Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/4f4eb4db-a0e0-4435-906c-dd0adf5c7803.roa
File:                     4f4eb4db-a0e0-4435-906c-dd0adf5c7803.roa (raw, json)
Hash identifier:          eVcODO6Nk4lhsOaSCWq0ZHWcLQbTE7gEygGj5Eu+v/c=
Subject key identifier:   9F:FD:DC:DD:CF:FD:21:DD:49:8F:56:A3:41:5C:54:4C:87:C7:DE:51
Certificate issuer:       /CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
Certificate serial:       1027715F4B241B0D7BD19EB0C4DAFF376CD0447A
Authority key identifier: 6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/4f4eb4db-a0e0-4435-906c-dd0adf5c7803.roa
Signing time:             Tue 28 Jan 2025 00:00:00 +0000
ROA not before:           Tue 28 Jan 2025 00:00:00 +0000
ROA not after:            Tue 04 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.96.0.0/12 maxlen: 12
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:27:71:5f:4b:24:1b:0d:7b:d1:9e:b0:c4:da:ff:37:6c:d0:44:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
        Validity
            Not Before: Jan 28 00:00:00 2025 GMT
            Not After : Mar  4 23:59:59 2025 GMT
        Subject: serialNumber=77f418e43d0d1363d45d1eeb967ba1f43e9aa617636c23c43358603b43b819aa, CN=8cd8442f-235f-4171-84e6-8e1007a64c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:47:f2:49:e7:b6:c5:a2:2b:79:e8:dd:1b:68:
                    cb:38:d8:27:1f:fd:44:b5:47:fd:ef:59:6c:9c:85:
                    81:c7:77:cb:41:86:88:9d:dc:f8:85:5c:95:85:a0:
                    d7:c5:18:c7:58:5c:6e:f1:4b:4b:1c:d4:f0:c0:40:
                    19:0a:24:9f:95:85:73:b4:49:e9:7b:25:f7:e8:1e:
                    a1:66:17:da:0a:cb:2d:ae:07:4b:07:73:8e:75:a6:
                    17:08:bd:70:fe:10:11:0c:4a:38:68:4a:1b:62:92:
                    7d:ab:3c:a4:ba:3d:6c:ec:34:1b:cb:8c:2d:62:6d:
                    6a:24:a8:29:a8:26:56:fa:0d:34:f7:66:89:e4:8d:
                    a3:e5:c7:e2:11:19:7c:74:a2:78:05:cf:7a:f7:5e:
                    f6:f3:65:98:2e:19:b3:d2:f2:57:55:33:ef:6e:c0:
                    b3:e8:24:00:94:0f:76:1b:ae:23:7f:8e:e1:6e:cb:
                    80:57:cc:08:8b:d8:65:65:3b:c8:aa:f7:3f:66:f4:
                    df:80:9c:35:dd:8a:61:9a:44:55:ae:f7:f2:6c:82:
                    5b:22:78:b3:89:ea:40:ee:ca:d5:33:a3:f7:97:b3:
                    f2:92:64:22:a1:88:7b:dc:60:81:87:b2:5e:7f:ae:
                    70:15:58:9d:d1:ce:e0:21:78:f4:19:d0:3d:04:ad:
                    26:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:FD:DC:DD:CF:FD:21:DD:49:8F:56:A3:41:5C:54:4C:87:C7:DE:51
            X509v3 Authority Key Identifier:
                keyid:6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/4f4eb4db-a0e0-4435-906c-dd0adf5c7803.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.96.0.0/12

    Signature Algorithm: sha256WithRSAEncryption
