Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/dd83e85f-ddac-4f18-b604-7d85cea70e88.roa
File:                     dd83e85f-ddac-4f18-b604-7d85cea70e88.roa (raw, json)
Hash identifier:          Pohik8TkRWKGkcB1n2epBfzmu83mFNX0i7D+cWrnWOo=
Subject key identifier:   E4:77:C3:59:6A:45:08:ED:74:35:72:F4:D5:60:4C:E9:61:F6:FA:3B
Certificate issuer:       /CN=1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107
Certificate serial:       35E8AE73DA135607C8E7A334FEEBA4AB8E96877D
Authority key identifier: 15:F4:EF:04:F5:AF:23:96:C9:5F:16:42:E3:79:07:8B:48:8C:16:0B
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/aaa76394-48fc-4ff3-b6aa-0693c55d758f/1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/dd83e85f-ddac-4f18-b604-7d85cea70e88.roa
Signing time:             Mon 22 Apr 2024 00:00:00 +0000
ROA not before:           Mon 22 Apr 2024 00:00:00 +0000
ROA not after:            Mon 27 May 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        96.43.80.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:e8:ae:73:da:13:56:07:c8:e7:a3:34:fe:eb:a4:ab:8e:96:87:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107
        Validity
            Not Before: Apr 22 00:00:00 2024 GMT
            Not After : May 27 23:59:59 2024 GMT
        Subject: CN=35095e3e-84cb-4ad0-bda1-6c6f8da69f61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:4f:2a:de:f3:be:ab:23:21:76:96:68:1f:29:
                    cd:dd:65:ba:9b:b0:e7:fd:1e:64:94:a2:17:e5:32:
                    28:ad:79:b5:d3:26:c1:8b:fa:7d:4b:39:53:10:7c:
                    67:81:18:44:9b:a1:94:19:d7:1b:d0:11:85:4f:ba:
                    c4:c1:eb:c8:98:3b:2a:86:f5:37:e1:37:75:cc:6d:
                    37:13:fd:0c:a1:59:4a:42:00:60:1e:a9:2d:a9:b1:
                    5f:62:42:a4:b5:4a:be:47:a7:cc:06:53:78:00:d6:
                    9c:bf:0e:77:36:b3:36:c5:24:57:61:bf:8b:4a:a0:
                    07:28:0b:87:e0:68:90:72:d6:8a:33:7a:c7:4b:b2:
                    03:3f:a7:c3:f9:1e:a9:d4:ba:e6:a1:54:f1:05:54:
                    f2:6f:ab:fa:22:ed:6b:63:d9:4e:5f:74:eb:51:06:
                    10:93:12:1e:6d:66:31:62:65:d5:fc:84:d1:de:2d:
                    ed:f2:6e:14:c1:2b:96:98:56:10:09:8c:68:87:ec:
                    d9:a9:b8:f4:7c:b5:a0:b5:63:15:d6:fb:18:67:10:
                    e5:de:9c:ec:25:d1:2b:df:17:d7:33:9e:4f:4f:3b:
                    35:6c:b8:42:87:ca:66:cc:0b:df:8c:80:26:68:6f:
                    d2:c1:72:27:71:63:83:57:91:3f:a7:34:38:c0:e7:
                    db:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:77:C3:59:6A:45:08:ED:74:35:72:F4:D5:60:4C:E9:61:F6:FA:3B
            X509v3 Authority Key Identifier:
                keyid:15:F4:EF:04:F5:AF:23:96:C9:5F:16:42:E3:79:07:8B:48:8C:16:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/aaa76394-48fc-4ff3-b6aa-0693c55d758f/1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/dd83e85f-ddac-4f18-b604-7d85cea70e88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/z2afnCt1NpzA_dOMFjxYsdQtAQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.43.80.0/20

