Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/9761c5a0-4e06-4534-a45f-5dce788a2329.roa
File:                     9761c5a0-4e06-4534-a45f-5dce788a2329.roa (raw, json)
Hash identifier:          w0cpRBcXwldD3uY9dquu5d56Q1cfCEsoma+HYvBchHA=
Subject key identifier:   75:16:B3:A7:08:FE:F1:A7:3F:54:F2:02:D5:E9:40:7C:99:3B:A9:07
Certificate issuer:       /CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
Certificate serial:       66A875BFFF51976C5EF6BD8BC2BA464B97B7151E
Authority key identifier: 6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/9761c5a0-4e06-4534-a45f-5dce788a2329.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.96.5.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:a8:75:bf:ff:51:97:6c:5e:f6:bd:8b:c2:ba:46:4b:97:b7:15:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: serialNumber=8ac20057dbf3358feb45fd76d00a65bc07ac0a8409e6e36c76daab1c2a013122, CN=8cd8442f-235f-4171-84e6-8e1007a64c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:73:fd:3f:da:6b:c3:20:a1:64:35:3d:21:76:
                    f7:c6:e9:e4:5a:20:94:43:02:c3:06:ff:47:04:54:
                    7d:fe:a5:1e:64:59:eb:06:f2:24:f0:5f:0c:8a:db:
                    d1:50:72:6a:11:11:ab:d2:67:27:f4:38:43:12:c1:
                    c7:09:f6:64:59:8a:5b:2e:6a:43:50:60:2c:db:99:
                    a2:61:c0:ce:31:58:73:8a:f3:c1:28:28:5e:0f:32:
                    e2:7d:af:6f:d6:75:66:c3:ca:1d:de:d9:49:e8:dd:
                    9e:47:66:f8:81:0a:cd:d7:51:1d:7c:a6:a8:7e:d3:
                    bd:ac:c6:e0:ad:2e:39:b5:3e:cc:ae:da:7c:32:70:
                    5e:1c:c7:00:d7:a1:e2:83:73:77:cd:af:18:fa:e4:
                    a4:67:09:c0:99:84:5f:c1:a5:79:28:eb:11:0a:b9:
                    8a:d2:2c:d4:a6:46:7f:b4:ba:13:13:57:eb:40:6c:
                    28:d5:dc:14:49:ff:d6:ae:4c:5b:20:53:83:0b:5f:
                    41:b6:da:7a:5b:9d:e4:ed:65:c0:f4:5d:59:cb:85:
                    76:36:ba:17:da:bf:7b:47:cc:05:1a:9c:a3:27:5c:
                    a7:96:4d:4b:1c:5a:34:55:1a:4d:4a:6b:a7:b0:1d:
                    a8:3a:39:76:7a:bd:a3:af:86:9c:dd:ad:59:5a:a1:
                    0b:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:16:B3:A7:08:FE:F1:A7:3F:54:F2:02:D5:E9:40:7C:99:3B:A9:07
            X509v3 Authority Key Identifier:
                keyid:6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/9761c5a0-4e06-4534-a45f-5dce788a2329.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.96.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:c1:4d:77:41:2a:7c:54:50:60:6d:f0:75:67:1d:2b:5e:44:
         60:57:21:5c:b3:e5:1f:0b:3b:5b:65:60:2c:d4:74:4e:38:0f:
