Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/c0470b5e-b545-482e-8475-2ccd1dfdea29.roa
File:                     c0470b5e-b545-482e-8475-2ccd1dfdea29.roa (raw, json)
Hash identifier:          s34/cEP6OOZvcvawMUhfgeDc+xz/iznhfsUFfJrqQ4w=
Subject key identifier:   AF:B8:06:DB:C3:5A:E5:90:E3:17:C2:9F:5B:AB:44:92:2C:F4:3B:A1
Certificate issuer:       /CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
Certificate serial:       3366E9CAEF097EB99B5D5015CD2C029812BB7021
Authority key identifier: 6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/c0470b5e-b545-482e-8475-2ccd1dfdea29.roa
Signing time:             Fri 17 Jan 2025 00:00:00 +0000
ROA not before:           Fri 17 Jan 2025 00:00:00 +0000
ROA not after:            Fri 21 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.96.16.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:66:e9:ca:ef:09:7e:b9:9b:5d:50:15:cd:2c:02:98:12:bb:70:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
        Validity
            Not Before: Jan 17 00:00:00 2025 GMT
            Not After : Feb 21 23:59:59 2025 GMT
        Subject: serialNumber=fdc15485143578fe545ad8f1bd371eb46930293bed3dff62e975a32eb6b9209c, CN=8cd8442f-235f-4171-84e6-8e1007a64c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:18:ab:8c:86:83:a8:7e:ab:2e:3a:01:5b:bc:
                    2a:6c:2a:91:e7:d0:fe:50:25:c3:06:00:62:8f:59:
                    d2:b9:88:77:8f:7d:06:00:07:3d:a3:54:e3:11:d8:
                    63:47:b1:f2:bf:8e:c7:d7:b2:02:5c:f9:32:9c:d3:
                    26:a5:1d:cf:8a:b1:88:47:94:b7:7a:fd:58:e1:d1:
                    87:f9:55:6f:cd:47:6b:15:d0:b0:7c:dc:74:98:ff:
                    62:51:30:05:9b:38:bf:cd:0b:a3:cd:89:ee:c0:36:
                    25:d8:cb:e8:91:6b:11:03:cf:08:1a:ce:a4:d9:d1:
                    31:3c:15:52:9a:8a:a4:68:81:4c:c3:f7:c2:c8:a0:
                    cf:a7:c0:cf:95:c1:9d:2f:a8:34:6f:05:4c:89:84:
                    93:40:c7:7c:99:89:f1:dd:bc:b8:91:06:9f:c3:59:
                    c3:9d:6e:9d:3c:06:f9:fb:94:02:ae:0e:f8:2f:6e:
                    71:51:aa:a9:f5:ca:42:ad:27:48:28:c4:2d:1f:92:
                    a4:e9:79:6b:27:5b:93:b2:1f:d5:4f:34:07:d6:cd:
                    87:70:00:ee:49:12:a0:68:96:82:2d:98:de:a8:d5:
                    ee:71:5a:c3:3f:06:b3:1a:50:ae:31:d3:1f:d0:96:
                    e4:08:d6:e7:22:fa:78:ed:bd:67:c8:ca:2b:74:88:
                    53:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:B8:06:DB:C3:5A:E5:90:E3:17:C2:9F:5B:AB:44:92:2C:F4:3B:A1
            X509v3 Authority Key Identifier:
                keyid:6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/c0470b5e-b545-482e-8475-2ccd1dfdea29.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.96.16.0/23

    Signature Algorithm: sha256WithRSAEncryption
