Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/2851aa8e-afc0-4fb3-af32-b2a1bbaf1304.roa
File:                     2851aa8e-afc0-4fb3-af32-b2a1bbaf1304.roa (raw, json)
Hash identifier:          wXgXEY2ya3GhpncaqUJHsRnansZS3KbYFHrkOWobcDA=
Subject key identifier:   FB:78:9A:DA:61:7D:28:C1:B1:64:87:3A:79:97:B5:42:C4:56:4D:BA
Certificate issuer:       /CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
Certificate serial:       7DDF5E509C8005ACF834516D64CE33668C040733
Authority key identifier: 6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/2851aa8e-afc0-4fb3-af32-b2a1bbaf1304.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     801
IP address blocks:        35.96.5.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:df:5e:50:9c:80:05:ac:f8:34:51:6d:64:ce:33:66:8c:04:07:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: serialNumber=3addc95a1355e258a61401ae7e3a4cf2af855acab9f71f1bd7e5c917ca5c0807, CN=8cd8442f-235f-4171-84e6-8e1007a64c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:4b:ac:21:ed:a4:a0:90:79:32:1f:0b:bd:36:
                    d6:ad:1b:21:fe:d3:75:e3:ea:67:19:4e:ff:32:eb:
                    f1:da:48:08:fc:f9:98:73:de:85:0a:70:3a:4b:e2:
                    ec:c4:2a:5b:3a:89:18:61:4f:c9:23:0c:ce:d1:b3:
                    38:d7:eb:f1:6c:a3:2c:51:97:b7:95:a2:fd:c8:2c:
                    50:b5:20:68:7f:f2:92:ce:da:ac:0b:05:43:ac:18:
                    10:ab:16:19:67:2d:94:15:41:b6:17:b7:d2:b0:66:
                    31:8c:e2:8d:55:da:79:0b:75:72:7e:d3:65:97:fd:
                    62:42:83:41:9d:9b:9a:83:c7:9d:51:1c:93:49:8d:
                    53:90:66:d4:ce:1d:b6:31:9b:f2:40:ec:17:77:1c:
                    e3:4d:9d:b6:c1:9f:32:2c:85:87:4d:e9:66:9a:94:
                    4f:9c:90:a1:98:6e:5a:8a:cd:68:85:0c:60:c7:27:
                    21:52:20:6d:76:ea:90:03:12:09:52:4a:f8:a9:fb:
                    e6:c6:ed:3f:26:8a:17:90:97:5d:66:89:40:ef:30:
                    98:98:b6:76:7d:95:88:45:82:24:d9:38:2d:34:6f:
                    e0:65:f1:09:e2:5d:79:e1:3f:d3:8a:2d:d5:10:71:
                    d7:95:14:87:6b:90:12:51:92:de:4e:48:47:da:86:
                    8a:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:78:9A:DA:61:7D:28:C1:B1:64:87:3A:79:97:B5:42:C4:56:4D:BA
            X509v3 Authority Key Identifier:
                keyid:6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/2851aa8e-afc0-4fb3-af32-b2a1bbaf1304.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.96.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:b3:a7:5b:36:c3:2a:9e:d8:87:eb:94:7e:76:f2:be:c4:5c:
         0a:88:55:aa:dc:14:85:dc:29:8a:aa:85:4e:0c:c3:0b:3d:56:
         d0:56:1f:35:66:f0:69:78:a0:fa:46:a4:8b:7f:40:cd:bf:35:
         e2:bf:ae:d7:94:54:99:4f:aa:1b:34:56:44:90:5a:c2:47:85:
         07:41:45:04:54:29:8f:03:d7:5f:e1:ed:b8:10:08:d2:0f:af:
         ba:cb:5b:5e:cd:49:10:e1:d1:76:89:91:48:29:35:3e:04:06:
         ba:89:55:ec:e3:3a:82:04:11:fe:46:b2:a0:fe:10:c7:7a:e1:
         65:9a:0e:90:ca:58:56:d7:84:9c:30:15:e8:2b:be:64:3a:c4:
         27:36:51:2f:b4:8a:c3:a7:c0:47:6b:80:fc:55:77:07:93:76:
         03:9f:fa:9c:3b:26:e8:94:2d:08:39:11:5b:c6:a8:19:88:b1:
         99:94:ec:67:18:74:87:b6:92:c2:cf:13:80:0d:2c:1f:8f:01:
         26:74:64:b4:9e:18:9b:75:99:64:c0:d2:df:3e:55:87:55:ad:
         d1:60:34:6c:04:76:c7:f3:de:66:7a:f4:4b:33:9d:aa:17:ad:
         89:8c:0c:0d:f2:af:e2:fb:22:08:4a:57:44:06:8e:a2:8e:fb:
         fc:40:43:db
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfd9eUJyABaz4NFFtZM4zZowEBzMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1Mjk4YTQyZjJiYWJh
MWZhNzJmOGQyNzkzODg3OGMwHhcNMjUwMTE0MDAwMDAwWhcNMjUwMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AzYWRkYzk1YTEzNTVlMjU4YTYxNDAxYWU3ZTNhNGNmMmFm
ODU1YWNhYjlmNzFmMWJkN2U1YzkxN2NhNWMwODA3MS0wKwYDVQQDEyQ4Y2Q4NDQy
Zi0yMzVmLTQxNzEtODRlNi04ZTEwMDdhNjRjNjAwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDOS6wh7aSgkHkyHwu9NtatGyH+03Xj6mcZTv8y6/HaSAj8
+Zhz3oUKcDpL4uzEKls6iRhhT8kjDM7RszjX6/FsoyxRl7eVov3ILFC1IGh/8pLO
2qwLBUOsGBCrFhlnLZQVQbYXt9KwZjGM4o1V2nkLdXJ+02WX/WJCg0Gdm5qDx51R
HJNJjVOQZtTOHbYxm/JA7Bd3HONNnbbBnzIshYdN6WaalE+ckKGYblqKzWiFDGDH
JyFSIG126pADEglSSvip++bG7T8miheQl11miUDvMJiYtnZ9lYhFgiTZOC00b+Bl
8QniXXnhP9OKLdUQcdeVFIdrkBJRkt5OSEfahoorAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU+3ia2mF9KMGxZIc6eZe1QsRWTbowHwYDVR0jBBgwFoAUasw+faLnbZkR
D9Y5xBN+QkKZcNgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy82NzU1OTcwYy00
NzQ3LTQ5OWQtOTc3NC01ZTEzMDhjNTAxYTcvOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1
Mjk4YTQyZjJiYWJhMWZhNzJmOGQyNzkzODg3OGMuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTcyZDhkYjAtNDcyOC00ZmMxLWJkZDgtNDcx
MTI5ODY2MzYyLzI4NTFhYThlLWFmYzAtNGZiMy1hZjMyLWIyYTFiYmFmMTMwNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3MmQ4ZGIwLTQ3MjgtNGZjMS1iZGQ4
LTQ3MTEyOTg2NjM2Mi9iZ0UxRXFSU21LUXZLNnVoLW5MNDBuazRoNHcuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAjYAUwDQYJKoZIhvcNAQELBQADggEBAAyzp1s2wyqe2IfrlH528r7EXAqI
VarcFIXcKYqqhU4Mwws9VtBWHzVm8Gl4oPpGpIt/QM2/NeK/rteUVJlPqhs0VkSQ
WsJHhQdBRQRUKY8D11/h7bgQCNIPr7rLW17NSRDh0XaJkUgpNT4EBrqJVezjOoIE
Ef5GsqD+EMd64WWaDpDKWFbXhJwwFegrvmQ6xCc2US+0isOnwEdrgPxVdweTdgOf
+pw7JuiULQg5EVvGqBmIsZmU7GcYdIe2ksLPE4ANLB+PASZ0ZLSeGJt1mWTA0t8+
VYdVrdFgNGwEdsfz3mZ69EsznaoXrYmMDA3yr+L7IghKV0QGjqKO+/xAQ9s=
-----END CERTIFICATE-----