Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/8935c170-fe57-4cab-a427-cf449e778ef2.roa
File:                     8935c170-fe57-4cab-a427-cf449e778ef2.roa (raw, json)
Hash identifier:          sfAd659rDe8Bh43OyX0PVksyLUSaSCNIh3+XVXhJNwY=
Subject key identifier:   BB:03:A6:B7:63:2B:08:0B:2F:7A:33:A6:EE:D7:3E:6D:E8:1B:DE:0D
Certificate issuer:       /CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
Certificate serial:       17855FD5E5F47C37C6CCAB0224A8730E4CAAF365
Authority key identifier: 6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/8935c170-fe57-4cab-a427-cf449e778ef2.roa
Signing time:             Thu 30 Jan 2025 00:00:00 +0000
ROA not before:           Thu 30 Jan 2025 00:00:00 +0000
ROA not after:            Thu 06 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.96.241.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:85:5f:d5:e5:f4:7c:37:c6:cc:ab:02:24:a8:73:0e:4c:aa:f3:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
        Validity
            Not Before: Jan 30 00:00:00 2025 GMT
            Not After : Mar  6 23:59:59 2025 GMT
        Subject: serialNumber=177608f146031f76983c54f0c5ff979e351c28e0d126727487b02b3e685134ea, CN=8cd8442f-235f-4171-84e6-8e1007a64c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:f7:b6:4c:46:62:cd:f4:2a:fd:77:cd:e2:97:
                    ef:7e:e3:9f:22:33:f4:2f:52:d3:95:1e:c4:11:9c:
                    9b:e2:84:21:76:eb:3e:20:fb:62:12:1f:92:7d:64:
                    03:a8:14:f6:96:04:b3:8c:58:a3:3d:e9:16:c1:67:
                    7d:69:00:3b:95:56:c2:2c:f0:ad:14:6a:1b:24:48:
                    ac:7e:1b:b7:f2:a7:cf:5c:a8:22:73:03:17:d8:82:
                    6a:3a:c5:4c:d9:12:93:47:5e:27:25:11:af:48:b3:
                    74:44:18:df:5c:96:26:f0:5c:88:2d:91:82:67:7b:
                    19:d8:18:15:e6:16:79:ea:c3:04:a2:20:c7:2f:3a:
                    31:ef:1d:78:dd:68:d5:f9:11:2c:8a:37:77:4c:31:
                    a8:d9:33:0b:c5:31:3c:5a:ba:5a:27:19:8c:cb:66:
                    dd:79:77:95:0a:de:9f:15:ba:27:5b:16:0a:e8:93:
                    8b:c8:1a:9e:df:33:26:44:3d:33:f4:2d:17:00:53:
                    1b:a2:e2:13:99:f7:9b:d7:08:f5:2b:11:10:ba:f3:
                    10:72:58:23:0e:41:4c:65:ff:ec:80:42:f9:99:10:
                    5e:5b:18:1a:6d:bd:bf:78:8f:bc:7a:0f:0a:2d:e2:
                    de:e8:0f:4a:23:60:11:39:86:aa:67:47:04:6e:02:
                    8f:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:03:A6:B7:63:2B:08:0B:2F:7A:33:A6:EE:D7:3E:6D:E8:1B:DE:0D
            X509v3 Authority Key Identifier:
                keyid:6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/8935c170-fe57-4cab-a427-cf449e778ef2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.96.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:8d:f5:b3:a7:0f:36:0d:f9:d1:4e:23:82:90:76:a2:49:03:
         ff:c7:ef:c9:57:a0:eb:83:3a:ef:da:4d:be:eb:a8:c7:43:ab:
         4c:a3:f3:ed:21:b7:fa:ec:31:32:9b:90:cd:5e:42:38:7c:8d:
         88:9e:e2:b4:b6:71:9a:05:61:c7:c2:eb:40:90:53:f4:71:31:
         ea:0f:b6:09:5e:e4:ad:0c:cd:26:3c:78:93:a8:c7:84:bd:a0:
         3e:b6:38:64:ec:32:70:ac:ed:03:d3:ef:06:7c:4a:d9:19:0c:
         8c:a3:4a:4f:4e:26:25:e8:75:77:ec:1d:6f:22:14:a4:04:6f:
         ad:7c:5d:0c:4a:2b:44:60:a7:00:fe:34:b5:47:42:72:f1:11:
         fc:d6:e7:2e:11:06:1b:f9:e3:2e:05:1f:23:de:25:88:ab:3f:
         df:f2:c1:c4:c4:ee:9c:ed:de:db:b7:79:11:77:5e:c6:8d:41:
         f3:80:42:43:8e:67:28:a7:33:b0:63:19:15:0d:e6:2d:ee:23:
         42:b8:1f:87:6e:9d:be:94:7a:6e:39:11:01:a9:84:c4:b1:31:
         55:12:8a:02:17:23:b5:14:fc:52:2b:70:f3:2d:ce:07:ff:47:
         35:53:06:f3:3f:cc:d6:50:01:fe:f3:0a:08:33:f8:78:c4:18:
         d8:eb:3d:69
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUF4Vf1eX0fDfGzKsCJKhzDkyq82UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1Mjk4YTQyZjJiYWJh
MWZhNzJmOGQyNzkzODg3OGMwHhcNMjUwMTMwMDAwMDAwWhcNMjUwMzA2MjM1OTU5
WjB6MUkwRwYDVQQFE0AxNzc2MDhmMTQ2MDMxZjc2OTgzYzU0ZjBjNWZmOTc5ZTM1
MWMyOGUwZDEyNjcyNzQ4N2IwMmIzZTY4NTEzNGVhMS0wKwYDVQQDEyQ4Y2Q4NDQy
Zi0yMzVmLTQxNzEtODRlNi04ZTEwMDdhNjRjNjAwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDW97ZMRmLN9Cr9d83il+9+458iM/QvUtOVHsQRnJvihCF2
6z4g+2ISH5J9ZAOoFPaWBLOMWKM96RbBZ31pADuVVsIs8K0UahskSKx+G7fyp89c
qCJzAxfYgmo6xUzZEpNHXiclEa9Is3REGN9clibwXIgtkYJnexnYGBXmFnnqwwSi
IMcvOjHvHXjdaNX5ESyKN3dMMajZMwvFMTxaulonGYzLZt15d5UK3p8VuidbFgro
k4vIGp7fMyZEPTP0LRcAUxui4hOZ95vXCPUrERC68xByWCMOQUxl/+yAQvmZEF5b
GBptvb94j7x6Dwot4t7oD0ojYBE5hqpnRwRuAo/JAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUuwOmt2MrCAsvejOm7tc+begb3g0wHwYDVR0jBBgwFoAUasw+faLnbZkR
D9Y5xBN+QkKZcNgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy82NzU1OTcwYy00
NzQ3LTQ5OWQtOTc3NC01ZTEzMDhjNTAxYTcvOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1
Mjk4YTQyZjJiYWJhMWZhNzJmOGQyNzkzODg3OGMuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTcyZDhkYjAtNDcyOC00ZmMxLWJkZDgtNDcx
MTI5ODY2MzYyLzg5MzVjMTcwLWZlNTctNGNhYi1hNDI3LWNmNDQ5ZTc3OGVmMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3MmQ4ZGIwLTQ3MjgtNGZjMS1iZGQ4
LTQ3MTEyOTg2NjM2Mi9iZ0UxRXFSU21LUXZLNnVoLW5MNDBuazRoNHcuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAjYPEwDQYJKoZIhvcNAQELBQADggEBAJeN9bOnDzYN+dFOI4KQdqJJA//H
78lXoOuDOu/aTb7rqMdDq0yj8+0ht/rsMTKbkM1eQjh8jYie4rS2cZoFYcfC60CQ
U/RxMeoPtgle5K0MzSY8eJOox4S9oD62OGTsMnCs7QPT7wZ8StkZDIyjSk9OJiXo
dXfsHW8iFKQEb618XQxKK0RgpwD+NLVHQnLxEfzW5y4RBhv54y4FHyPeJYirP9/y
wcTE7pzt3tu3eRF3XsaNQfOAQkOOZyinM7BjGRUN5i3uI0K4H4dunb6Uem45EQGp
hMSxMVUSigIXI7UU/FIrcPMtzgf/RzVTBvM/zNZQAf7zCggz+HjEGNjrPWk=
-----END CERTIFICATE-----