         20:13:65:60:7c:89:42:e8:44:a8:93:00:cf:6e:a9:ee:4f:3d:
         94:8a:0b:ab:61:19:b9:09:b6:4d:2e:a1:bf:0a:76:04:73:bc:
         06:64:f9:81:66:fc:f1:9e:c5:50:c2:4b:76:c5:9d:fd:6b:91:
         82:5c:51:66:ee:42:74:08:1f:f5:41:e1:11:0f:de:38:bd:eb:
         dc:15:15:b9:07:33:d6:9d:be:4a:c1:f4:8e:55:65:4b:0c:40:
         c7:08:16:66:d5:29:0b:95:69:f6:19:f6:50:f3:25:50:cd:03:
         7e:59:f9:22:33:c4:45:94:a6:27:78:48:81:05:48:d1:d8:a0:
         1c:ea:29:ef:60:4d:31:66:1c:8b:57:7c:75:ca:22:fa:5b:b2:
         fc:2c:93:46:4a:92:c8:f0:24:eb:bf:fc:62:b9:1f:1a:5b:e6:
         3a:6e:13:77:82:19:82:67:a5:d3:29:2d:e2:cf:0e:bd:ad:66:
         26:ea:98:d1:c7:a5:eb:54:58:11:c4:01:58:27:65:4f:8d:94:
         ba:bd:21:56:df:98:53:84:96:30:8e:1d:b1:35:07:c8:9d:6c:
         b3:93:a9:ef:28:56:3b:9d:a1:d1:95:e3:e4:44:89:b4:1e:8a:
         72:fd:d7:01:b7:43:ba:64:c9:da:ff:55:38:41:1d:f4:b9:56:
         dc:c7:5f:92
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUECdxX0skGw170Z6wxNr/N2zQRHowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1Mjk4YTQyZjJiYWJh
MWZhNzJmOGQyNzkzODg3OGMwHhcNMjUwMTI4MDAwMDAwWhcNMjUwMzA0MjM1OTU5
WjB6MUkwRwYDVQQFE0A3N2Y0MThlNDNkMGQxMzYzZDQ1ZDFlZWI5NjdiYTFmNDNl
OWFhNjE3NjM2YzIzYzQzMzU4NjAzYjQzYjgxOWFhMS0wKwYDVQQDEyQ4Y2Q4NDQy
Zi0yMzVmLTQxNzEtODRlNi04ZTEwMDdhNjRjNjAwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0R/JJ57bFoit56N0baMs42Ccf/US1R/3vWWychYHHd8tB
hoid3PiFXJWFoNfFGMdYXG7xS0sc1PDAQBkKJJ+VhXO0Sel7JffoHqFmF9oKyy2u
B0sHc451phcIvXD+EBEMSjhoShtikn2rPKS6PWzsNBvLjC1ibWokqCmoJlb6DTT3
ZonkjaPlx+IRGXx0ongFz3r3XvbzZZguGbPS8ldVM+9uwLPoJACUD3YbriN/juFu
y4BXzAiL2GVlO8iq9z9m9N+AnDXdimGaRFWu9/JsglsieLOJ6kDuytUzo/eXs/KS
ZCKhiHvcYIGHsl5/rnAVWJ3RzuAhePQZ0D0ErSbjAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUn/3c3c/9Id1Jj1ajQVxUTIfH3lEwHwYDVR0jBBgwFoAUasw+faLnbZkR
D9Y5xBN+QkKZcNgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy82NzU1OTcwYy00
NzQ3LTQ5OWQtOTc3NC01ZTEzMDhjNTAxYTcvOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1
Mjk4YTQyZjJiYWJhMWZhNzJmOGQyNzkzODg3OGMuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTcyZDhkYjAtNDcyOC00ZmMxLWJkZDgtNDcx
MTI5ODY2MzYyLzRmNGViNGRiLWEwZTAtNDQzNS05MDZjLWRkMGFkZjVjNzgwMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3MmQ4ZGIwLTQ3MjgtNGZjMS1iZGQ4
LTQ3MTEyOTg2NjM2Mi9iZ0UxRXFSU21LUXZLNnVoLW5MNDBuazRoNHcuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwQjYDANBgkqhkiG9w0BAQsFAAOCAQEAIBNlYHyJQuhEqJMAz26p7k89lIoL
q2EZuQm2TS6hvwp2BHO8BmT5gWb88Z7FUMJLdsWd/WuRglxRZu5CdAgf9UHhEQ/e
OL3r3BUVuQcz1p2+SsH0jlVlSwxAxwgWZtUpC5Vp9hn2UPMlUM0Dfln5IjPERZSm
J3hIgQVI0digHOop72BNMWYci1d8dcoi+luy/CyTRkqSyPAk67/8YrkfGlvmOm4T
d4IZgmel0ykt4s8Ova1mJuqY0cel61RYEcQBWCdlT42Uur0hVt+YU4SWMI4dsTUH
yJ1ss5Op7yhWO52h0ZXj5ESJtB6Kcv3XAbdDumTJ2v9VOEEd9LlW3Mdfkg==
-----END CERTIFICATE-----