODI5NGY4ZWI0ZjFkNTgxMmFjMS0wKwYDVQQDEyQ4Y2Q4NDQy
Zi0yMzVmLTQxNzEtODRlNi04ZTEwMDdhNjRjNjAwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzssrPwuQza4WMVmZ1Z07q9OTuyt+wRS0v92g2cJ1IYma/
viW+X8Sl3VQ0nkrrys1FCbcP9QUok7doBDnNbVmV+ILlZSrgsSM3NptAlj5IeG4q
YsPH5DWMQ0ZoxGeHTJ1CzWQCrkioar1GWsHqrlbioK5k3d3bu2uPCbFXKhnT9Oiz
4EEtr5aNijdMKArcYDTU0rImI+cbcFX1LVVCMp+cm57UqorRHXPWf+CFsT3p0cwN
JAB62aetRZ7Sn4WyyuPRQ9tDqZkAnBKeQHbJIWt8LrdQrl7M9KtD0Ym/65sdu+YT
X/t5KnNS9IUUSZNfLFh4zZThdY7/+vIvhi7o9ivJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUknrmh5qVNx70miRUzLqIem9Q2DgwHwYDVR0jBBgwFoAUasw+faLnbZkR
D9Y5xBN+QkKZcNgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy82NzU1OTcwYy00
NzQ3LTQ5OWQtOTc3NC01ZTEzMDhjNTAxYTcvOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1
Mjk4YTQyZjJiYWJhMWZhNzJmOGQyNzkzODg3OGMuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTcyZDhkYjAtNDcyOC00ZmMxLWJkZDgtNDcx
MTI5ODY2MzYyLzJjYTUyNjRjLTdiZjUtNDI0OC1iNmFkLWRkOWNmNTdhMmJlMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3MmQ4ZGIwLTQ3MjgtNGZjMS1iZGQ4
LTQ3MTEyOTg2NjM2Mi9iZ0UxRXFSU21LUXZLNnVoLW5MNDBuazRoNHcuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAjYPQwDQYJKoZIhvcNAQELBQADggEBAIZR0hlw6PJFVUkE1NQJzadU3u7D
xnSpeE+STr/KjgAYYcYCLwfENErnDEp9bwOlxKZEJWlsBI5J7aW4ESjJdjmxr1uJ
sWtqfjAJBXUsL6/FH7bTtM7GJ5qMNwI9bntO6pJ2gwczVYN6pJuZP8HG2/W4gOLf
i+GUJrziK4LRqjP9bDYhFPu/Q9TBRP/HqxVGIDnmQozZWbgQ38RCQEuoqieoHOB4
ayMfurh7f3uZfgIbcah0jWXb1dnt0/Z8WN3XqRAsat5OIRq2fh2C4mfuzye+FM16
ALVJK6Sde9OhLaujlL9W+eWXw/nuoQZrW4GWOrggw6haqSejfxBG9sFCO7A=
-----END CERTIFICATE-----