Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/549780f9-870a-404a-8f64-73dec0314022.roa
File:                     549780f9-870a-404a-8f64-73dec0314022.roa (raw, json)
Hash identifier:          8wigNLENBMQ5w++sZBzm9XQqggObM6+DcH5nAsAr2Wc=
Subject key identifier:   A8:0A:85:04:A6:69:AB:24:D9:DC:D2:E5:33:14:CB:0F:5B:EA:3C:2E
Certificate issuer:       /CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
Certificate serial:       5B3C0B5785E029E0B722FD844A2A6D02EB665725
Authority key identifier: 6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/549780f9-870a-404a-8f64-73dec0314022.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.96.56.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:3c:0b:57:85:e0:29:e0:b7:22:fd:84:4a:2a:6d:02:eb:66:57:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=ee6d6952b6519376689d2579a3992b7983597f820537236bc583f96fb1588f50, CN=8cd8442f-235f-4171-84e6-8e1007a64c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:0e:94:30:a6:ba:9a:e2:b8:44:e3:54:95:37:
                    bf:b7:f6:e3:e3:01:ed:81:1b:11:34:c6:82:4e:bb:
                    b4:c7:4d:58:44:9d:41:4b:80:06:de:1c:78:ad:dd:
                    77:1b:63:3d:33:0d:40:60:fa:10:90:59:c5:3b:31:
                    a8:8c:cb:82:94:9f:92:1b:d9:07:56:70:36:d9:c0:
                    0f:e7:6b:c1:30:f6:29:cc:1f:d4:25:3d:8f:9b:60:
                    58:5d:f7:3d:5b:9e:04:17:c6:a4:cb:ed:30:39:08:
                    05:a7:4f:5c:1b:9f:0b:5a:78:fd:e9:5e:c8:52:00:
                    b6:5e:32:04:4d:70:98:d4:75:5b:97:5f:88:47:0b:
                    95:69:31:cc:b4:93:2a:86:91:48:e2:90:48:c8:56:
                    45:b4:6c:a4:c6:bb:4c:f2:64:91:ed:c7:f2:92:ed:
                    3d:d9:83:68:9f:2f:84:6f:b3:e0:e1:77:30:a5:56:
                    d4:41:8b:2e:ca:c8:e4:23:cb:37:9a:20:f5:04:3e:
                    74:01:ab:8f:dd:4e:e6:85:8f:f2:c8:71:37:8d:b4:
                    eb:f0:f4:0e:e8:5d:cb:38:61:d0:8f:a9:f7:7f:92:
                    df:c6:ef:9c:ce:e6:87:3d:98:2c:0f:2b:99:1f:46:
                    e9:2c:1a:67:cc:88:25:c6:f5:84:f5:20:16:0d:e7:
                    e3:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:0A:85:04:A6:69:AB:24:D9:DC:D2:E5:33:14:CB:0F:5B:EA:3C:2E
            X509v3 Authority Key Identifier:
                keyid:6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/549780f9-870a-404a-8f64-73dec0314022.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.96.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         41:1f:5e:6a:18:91:34:f9:99:3d:d5:fe:9e:b6:6c:a7:82:24:
         23:ad:55:73:df:43:ba:aa:9e:61:68:d4:00:e3:cb:cb:47:50:
         47:65:49:6f:13:c1:17:16:a1:3c:c7:1c:07:22:7f:67:9c:4f:
         dd:ca:99:28:4d:b1:ce:55:84:f1:f4:5b:0d:79:10:7c:db:81:
         d9:d1:2e:d3:52:99:66:a2:31:45:11:9d:96:f0:53:f4:8e:47:
         b9:00:34:44:c8:3f:1b:c6:df:0c:a7:60:89:a0:8b:52:ff:cd:
         62:b1:f9:71:e5:4d:63:72:60:a4:80:88:f0:93:31:6a:f5:3e:
         ab:a7:c2:ce:cf:63:ff:21:b4:7a:0c:52:32:4d:41:8f:f2:6f:
         24:f0:e4:77:13:f9:44:67:2b:17:9e:5d:01:76:1b:7d:0f:33:
         72:d0:f8:32:ee:76:1e:07:89:ef:af:c8:07:7a:e4:24:f8:44:
         cc:88:23:86:ce:ce:ee:c5:25:4e:bc:af:f9:48:08:e1:1c:37:
         b2:e5:ee:55:16:cc:be:6d:e6:3a:1c:b1:38:d5:1c:1a:3d:53:
         cc:f0:50:a7:a0:90:ef:b6:c4:bb:68:f7:c1:ee:68:bf:cc:2c:
         16:11:28:82:ae:81:40:f4:7b:0b:01:63:87:64:c4:67:76:fa:
         db:ed:d8:b7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWzwLV4XgKeC3Iv2ESiptAutmVyUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1Mjk4YTQyZjJiYWJh
MWZhNzJmOGQyNzkzODg3OGMwHhcNMjUwMTA3MDAwMDAwWhcNMjUwMjExMjM1OTU5
WjB6MUkwRwYDVQQFE0BlZTZkNjk1MmI2NTE5Mzc2Njg5ZDI1NzlhMzk5MmI3OTgz
NTk3ZjgyMDUzNzIzNmJjNTgzZjk2ZmIxNTg4ZjUwMS0wKwYDVQQDEyQ4Y2Q4NDQy
Zi0yMzVmLTQxNzEtODRlNi04ZTEwMDdhNjRjNjAwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCWDpQwprqa4rhE41SVN7+39uPjAe2BGxE0xoJOu7THTVhE
nUFLgAbeHHit3XcbYz0zDUBg+hCQWcU7MaiMy4KUn5Ib2QdWcDbZwA/na8Ew9inM
H9QlPY+bYFhd9z1bngQXxqTL7TA5CAWnT1wbnwtaeP3pXshSALZeMgRNcJjUdVuX
X4hHC5VpMcy0kyqGkUjikEjIVkW0bKTGu0zyZJHtx/KS7T3Zg2ifL4Rvs+DhdzCl
VtRBiy7KyOQjyzeaIPUEPnQBq4/dTuaFj/LIcTeNtOvw9A7oXcs4YdCPqfd/kt/G
75zO5oc9mCwPK5kfRuksGmfMiCXG9YT1IBYN5+N3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUqAqFBKZpqyTZ3NLlMxTLD1vqPC4wHwYDVR0jBBgwFoAUasw+faLnbZkR
D9Y5xBN+QkKZcNgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy82NzU1OTcwYy00
NzQ3LTQ5OWQtOTc3NC01ZTEzMDhjNTAxYTcvOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1
Mjk4YTQyZjJiYWJhMWZhNzJmOGQyNzkzODg3OGMuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTcyZDhkYjAtNDcyOC00ZmMxLWJkZDgtNDcx
MTI5ODY2MzYyLzU0OTc4MGY5LTg3MGEtNDA0YS04ZjY0LTczZGVjMDMxNDAyMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3MmQ4ZGIwLTQ3MjgtNGZjMS1iZGQ4
LTQ3MTEyOTg2NjM2Mi9iZ0UxRXFSU21LUXZLNnVoLW5MNDBuazRoNHcuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIjYDgwDQYJKoZIhvcNAQELBQADggEBAEEfXmoYkTT5mT3V/p62bKeCJCOt
VXPfQ7qqnmFo1ADjy8tHUEdlSW8TwRcWoTzHHAcif2ecT93KmShNsc5VhPH0Ww15
EHzbgdnRLtNSmWaiMUURnZbwU/SOR7kANETIPxvG3wynYImgi1L/zWKx+XHlTWNy
YKSAiPCTMWr1Pqunws7PY/8htHoMUjJNQY/ybyTw5HcT+URnKxeeXQF2G30PM3LQ
+DLudh4Hie+vyAd65CT4RMyII4bOzu7FJU68r/lICOEcN7Ll7lUWzL5t5jocsTjV
HBo9U8zwUKegkO+2xLto98HuaL/MLBYRKIKugUD0ewsBY4dkxGd2+tvt2Lc=
-----END CERTIFICATE-----