         e0:e3:dd:ce:5f:bf:76:e1:36:97:29:7e:6d:8e:7b:d5:7c:73:
         77:ac:40:05:fb:7b:c6:70:79:c8:5d:a3:6b:75:88:39:50:7b:
         f5:fa:e1:62:7e:4f:50:fa:65:00:4c:54:6e:dc:e4:1c:29:53:
         71:ee:3d:d7:69:2b:4f:31:e9:9c:52:a1:8d:fb:62:bd:20:b4:
         73:60:9e:42:18:ee:76:cd:db:0d:c7:e6:c6:7c:c1:3a:70:13:
         58:39:9f:76:3e:63:0c:28:ce:78:a1:15:e5:8c:4b:e5:d5:5b:
         df:99:6a:63:46:28:24:a1:06:ed:33:ad:48:d4:b6:a0:92:35:
         7a:d4:b8:13:07:59:db:25:89:95:5b:88:55:78:a1:60:0d:8e:
         af:94:9c:3e:52:e1:02:48:4b:f3:1a:73:7c:f4:e8:bc:ec:f0:
         c9:6c:19:59:86:69:ae:e5:18:da:33:54:21:e3:ab:f1:eb:42:
         0f:9e:b3:06:6f:44:30:7a:21:e4:6f:33:80:60:77:a9:a3:69:
         da:49:3a:86:49:51:9c:76:b4:e2:ae:e5:58:c5:d9:1b:b6:54:
         2a:1b:86:9e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZqh1v/9Rl2xe9r2LwrpGS5e3FR4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1Mjk4YTQyZjJiYWJh
MWZhNzJmOGQyNzkzODg3OGMwHhcNMjUwMTE0MDAwMDAwWhcNMjUwMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A4YWMyMDA1N2RiZjMzNThmZWI0NWZkNzZkMDBhNjViYzA3
YWMwYTg0MDllNmUzNmM3NmRhYWIxYzJhMDEzMTIyMS0wKwYDVQQDEyQ4Y2Q4NDQy
Zi0yMzVmLTQxNzEtODRlNi04ZTEwMDdhNjRjNjAwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6c/0/2mvDIKFkNT0hdvfG6eRaIJRDAsMG/0cEVH3+pR5k
WesG8iTwXwyK29FQcmoREavSZyf0OEMSwccJ9mRZilsuakNQYCzbmaJhwM4xWHOK
88EoKF4PMuJ9r2/WdWbDyh3e2Uno3Z5HZviBCs3XUR18pqh+072sxuCtLjm1Psyu
2nwycF4cxwDXoeKDc3fNrxj65KRnCcCZhF/BpXko6xEKuYrSLNSmRn+0uhMTV+tA
bCjV3BRJ/9auTFsgU4MLX0G22npbneTtZcD0XVnLhXY2uhfav3tHzAUanKMnXKeW
TUscWjRVGk1Ka6ewHag6OXZ6vaOvhpzdrVlaoQsrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUdRazpwj+8ac/VPIC1elAfJk7qQcwHwYDVR0jBBgwFoAUasw+faLnbZkR
D9Y5xBN+QkKZcNgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy82NzU1OTcwYy00
NzQ3LTQ5OWQtOTc3NC01ZTEzMDhjNTAxYTcvOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1
Mjk4YTQyZjJiYWJhMWZhNzJmOGQyNzkzODg3OGMuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTcyZDhkYjAtNDcyOC00ZmMxLWJkZDgtNDcx
MTI5ODY2MzYyLzk3NjFjNWEwLTRlMDYtNDUzNC1hNDVmLTVkY2U3ODhhMjMyOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3MmQ4ZGIwLTQ3MjgtNGZjMS1iZGQ4
LTQ3MTEyOTg2NjM2Mi9iZ0UxRXFSU21LUXZLNnVoLW5MNDBuazRoNHcuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAjYAUwDQYJKoZIhvcNAQELBQADggEBAFPBTXdBKnxUUGBt8HVnHSteRGBX
IVyz5R8LO1tlYCzUdE44D+Dj3c5fv3bhNpcpfm2Oe9V8c3esQAX7e8Zwechdo2t1
iDlQe/X64WJ+T1D6ZQBMVG7c5BwpU3HuPddpK08x6ZxSoY37Yr0gtHNgnkIY7nbN
2w3H5sZ8wTpwE1g5n3Y+YwwoznihFeWMS+XVW9+ZamNGKCShBu0zrUjUtqCSNXrU
uBMHWdsliZVbiFV4oWANjq+UnD5S4QJIS/Mac3z06Lzs8MlsGVmGaa7lGNozVCHj
q/HrQg+eswZvRDB6IeRvM4Bgd6mjadpJOoZJUZx2tOKu5VjF2Ru2VCobhp4=
-----END CERTIFICATE-----