Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/93da312c-9a87-4802-ae6d-e784f74c131d.roa
File:                     93da312c-9a87-4802-ae6d-e784f74c131d.roa (raw, json)
Hash identifier:          s+dgAqOotVe/ShUaGjY3OrqRLl7iw5ffpxLiAuCalEc=
Subject key identifier:   9C:D2:49:42:35:E4:36:95:08:8E:0A:CD:72:B5:2D:8E:88:BF:39:40
Certificate issuer:       /CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
Certificate serial:       57520183BDEF302B040515AA3A5D8DE1DAE1D25C
Authority key identifier: 6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/93da312c-9a87-4802-ae6d-e784f74c131d.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.96.4.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:52:01:83:bd:ef:30:2b:04:05:15:aa:3a:5d:8d:e1:da:e1:d2:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: serialNumber=dad080264105f4d86de105a0ea5ab14a875a4c3c80e653b3584403b85a8caf4a, CN=8cd8442f-235f-4171-84e6-8e1007a64c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:ce:61:1d:94:c9:30:3b:86:5f:e1:c9:57:6e:
                    61:a4:5e:d0:16:1e:91:9b:6e:78:7d:e1:d7:0d:3e:
                    3a:fd:fc:6f:4c:79:3c:48:2d:b0:77:86:2d:7c:32:
                    4b:fc:08:40:3a:3b:58:c6:49:e7:19:bb:82:e8:bc:
                    88:06:b8:8b:aa:c9:56:c9:e0:80:8b:0d:62:99:42:
                    63:82:3d:6f:e3:54:2f:18:d5:84:4e:0e:61:41:93:
                    c2:40:68:94:2b:61:41:d8:d5:92:94:77:86:4e:74:
                    25:25:46:63:d9:ee:2c:d0:c3:e3:3a:48:b3:ce:a0:
                    35:8c:43:af:f2:72:c1:f3:5d:e0:e8:59:86:39:32:
                    24:ab:49:84:ee:c6:1b:3c:75:b5:12:05:47:4c:f7:
                    ab:3f:04:73:97:91:2b:00:0b:5d:80:1c:c4:c5:8c:
                    30:60:49:9b:12:32:2a:54:30:d2:b8:b6:e7:5c:18:
                    9a:d6:fc:aa:41:39:c6:ec:35:38:68:64:64:1e:5a:
                    f7:bd:a5:dc:c9:a6:38:0c:2e:ca:93:a9:40:1e:2d:
                    cf:3d:29:8c:7d:d4:79:de:68:1c:2c:5e:c5:b6:38:
                    b3:c5:16:06:5e:8a:64:ca:c7:8a:be:30:bb:a4:44:
                    65:99:52:58:f7:26:97:02:73:33:ae:e4:bf:9b:a6:
                    21:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:D2:49:42:35:E4:36:95:08:8E:0A:CD:72:B5:2D:8E:88:BF:39:40
            X509v3 Authority Key Identifier:
                keyid:6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/93da312c-9a87-4802-ae6d-e784f74c131d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.96.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:bc:cd:ed:17:38:e2:ab:59:24:94:5b:40:bb:8a:68:40:86:
         77:40:4c:49:95:c3:f7:f3:ae:1d:60:6d:01:60:41:88:12:5f:
         d4:fd:6a:82:d9:da:9a:fb:49:97:5e:b0:1c:97:5c:f1:94:80:
         cf:ee:ac:af:8c:9d:86:20:af:88:ba:87:eb:c5:f8:dd:2f:e5:
         75:e6:ed:75:4b:0d:72:08:ca:cc:61:95:ba:79:6c:4f:a4:f3:
         00:cb:ba:10:1d:23:ac:5b:b2:9c:61:4f:07:e1:4d:b9:b6:06:
         b6:66:3e:cb:a7:a5:19:6c:67:55:49:3b:3d:b0:9f:d4:4b:aa:
         3c:95:cc:fb:c0:3c:f7:7f:73:b4:31:27:94:5a:f3:14:e0:60:
         93:37:00:04:df:d2:cd:da:4a:87:44:9b:6f:49:9e:05:5c:29:
         8b:1b:6e:30:b1:49:81:fd:1d:38:4f:a1:42:82:d0:38:9e:08:
         ce:71:a1:49:4e:7c:c9:a1:7e:78:2e:5a:1a:23:fd:44:51:95:
         7e:01:f8:b0:39:8b:05:ec:35:db:a8:af:85:76:87:94:3d:d4:
         44:86:1a:6c:6b:73:5f:b0:8b:1e:69:0c:4b:a0:c6:a9:b1:97:
         5e:87:0a:c9:4d:40:19:df:98:8c:a1:8e:67:e2:18:e3:2c:72:
         ac:98:36:bb
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUV1IBg73vMCsEBRWqOl2N4drh0lwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1Mjk4YTQyZjJiYWJh
MWZhNzJmOGQyNzkzODg3OGMwHhcNMjUwMTE0MDAwMDAwWhcNMjUwMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BkYWQwODAyNjQxMDVmNGQ4NmRlMTA1YTBlYTVhYjE0YTg3
NWE0YzNjODBlNjUzYjM1ODQ0MDNiODVhOGNhZjRhMS0wKwYDVQQDEyQ4Y2Q4NDQy
Zi0yMzVmLTQxNzEtODRlNi04ZTEwMDdhNjRjNjAwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCnzmEdlMkwO4Zf4clXbmGkXtAWHpGbbnh94dcNPjr9/G9M
eTxILbB3hi18Mkv8CEA6O1jGSecZu4LovIgGuIuqyVbJ4ICLDWKZQmOCPW/jVC8Y
1YRODmFBk8JAaJQrYUHY1ZKUd4ZOdCUlRmPZ7izQw+M6SLPOoDWMQ6/ycsHzXeDo
WYY5MiSrSYTuxhs8dbUSBUdM96s/BHOXkSsAC12AHMTFjDBgSZsSMipUMNK4tudc
GJrW/KpBOcbsNThoZGQeWve9pdzJpjgMLsqTqUAeLc89KYx91HneaBwsXsW2OLPF
FgZeimTKx4q+MLukRGWZUlj3JpcCczOu5L+bpiFBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUnNJJQjXkNpUIjgrNcrUtjoi/OUAwHwYDVR0jBBgwFoAUasw+faLnbZkR
D9Y5xBN+QkKZcNgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy82NzU1OTcwYy00
NzQ3LTQ5OWQtOTc3NC01ZTEzMDhjNTAxYTcvOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1
Mjk4YTQyZjJiYWJhMWZhNzJmOGQyNzkzODg3OGMuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTcyZDhkYjAtNDcyOC00ZmMxLWJkZDgtNDcx
MTI5ODY2MzYyLzkzZGEzMTJjLTlhODctNDgwMi1hZTZkLWU3ODRmNzRjMTMxZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3MmQ4ZGIwLTQ3MjgtNGZjMS1iZGQ4
LTQ3MTEyOTg2NjM2Mi9iZ0UxRXFSU21LUXZLNnVoLW5MNDBuazRoNHcuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAjYAQwDQYJKoZIhvcNAQELBQADggEBABG8ze0XOOKrWSSUW0C7imhAhndA
TEmVw/fzrh1gbQFgQYgSX9T9aoLZ2pr7SZdesByXXPGUgM/urK+MnYYgr4i6h+vF
+N0v5XXm7XVLDXIIysxhlbp5bE+k8wDLuhAdI6xbspxhTwfhTbm2BrZmPsunpRls
Z1VJOz2wn9RLqjyVzPvAPPd/c7QxJ5Ra8xTgYJM3AATf0s3aSodEm29JngVcKYsb
bjCxSYH9HThPoUKC0DieCM5xoUlOfMmhfnguWhoj/URRlX4B+LA5iwXsNduor4V2
h5Q91ESGGmxrc1+wix5pDEugxqmxl16HCslNQBnfmIyhjmfiGOMscqyYNrs=
-----END CERTIFICATE-----