    Signature Algorithm: sha256WithRSAEncryption
         24:f3:a9:16:b1:67:c0:bf:72:60:63:ba:a1:f6:95:86:cc:cb:
         9c:88:f9:37:11:43:c7:55:49:ba:ba:d7:f7:98:7a:69:0d:43:
         c7:dc:b1:ba:9f:a0:45:0f:d0:7a:e2:a5:f6:89:7c:20:b5:03:
         3d:44:3d:8f:b2:c6:a4:2c:6d:9a:51:3e:6c:e1:45:4a:04:ed:
         dd:6b:9c:54:b0:0b:d4:c2:be:06:fa:97:f2:e6:c7:c5:8f:89:
         81:b1:72:f6:40:0d:d6:0b:54:b3:fc:ab:87:a2:fd:09:c8:ba:
         37:cb:e9:e9:2a:a4:d9:ee:25:4e:4d:e2:9e:4b:d1:13:95:ea:
         ba:e4:f3:cc:2e:5c:a7:ac:1b:62:67:24:34:aa:5a:b5:af:a9:
         f6:73:ca:4f:f5:78:60:59:91:40:f5:61:1f:cd:59:9c:8a:45:
         01:4d:cd:3f:92:93:7c:82:93:cf:f0:62:5d:50:26:87:57:f2:
         74:7b:07:54:dc:c6:0f:a3:1a:5d:42:46:10:b8:09:b9:f1:10:
         67:cc:b1:20:30:7a:0d:d4:20:4e:34:18:3b:70:59:95:30:dd:
         da:aa:0a:6f:53:b2:e9:0f:fd:7e:23:a8:4d:a8:b6:f4:8a:80:
         42:a2:0f:77:1e:3e:49:92:e8:2f:bd:a1:d9:82:b8:ba:88:10:
         b7:ec:ad:f3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNeiuc9oTVgfI56M0/uukq46Wh30wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMWIxZmU2NzMyMWNmNjY5ZjljMmI3NTM2OWNjMGZkZDM4
YzE2M2M1OGIxZDQyZDAxMDcwHhcNMjQwNDIyMDAwMDAwWhcNMjQwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BhN2RmNDU0MDJiOTYyNjQ4NmYwMTczODRhYmRlNTMxMDAx
Y2NhYjQwMjMxODNmMTZmOTY1Y2RiNWZhMmQwNjkxMS0wKwYDVQQDEyQzNTA5NWUz
ZS04NGNiLTRhZDAtYmRhMS02YzZmOGRhNjlmNjEwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDLTyre876rIyF2lmgfKc3dZbqbsOf9HmSUohflMiitebXT
JsGL+n1LOVMQfGeBGESboZQZ1xvQEYVPusTB68iYOyqG9TfhN3XMbTcT/QyhWUpC
AGAeqS2psV9iQqS1Sr5Hp8wGU3gA1py/Dnc2szbFJFdhv4tKoAcoC4fgaJBy1ooz
esdLsgM/p8P5HqnUuuahVPEFVPJvq/oi7Wtj2U5fdOtRBhCTEh5tZjFiZdX8hNHe
Le3ybhTBK5aYVhAJjGiH7NmpuPR8taC1YxXW+xhnEOXenOwl0SvfF9cznk9POzVs
uEKHymbMC9+MgCZob9LBcidxY4NXkT+nNDjA59sDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU5HfDWWpFCO10NXL01WBM6WH2+jswHwYDVR0jBBgwFoAUFfTvBPWvI5bJ
XxZC43kHi0iMFgswDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzViN2ZiMTIyLWRmZGYtNGMwYy1iOTBkLTNiYzdhNWZlYjgyYi9hYWE3NjM5NC00
OGZjLTRmZjMtYjZhYS0wNjkzYzU1ZDc1OGYvMWIxZmU2NzMyMWNmNjY5ZjljMmI3
NTM2OWNjMGZkZDM4YzE2M2M1OGIxZDQyZDAxMDcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZmY5ZmE4NGUtOTc4My00YTBiLWE1OGQtNmRj
OGUyNDMzZDMzL2RkODNlODVmLWRkYWMtNGYxOC1iNjA0LTdkODVjZWE3MGU4OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2ZmOWZhODRlLTk3ODMtNGEwYi1hNThk
LTZkYzhlMjQzM2QzMy96MmFmbkN0MU5wekFfZE9NRmp4WXNkUXRBUWMuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBARgK1AwDQYJKoZIhvcNAQELBQADggEBACTzqRaxZ8C/cmBjuqH2lYbMy5yI
+TcRQ8dVSbq61/eYemkNQ8fcsbqfoEUP0HripfaJfCC1Az1EPY+yxqQsbZpRPmzh
RUoE7d1rnFSwC9TCvgb6l/Lmx8WPiYGxcvZADdYLVLP8q4ei/QnIujfL6ekqpNnu
JU5N4p5L0ROV6rrk88wuXKesG2JnJDSqWrWvqfZzyk/1eGBZkUD1YR/NWZyKRQFN
zT+Sk3yCk8/wYl1QJodX8nR7B1Tcxg+jGl1CRhC4CbnxEGfMsSAweg3UIE40GDtw
WZUw3dqqCm9TsukP/X4jqE2otvSKgEKiD3cePkmS6C+9odmCuLqIELfsrfM=
-----END CERTIFICATE-----