Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/0e814f2c-6100-4037-9dcc-cdaf3e20d853.roa
File:                     0e814f2c-6100-4037-9dcc-cdaf3e20d853.roa (raw, json)
Hash identifier:          Oq0fPIDwe0FlHH9Vv7fe/eC62F+CGnOTIbjXh/g5kLQ=
Subject key identifier:   82:54:20:53:C2:27:C1:04:B6:9C:C3:0A:4B:D9:EB:C9:C0:78:C4:17
Certificate issuer:       /CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
Certificate serial:       7017F5058051AB1A587A229AD8565F5A25D4F16F
Authority key identifier: 6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/0e814f2c-6100-4037-9dcc-cdaf3e20d853.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     801
IP address blocks:        35.96.2.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:17:f5:05:80:51:ab:1a:58:7a:22:9a:d8:56:5f:5a:25:d4:f1:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=257413fb43a8528835909747e76e7890d595a081d365a26fe25e4e66c4e2c175, CN=8cd8442f-235f-4171-84e6-8e1007a64c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:cb:cf:c6:db:fb:66:71:93:9a:dc:4e:cb:48:
                    f4:f3:7d:d5:37:93:48:15:53:3d:42:e0:40:f5:c5:
                    92:e7:de:72:30:d7:a7:4e:d8:16:d0:9e:5e:8e:f5:
                    8f:bb:f1:73:4a:71:ad:d7:82:7b:23:6a:f9:8f:26:
                    7b:43:d9:bf:4f:a5:e8:92:b7:1c:a9:be:e1:2b:39:
                    6a:ba:96:db:f6:bd:74:e6:cd:2c:58:0a:b5:d0:37:
                    7f:eb:82:14:a4:fa:90:20:02:25:c5:7e:31:fc:f1:
                    fc:58:ab:2d:3f:0b:18:78:46:2c:ad:cf:3e:74:a9:
                    bf:86:58:37:17:24:2e:c6:da:19:a4:97:91:c9:16:
                    8c:82:0d:42:4b:05:07:a5:fb:93:1e:8a:47:dc:0a:
                    fe:8e:bf:97:f8:49:78:9f:e7:23:49:0b:9d:00:f0:
                    92:c7:61:b7:0b:bf:c3:6b:8f:f0:94:8f:c5:1f:22:
                    f9:ba:e4:69:a3:ff:4f:a4:7f:16:7a:09:a6:67:97:
                    05:91:ab:8d:6e:aa:74:10:49:09:a4:d8:5f:45:9a:
                    a1:a8:91:01:fe:45:1e:6c:7a:bb:24:ad:fb:be:00:
                    a5:f8:ef:9a:0e:7e:9d:6e:c9:9f:db:53:a6:05:3c:
                    a5:02:d9:9c:9f:4e:2a:4e:92:53:48:57:e0:45:5d:
                    22:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:54:20:53:C2:27:C1:04:B6:9C:C3:0A:4B:D9:EB:C9:C0:78:C4:17
            X509v3 Authority Key Identifier:
                keyid:6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/0e814f2c-6100-4037-9dcc-cdaf3e20d853.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.96.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:a2:da:46:3e:b6:a1:fd:40:fc:f9:6a:56:fd:6c:52:6a:b7:
         ef:c7:b9:59:c2:80:8a:49:7c:ee:53:22:9a:02:66:c7:f4:a8:
         77:03:56:8a:41:91:e1:32:6d:6e:06:7f:fe:20:90:ff:0b:64:
         28:62:9e:8e:46:ed:b5:29:0f:48:dd:07:99:8c:37:85:d5:5e:
         9a:60:77:62:dd:fc:28:fa:ea:76:cc:74:17:49:af:a2:9a:d2:
         8b:79:84:d2:03:3d:f6:95:ac:1c:f7:cf:6c:42:13:2b:a7:ff:
         58:da:aa:b9:c7:8c:4d:66:e9:8a:3b:51:fc:f9:c5:89:b4:fc:
         b3:1f:b6:f4:90:ce:d6:88:3d:53:3f:b0:3f:3d:fc:1e:25:db:
         a5:92:e5:a6:48:8b:5c:de:96:af:29:7c:16:29:d5:ec:d1:a8:
         97:79:16:03:2d:a5:91:fd:1d:28:b0:a8:6d:c0:92:60:29:bb:
         6e:2c:9a:4f:93:8c:3d:5e:28:d8:92:a2:fb:27:fe:05:df:ea:
         dc:fb:30:36:17:c9:a8:3d:80:fe:3d:f2:d9:81:46:49:c7:97:
         ed:b3:7b:47:95:33:ce:14:ee:80:a1:72:ea:f1:4b:9c:a2:9a:
         83:e3:af:94:93:33:38:0c:4b:10:30:1d:b2:7b:e2:f0:b6:12:
         df:3b:98:3b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcBf1BYBRqxpYeiKa2FZfWiXU8W8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1Mjk4YTQyZjJiYWJh
MWZhNzJmOGQyNzkzODg3OGMwHhcNMjUwMTA3MDAwMDAwWhcNMjUwMjExMjM1OTU5
WjB6MUkwRwYDVQQFE0AyNTc0MTNmYjQzYTg1Mjg4MzU5MDk3NDdlNzZlNzg5MGQ1
OTVhMDgxZDM2NWEyNmZlMjVlNGU2NmM0ZTJjMTc1MS0wKwYDVQQDEyQ4Y2Q4NDQy
Zi0yMzVmLTQxNzEtODRlNi04ZTEwMDdhNjRjNjAwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDjy8/G2/tmcZOa3E7LSPTzfdU3k0gVUz1C4ED1xZLn3nIw
16dO2BbQnl6O9Y+78XNKca3XgnsjavmPJntD2b9PpeiStxypvuErOWq6ltv2vXTm
zSxYCrXQN3/rghSk+pAgAiXFfjH88fxYqy0/Cxh4Riytzz50qb+GWDcXJC7G2hmk
l5HJFoyCDUJLBQel+5MeikfcCv6Ov5f4SXif5yNJC50A8JLHYbcLv8Nrj/CUj8Uf
Ivm65Gmj/0+kfxZ6CaZnlwWRq41uqnQQSQmk2F9FmqGokQH+RR5serskrfu+AKX4
75oOfp1uyZ/bU6YFPKUC2ZyfTipOklNIV+BFXSLNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUglQgU8InwQS2nMMKS9nrycB4xBcwHwYDVR0jBBgwFoAUasw+faLnbZkR
D9Y5xBN+QkKZcNgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy82NzU1OTcwYy00
NzQ3LTQ5OWQtOTc3NC01ZTEzMDhjNTAxYTcvOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1
Mjk4YTQyZjJiYWJhMWZhNzJmOGQyNzkzODg3OGMuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTcyZDhkYjAtNDcyOC00ZmMxLWJkZDgtNDcx
MTI5ODY2MzYyLzBlODE0ZjJjLTYxMDAtNDAzNy05ZGNjLWNkYWYzZTIwZDg1My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3MmQ4ZGIwLTQ3MjgtNGZjMS1iZGQ4
LTQ3MTEyOTg2NjM2Mi9iZ0UxRXFSU21LUXZLNnVoLW5MNDBuazRoNHcuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAjYAIwDQYJKoZIhvcNAQELBQADggEBAEei2kY+tqH9QPz5alb9bFJqt+/H
uVnCgIpJfO5TIpoCZsf0qHcDVopBkeEybW4Gf/4gkP8LZChino5G7bUpD0jdB5mM
N4XVXppgd2Ld/Cj66nbMdBdJr6Ka0ot5hNIDPfaVrBz3z2xCEyun/1jaqrnHjE1m
6Yo7Ufz5xYm0/LMftvSQztaIPVM/sD89/B4l26WS5aZIi1zelq8pfBYp1ezRqJd5
FgMtpZH9HSiwqG3AkmApu24smk+TjD1eKNiSovsn/gXf6tz7MDYXyag9gP498tmB
RknHl+2ze0eVM84U7oChcurxS5yimoPjr5STMzgMSxAwHbJ74vC2Et87mDs=
-----END CERTIFICATE-----