         50:3b:24:01:a5:b1:9c:fb:e0:f0:c9:9a:59:1e:57:92:15:dd:
         ea:01:c7:f5:b0:ce:2f:6b:0f:08:76:98:ed:bb:26:ad:ff:c7:
         b1:1d:f9:b7:6c:71:7a:ff:00:2c:71:ff:49:96:9f:03:06:e3:
         ec:39:67:fe:e0:0d:96:d5:a8:0f:73:55:2e:42:a8:ce:f8:9b:
         4c:03:94:4a:3f:2d:6e:85:08:50:eb:8d:86:16:f5:a1:27:d4:
         55:a4:47:1a:d2:20:3d:07:13:8a:fb:7f:8f:c0:41:1c:3b:2a:
         b9:97:0a:da:b2:a2:0f:51:dc:6a:c5:bd:57:6c:02:15:fa:7f:
         53:ab:8f:41:64:98:cc:8e:1c:9e:32:d0:bd:c9:30:96:fc:7c:
         bb:ba:ba:85:0a:52:81:42:7f:f1:ab:a6:87:60:8e:48:ea:e5:
         5e:bd:8d:da:a6:a4:20:c2:16:44:e2:e4:c6:35:25:5e:34:d4:
         8a:de:1d:02:22:23:fc:af:36:32:ce:22:8d:cf:5e:3b:45:09:
         32:01:66:94:f9:5c:d0:3e:b6:a5:3e:23:5e:c3:54:dc:c0:ad:
         dc:e3:47:92:70:b3:f6:85:38:8e:fe:d7:73:3c:ed:a5:9c:25:
         ee:41:fc:c1:bf:b5:14:8b:bf:52:62:ec:0f:ba:46:cb:03:09:
         54:30:b9:28
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUM2bpyu8JfrmbXVAVzSwCmBK7cCEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1Mjk4YTQyZjJiYWJh
MWZhNzJmOGQyNzkzODg3OGMwHhcNMjUwMTE3MDAwMDAwWhcNMjUwMjIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BmZGMxNTQ4NTE0MzU3OGZlNTQ1YWQ4ZjFiZDM3MWViNDY5
MzAyOTNiZWQzZGZmNjJlOTc1YTMyZWI2YjkyMDljMS0wKwYDVQQDEyQ4Y2Q4NDQy
Zi0yMzVmLTQxNzEtODRlNi04ZTEwMDdhNjRjNjAwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCgGKuMhoOofqsuOgFbvCpsKpHn0P5QJcMGAGKPWdK5iHeP
fQYABz2jVOMR2GNHsfK/jsfXsgJc+TKc0yalHc+KsYhHlLd6/Vjh0Yf5VW/NR2sV
0LB83HSY/2JRMAWbOL/NC6PNie7ANiXYy+iRaxEDzwgazqTZ0TE8FVKaiqRogUzD
98LIoM+nwM+VwZ0vqDRvBUyJhJNAx3yZifHdvLiRBp/DWcOdbp08Bvn7lAKuDvgv
bnFRqqn1ykKtJ0goxC0fkqTpeWsnW5OyH9VPNAfWzYdwAO5JEqBoloItmN6o1e5x
WsM/BrMaUK4x0x/QluQI1uci+njtvWfIyit0iFMDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUr7gG28Na5ZDjF8KfW6tEkiz0O6EwHwYDVR0jBBgwFoAUasw+faLnbZkR
D9Y5xBN+QkKZcNgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy82NzU1OTcwYy00
NzQ3LTQ5OWQtOTc3NC01ZTEzMDhjNTAxYTcvOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1
Mjk4YTQyZjJiYWJhMWZhNzJmOGQyNzkzODg3OGMuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTcyZDhkYjAtNDcyOC00ZmMxLWJkZDgtNDcx
MTI5ODY2MzYyL2MwNDcwYjVlLWI1NDUtNDgyZS04NDc1LTJjY2QxZGZkZWEyOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3MmQ4ZGIwLTQ3MjgtNGZjMS1iZGQ4
LTQ3MTEyOTg2NjM2Mi9iZ0UxRXFSU21LUXZLNnVoLW5MNDBuazRoNHcuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEjYBAwDQYJKoZIhvcNAQELBQADggEBAFA7JAGlsZz74PDJmlkeV5IV3eoB
x/Wwzi9rDwh2mO27Jq3/x7Ed+bdscXr/ACxx/0mWnwMG4+w5Z/7gDZbVqA9zVS5C
qM74m0wDlEo/LW6FCFDrjYYW9aEn1FWkRxrSID0HE4r7f4/AQRw7KrmXCtqyog9R
3GrFvVdsAhX6f1Orj0FkmMyOHJ4y0L3JMJb8fLu6uoUKUoFCf/Grpodgjkjq5V69
jdqmpCDCFkTi5MY1JV401IreHQIiI/yvNjLOIo3PXjtFCTIBZpT5XNA+tqU+I17D
VNzArdzjR5Jws/aFOI7+13M87aWcJe5B/MG/tRSLv1Ji7A+6RssDCVQwuSg=
-----END CERTIFICATE-----