Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/8e88398f-80cd-4b06-bbdf-e3fab6e6abe1.roa
File:                     8e88398f-80cd-4b06-bbdf-e3fab6e6abe1.roa (raw, json)
Hash identifier:          pDqAUU+e+uLC9PbjgVr3XAxHOT24RIXCyo2uqttFWIA=
Subject key identifier:   18:E9:46:DE:55:57:15:2D:1A:BD:20:77:33:78:93:0D:7B:22:0B:CC
Certificate issuer:       /CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
Certificate serial:       4A51C7DF8E9F45E189BADEA5D21339929DC2DBDE
Authority key identifier: 6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/8e88398f-80cd-4b06-bbdf-e3fab6e6abe1.roa
Signing time:             Tue 28 Jan 2025 00:00:00 +0000
ROA not before:           Tue 28 Jan 2025 00:00:00 +0000
ROA not after:            Tue 04 Mar 2025 23:59:59 +0000
asID:                     801
IP address blocks:        35.96.8.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:51:c7:df:8e:9f:45:e1:89:ba:de:a5:d2:13:39:92:9d:c2:db:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
        Validity
            Not Before: Jan 28 00:00:00 2025 GMT
            Not After : Mar  4 23:59:59 2025 GMT
        Subject: serialNumber=ed44dcd478ccbc0493ce9baeb91d30186086d29e0a2551522f31917b76e0eef7, CN=8cd8442f-235f-4171-84e6-8e1007a64c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:a2:c4:90:49:77:b4:56:cb:ed:cd:81:5c:4c:
                    5d:3d:9e:8a:27:4d:a3:bf:ec:91:f7:d2:ac:f3:1a:
                    06:ad:e8:cb:29:89:44:3d:4e:eb:7a:43:5a:0e:5c:
                    0e:57:90:9e:fb:63:71:e4:7d:3c:f9:a4:06:53:e7:
                    84:8a:db:59:b5:ea:f7:f4:42:df:91:79:6b:82:74:
                    63:1a:99:c2:c6:28:c8:61:ec:1a:b6:c5:e1:29:f2:
                    c2:c9:6c:c5:0c:8a:58:d3:42:37:fc:fe:7a:af:2b:
                    ad:a6:c7:96:f8:3f:24:5e:70:1f:fb:1c:4d:1b:3d:
                    0c:f1:aa:a0:9d:28:65:b3:2f:63:34:7b:ce:c6:35:
                    67:97:c8:02:7c:a3:66:3d:61:32:2b:37:a1:17:b2:
                    cb:39:3c:51:13:e8:60:28:da:39:62:a5:4b:4a:93:
                    f6:e5:49:bf:46:2f:9f:70:f8:de:39:5b:52:9c:9c:
                    36:40:ad:3e:60:f7:9a:5f:a7:3c:a2:45:e9:5e:e7:
                    61:22:e3:ae:37:85:6c:14:0e:83:55:b2:d6:39:40:
                    8f:f8:a9:15:5c:08:b4:d6:e8:1e:d6:1d:49:43:38:
                    a9:28:ef:75:25:9f:e8:10:af:62:96:5d:c0:9d:bd:
                    2f:99:f9:ec:d6:5e:64:0d:ad:c6:4c:55:76:6a:4b:
                    88:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:E9:46:DE:55:57:15:2D:1A:BD:20:77:33:78:93:0D:7B:22:0B:CC
            X509v3 Authority Key Identifier:
                keyid:6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/8e88398f-80cd-4b06-bbdf-e3fab6e6abe1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.96.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:0f:0d:00:02:ad:07:8c:fd:dd:92:74:85:d6:df:14:67:f0:
         b6:e4:86:f6:59:b5:64:3f:37:ec:cf:1e:50:f9:e1:ca:23:17:
         aa:33:da:c0:3b:ad:80:22:d4:57:89:0d:7c:50:03:7c:e8:cf:
         c9:20:5b:13:24:cf:bf:0d:cb:75:e3:bd:d7:5a:e0:79:8f:a3:
         67:1d:55:b1:26:7f:f5:7f:a8:72:1f:f3:c1:b3:ad:4e:f0:79:
         e4:91:bb:59:8c:d0:aa:a5:1d:41:1e:ae:12:01:0d:2e:e1:71:
         6c:fe:67:49:7a:90:9e:5d:94:d4:aa:07:09:32:08:34:d0:ba:
         08:85:6f:a8:26:fc:14:64:61:06:f9:de:cd:00:98:dc:ec:48:
         36:60:95:1e:9a:3f:3f:24:fb:66:9f:f9:1c:1e:f7:5c:42:0d:
         71:50:b5:59:70:f1:53:43:d5:84:20:ca:68:2f:a8:38:96:78:
         a9:0e:82:b7:0c:15:20:65:6b:54:37:61:88:3b:26:5e:c6:9b:
         1b:da:d1:3f:fc:33:e4:1f:e3:97:b4:2d:f0:f4:e4:b4:75:71:
         b7:7d:e9:e9:ee:90:80:dc:c3:af:3a:f8:7a:5e:31:c0:5e:d5:
         61:eb:7c:2c:f5:0a:01:68:8a:e6:77:c9:a6:21:18:54:5e:94:
         ef:06:88:25
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSlHH346fReGJut6l0hM5kp3C294wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1Mjk4YTQyZjJiYWJh
MWZhNzJmOGQyNzkzODg3OGMwHhcNMjUwMTI4MDAwMDAwWhcNMjUwMzA0MjM1OTU5
WjB6MUkwRwYDVQQFE0BlZDQ0ZGNkNDc4Y2NiYzA0OTNjZTliYWViOTFkMzAxODYw
ODZkMjllMGEyNTUxNTIyZjMxOTE3Yjc2ZTBlZWY3MS0wKwYDVQQDEyQ4Y2Q4NDQy
Zi0yMzVmLTQxNzEtODRlNi04ZTEwMDdhNjRjNjAwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDnosSQSXe0VsvtzYFcTF09noonTaO/7JH30qzzGgat6Msp
iUQ9Tut6Q1oOXA5XkJ77Y3HkfTz5pAZT54SK21m16vf0Qt+ReWuCdGMamcLGKMhh
7Bq2xeEp8sLJbMUMiljTQjf8/nqvK62mx5b4PyRecB/7HE0bPQzxqqCdKGWzL2M0
e87GNWeXyAJ8o2Y9YTIrN6EXsss5PFET6GAo2jlipUtKk/blSb9GL59w+N45W1Kc
nDZArT5g95pfpzyiRele52Ei4643hWwUDoNVstY5QI/4qRVcCLTW6B7WHUlDOKko
73Uln+gQr2KWXcCdvS+Z+ezWXmQNrcZMVXZqS4hVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUGOlG3lVXFS0avSB3M3iTDXsiC8wwHwYDVR0jBBgwFoAUasw+faLnbZkR
D9Y5xBN+QkKZcNgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy82NzU1OTcwYy00
NzQ3LTQ5OWQtOTc3NC01ZTEzMDhjNTAxYTcvOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1
Mjk4YTQyZjJiYWJhMWZhNzJmOGQyNzkzODg3OGMuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTcyZDhkYjAtNDcyOC00ZmMxLWJkZDgtNDcx
MTI5ODY2MzYyLzhlODgzOThmLTgwY2QtNGIwNi1iYmRmLWUzZmFiNmU2YWJlMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3MmQ4ZGIwLTQ3MjgtNGZjMS1iZGQ4
LTQ3MTEyOTg2NjM2Mi9iZ0UxRXFSU21LUXZLNnVoLW5MNDBuazRoNHcuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAjYAgwDQYJKoZIhvcNAQELBQADggEBAC4PDQACrQeM/d2SdIXW3xRn8Lbk
hvZZtWQ/N+zPHlD54cojF6oz2sA7rYAi1FeJDXxQA3zoz8kgWxMkz78Ny3Xjvdda
4HmPo2cdVbEmf/V/qHIf88GzrU7weeSRu1mM0KqlHUEerhIBDS7hcWz+Z0l6kJ5d
lNSqBwkyCDTQugiFb6gm/BRkYQb53s0AmNzsSDZglR6aPz8k+2af+Rwe91xCDXFQ
tVlw8VND1YQgymgvqDiWeKkOgrcMFSBla1Q3YYg7Jl7Gmxva0T/8M+Qf45e0LfD0
5LR1cbd96enukIDcw686+HpeMcBe1WHrfCz1CgFoiuZ3yaYhGFRelO8GiCU=
-----END CERTIFICATE-----