Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/e73ef7c0-3677-4319-b4f1-b7d8cb2c908e.roa
File:                     e73ef7c0-3677-4319-b4f1-b7d8cb2c908e.roa (raw, json)
Hash identifier:          NlIkljlEu+332WPXaSuDbHcauiCwaBvhP1ARu8iWx7E=
Subject key identifier:   36:55:6E:DD:F9:D2:C7:D6:94:B3:1F:43:82:C5:AB:5F:90:AA:D5:80
Certificate issuer:       /CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
Certificate serial:       280A0EE124297330946E3258C7352FFCDF220D4E
Authority key identifier: 6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/e73ef7c0-3677-4319-b4f1-b7d8cb2c908e.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.96.16.0/20 maxlen: 20
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:0a:0e:e1:24:29:73:30:94:6e:32:58:c7:35:2f:fc:df:22:0d:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=01e5f9bbf4022e50b3418dc9d0cdf8a293f37bffaa9db328f689b06a6bbfa9b4, CN=8cd8442f-235f-4171-84e6-8e1007a64c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:cc:f8:02:03:27:da:0a:16:db:d9:52:d2:52:
                    91:8b:a6:44:a2:63:39:f6:c9:30:5c:29:39:52:06:
                    81:4f:89:df:5e:cb:3e:96:73:b8:7c:8a:a7:47:98:
                    31:fc:1d:b4:59:cf:97:bd:8d:5e:43:0f:63:5a:cf:
                    f6:02:89:ac:72:11:4f:2c:ff:82:f3:2f:8d:9c:c9:
                    b6:81:7a:8c:8c:fa:40:ef:2d:2c:b5:9b:4a:28:6a:
                    11:9b:d2:0e:c4:a0:9e:8d:06:df:c0:4f:ea:91:9a:
                    ad:e5:66:5a:bb:9a:7c:49:04:98:ac:4f:b6:0c:fa:
                    bc:fa:2e:45:11:3a:87:fc:3b:f4:af:47:38:9b:13:
                    f6:6d:80:10:c2:c9:83:f2:91:33:86:59:bd:b4:fc:
                    ae:9e:8e:8b:bb:8b:06:b3:7d:6e:46:77:60:5c:26:
                    2c:0a:76:10:65:71:af:7e:80:f8:fe:18:3c:b0:be:
                    0f:df:8f:93:20:0b:a0:34:95:13:e6:e9:bf:31:11:
                    34:b1:5f:60:f3:ae:a1:e9:1c:81:7c:c3:18:d2:fa:
                    82:26:d4:49:b4:9b:e6:0a:ee:de:76:ae:48:9a:61:
                    92:94:ed:be:af:7a:4a:9a:37:9b:9b:1b:f6:6e:ba:
                    51:53:f0:fb:76:37:b0:d9:a4:6b:21:d7:ec:ed:0a:
                    bc:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:55:6E:DD:F9:D2:C7:D6:94:B3:1F:43:82:C5:AB:5F:90:AA:D5:80
            X509v3 Authority Key Identifier:
                keyid:6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/e73ef7c0-3677-4319-b4f1-b7d8cb2c908e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.96.16.0/20

    Signature Algorithm: sha256WithRSAEncryption
         8c:63:13:34:97:a7:a9:c2:0d:af:3b:be:8f:b6:7d:9d:17:23:
         a2:cb:94:6a:64:7d:f3:c7:96:0a:91:2c:44:bb:91:a0:c6:33:
         7a:56:fb:1b:7b:ab:0e:7e:21:2d:54:21:f2:06:5c:2f:36:b1:
         87:8b:2c:c2:12:97:a9:6d:e6:0d:9a:d8:47:c1:72:04:7d:f0:
         cb:88:b2:15:f1:27:82:5a:da:76:17:d3:a0:1f:9a:a6:bc:76:
         97:b5:c5:42:b1:86:52:7c:e8:53:0e:df:81:33:f5:86:df:a3:
         95:3b:4a:24:b3:eb:da:d4:45:5c:24:ba:a5:3b:05:16:45:a9:
         07:7f:df:b7:a1:91:43:bb:d0:46:f0:27:c5:ae:8d:af:db:06:
         f9:44:c7:19:a2:a5:db:aa:5c:09:42:6c:31:6f:28:29:a4:4e:
         22:3b:00:f3:99:3c:84:05:95:5e:93:65:33:da:5c:6f:66:c4:
         1c:05:b1:34:81:20:7d:7b:72:6d:5c:41:8c:95:43:ff:6b:69:
         02:eb:a8:ca:b4:0c:10:3f:df:53:b7:e0:16:bf:bb:a7:1c:80:
         88:c8:bf:f6:d5:6a:e3:a8:a1:d0:27:95:80:3b:dc:64:f9:d3:
         08:67:7c:b5:7c:c9:b5:1f:77:62:f0:28:b2:22:0b:0a:4d:c1:
         fc:17:25:22
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKAoO4SQpczCUbjJYxzUv/N8iDU4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1Mjk4YTQyZjJiYWJh
MWZhNzJmOGQyNzkzODg3OGMwHhcNMjUwMTA3MDAwMDAwWhcNMjUwMjExMjM1OTU5
WjB6MUkwRwYDVQQFE0AwMWU1ZjliYmY0MDIyZTUwYjM0MThkYzlkMGNkZjhhMjkz
ZjM3YmZmYWE5ZGIzMjhmNjg5YjA2YTZiYmZhOWI0MS0wKwYDVQQDEyQ4Y2Q4NDQy
Zi0yMzVmLTQxNzEtODRlNi04ZTEwMDdhNjRjNjAwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCgzPgCAyfaChbb2VLSUpGLpkSiYzn2yTBcKTlSBoFPid9e
yz6Wc7h8iqdHmDH8HbRZz5e9jV5DD2Naz/YCiaxyEU8s/4LzL42cybaBeoyM+kDv
LSy1m0ooahGb0g7EoJ6NBt/AT+qRmq3lZlq7mnxJBJisT7YM+rz6LkUROof8O/Sv
RzibE/ZtgBDCyYPykTOGWb20/K6ejou7iwazfW5Gd2BcJiwKdhBlca9+gPj+GDyw
vg/fj5MgC6A0lRPm6b8xETSxX2DzrqHpHIF8wxjS+oIm1Em0m+YK7t52rkiaYZKU
7b6vekqaN5ubG/ZuulFT8Pt2N7DZpGsh1+ztCrzhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUNlVu3fnSx9aUsx9DgsWrX5Cq1YAwHwYDVR0jBBgwFoAUasw+faLnbZkR
D9Y5xBN+QkKZcNgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy82NzU1OTcwYy00
NzQ3LTQ5OWQtOTc3NC01ZTEzMDhjNTAxYTcvOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1
Mjk4YTQyZjJiYWJhMWZhNzJmOGQyNzkzODg3OGMuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTcyZDhkYjAtNDcyOC00ZmMxLWJkZDgtNDcx
MTI5ODY2MzYyL2U3M2VmN2MwLTM2NzctNDMxOS1iNGYxLWI3ZDhjYjJjOTA4ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3MmQ4ZGIwLTQ3MjgtNGZjMS1iZGQ4
LTQ3MTEyOTg2NjM2Mi9iZ0UxRXFSU21LUXZLNnVoLW5MNDBuazRoNHcuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQjYBAwDQYJKoZIhvcNAQELBQADggEBAIxjEzSXp6nCDa87vo+2fZ0XI6LL
lGpkffPHlgqRLES7kaDGM3pW+xt7qw5+IS1UIfIGXC82sYeLLMISl6lt5g2a2EfB
cgR98MuIshXxJ4Ja2nYX06Afmqa8dpe1xUKxhlJ86FMO34Ez9Ybfo5U7SiSz69rU
RVwkuqU7BRZFqQd/37ehkUO70EbwJ8Wuja/bBvlExxmipduqXAlCbDFvKCmkTiI7
APOZPIQFlV6TZTPaXG9mxBwFsTSBIH17cm1cQYyVQ/9raQLrqMq0DBA/31O34Ba/
u6ccgIjIv/bVauOoodAnlYA73GT50whnfLV8ybUfd2LwKLIiCwpNwfwXJSI=
-----END CERTIFICATE-----