Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/ff893aad-9ed8-41c3-9b48-507fa414885d.roa
File:                     ff893aad-9ed8-41c3-9b48-507fa414885d.roa (raw, json)
Hash identifier:          ErFfRnJ7HIUqh9ioXkkUiobh/frVab/tSkgJaUOVrXY=
Subject key identifier:   48:F9:6E:37:3A:38:9E:82:2B:2B:4D:D5:9A:2F:76:D2:6D:D9:42:8B
Certificate issuer:       /CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
Certificate serial:       02D161150137CA7C19520991B59781539B0A9B37
Authority key identifier: 6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/ff893aad-9ed8-41c3-9b48-507fa414885d.roa
Signing time:             Fri 11 Apr 2025 00:40:04 +0000
ROA not before:           Fri 11 Apr 2025 00:40:04 +0000
ROA not after:            Fri 16 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        35.96.247.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:d1:61:15:01:37:ca:7c:19:52:09:91:b5:97:81:53:9b:0a:9b:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
        Validity
            Not Before: Apr 11 00:40:04 2025 GMT
            Not After : May 16 23:59:59 2025 GMT
        Subject: serialNumber=045e07de64741c4bd04d701a5a3adf1994646750e69dce2d49c2ada16f883e2b, CN=8cd8442f-235f-4171-84e6-8e1007a64c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:69:12:fb:dc:79:ce:ea:83:f9:76:f9:ad:cf:
                    03:b8:31:43:db:79:4f:61:1c:e3:97:d5:fb:79:70:
                    e6:3d:e6:5a:1b:50:fa:81:bd:ab:7f:31:27:7b:00:
                    ac:70:07:08:8f:ea:73:15:54:1b:0a:fa:06:10:a7:
                    d4:78:89:b4:68:c9:64:e8:bd:4d:ba:f6:c5:c5:b9:
                    00:d0:7e:6b:95:2e:77:cf:09:43:13:39:39:79:08:
                    7e:13:a7:fb:08:2c:63:9a:03:d8:f8:d9:71:82:9d:
                    06:b1:08:4b:20:61:b3:35:3e:69:ee:cb:0c:a5:75:
                    f7:1f:b2:83:8a:9d:99:85:25:39:0e:b4:c2:bc:ac:
                    f0:ac:a6:61:5d:7e:f2:f0:3b:e3:05:75:19:05:36:
                    99:89:1e:5d:df:a4:76:64:1e:d3:e5:a1:22:d4:9e:
                    7d:2a:82:bc:d0:e2:bb:4c:fd:01:22:b7:f5:8d:63:
                    e1:19:2a:44:68:c5:cb:4a:83:b5:12:c4:9d:78:38:
                    5f:09:da:54:eb:03:e2:f0:5c:50:89:46:9d:c1:17:
                    8b:56:47:3b:04:ab:1e:0e:c8:64:30:93:b0:bf:a7:
                    d2:a2:6a:23:13:c3:e6:ce:b0:4b:81:7d:a3:bc:76:
                    19:60:44:af:c4:53:25:b2:25:54:13:99:73:80:f7:
                    66:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:F9:6E:37:3A:38:9E:82:2B:2B:4D:D5:9A:2F:76:D2:6D:D9:42:8B
            X509v3 Authority Key Identifier:
                keyid:6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/ff893aad-9ed8-41c3-9b48-507fa414885d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.96.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:6e:6b:df:15:fa:9d:aa:ae:ed:90:87:2f:05:2c:e5:aa:7b:
         08:6d:5e:26:82:4c:28:31:a6:80:c6:33:8b:14:a3:fa:57:20:
         4d:89:ce:67:2d:0d:27:ac:aa:8e:7d:16:30:f3:99:5a:1d:51:
         44:34:e2:56:7d:b1:27:4b:a5:69:99:2b:71:57:0e:7a:98:2b:
         a2:eb:63:e4:a0:85:09:32:2f:b0:7b:7b:03:b8:84:d8:7a:39:
         c5:f7:40:db:54:cb:4a:46:86:89:67:cd:c2:da:c8:92:f3:08:
         f2:44:07:fd:da:32:fb:d4:83:bd:7b:bd:82:15:76:c4:70:19:
         ca:28:52:03:15:8c:a6:56:df:51:61:e4:bd:84:be:d0:0b:af:
         25:22:82:dc:4d:6a:9a:0b:87:5d:83:43:3f:2d:e9:01:20:95:
         60:3c:f5:e7:03:91:d4:81:4a:f3:c8:18:47:d7:73:6b:02:98:
         ee:2f:4e:a9:a3:67:2f:3e:25:15:c3:9d:f3:1b:f2:0d:de:f0:
         1b:5b:13:18:a4:c3:bb:43:6d:9c:cd:35:02:7b:b1:4a:14:92:
         17:87:b8:14:71:07:08:85:9a:04:dd:7b:18:88:d8:77:a9:95:
         62:35:5c:17:86:65:9f:5f:f5:e2:82:44:97:9a:ac:80:59:2e:
         1b:e0:a8:26
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAtFhFQE3ynwZUgmRtZeBU5sKmzcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1Mjk4YTQyZjJiYWJh
MWZhNzJmOGQyNzkzODg3OGMwHhcNMjUwNDExMDA0MDA0WhcNMjUwNTE2MjM1OTU5
WjB6MUkwRwYDVQQFE0AwNDVlMDdkZTY0NzQxYzRiZDA0ZDcwMWE1YTNhZGYxOTk0
NjQ2NzUwZTY5ZGNlMmQ0OWMyYWRhMTZmODgzZTJiMS0wKwYDVQQDEyQ4Y2Q4NDQy
Zi0yMzVmLTQxNzEtODRlNi04ZTEwMDdhNjRjNjAwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8aRL73HnO6oP5dvmtzwO4MUPbeU9hHOOX1ft5cOY95lob
UPqBvat/MSd7AKxwBwiP6nMVVBsK+gYQp9R4ibRoyWTovU269sXFuQDQfmuVLnfP
CUMTOTl5CH4Tp/sILGOaA9j42XGCnQaxCEsgYbM1PmnuywyldfcfsoOKnZmFJTkO
tMK8rPCspmFdfvLwO+MFdRkFNpmJHl3fpHZkHtPloSLUnn0qgrzQ4rtM/QEit/WN
Y+EZKkRoxctKg7USxJ14OF8J2lTrA+LwXFCJRp3BF4tWRzsEqx4OyGQwk7C/p9Ki
aiMTw+bOsEuBfaO8dhlgRK/EUyWyJVQTmXOA92afAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUSPluNzo4noIrK03Vmi920m3ZQoswHwYDVR0jBBgwFoAUasw+faLnbZkR
D9Y5xBN+QkKZcNgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy82NzU1OTcwYy00
NzQ3LTQ5OWQtOTc3NC01ZTEzMDhjNTAxYTcvOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1
Mjk4YTQyZjJiYWJhMWZhNzJmOGQyNzkzODg3OGMuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTcyZDhkYjAtNDcyOC00ZmMxLWJkZDgtNDcx
MTI5ODY2MzYyL2ZmODkzYWFkLTllZDgtNDFjMy05YjQ4LTUwN2ZhNDE0ODg1ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3MmQ4ZGIwLTQ3MjgtNGZjMS1iZGQ4
LTQ3MTEyOTg2NjM2Mi9iZ0UxRXFSU21LUXZLNnVoLW5MNDBuazRoNHcuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAjYPcwDQYJKoZIhvcNAQELBQADggEBAEJua98V+p2qru2Qhy8FLOWqewht
XiaCTCgxpoDGM4sUo/pXIE2JzmctDSesqo59FjDzmVodUUQ04lZ9sSdLpWmZK3FX
DnqYK6LrY+SghQkyL7B7ewO4hNh6OcX3QNtUy0pGholnzcLayJLzCPJEB/3aMvvU
g717vYIVdsRwGcooUgMVjKZW31Fh5L2EvtALryUigtxNapoLh12DQz8t6QEglWA8
9ecDkdSBSvPIGEfXc2sCmO4vTqmjZy8+JRXDnfMb8g3e8BtbExikw7tDbZzNNQJ7
sUoUkheHuBRxBwiFmgTdexiI2HeplWI1XBeGZZ9f9eKCRJearIBZLhvgqCY=
-----END CERTIFICATE-----