Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/297c1031-a356-464c-a545-9d3b278c4ae9.roa
File:                     297c1031-a356-464c-a545-9d3b278c4ae9.roa (raw, json)
Hash identifier:          mdtMo5VolAxAY18arYD6CfLXQAwBNz1OsG68wZONkNI=
Subject key identifier:   23:E9:18:89:82:1C:EE:61:F3:4B:21:74:05:2E:C7:BA:EB:F1:AA:A8
Certificate issuer:       /CN=97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424
Certificate serial:       1F5A4B8873BB88659BA3EA0D75F5AAEEE6621007
Authority key identifier: BA:0C:E1:7E:23:3F:BC:71:D4:30:AB:DA:C2:C3:0C:79:04:B6:A0:E7
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/297c1031-a356-464c-a545-9d3b278c4ae9.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        173.82.97.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:5a:4b:88:73:bb:88:65:9b:a3:ea:0d:75:f5:aa:ee:e6:62:10:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: serialNumber=3304cea22698255c70f6ef5073aaa7c43350e82633eb585537aa8c15ef11793b, CN=f7243785-46de-414b-9b8f-7a9699e979e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:ab:2a:cb:94:5d:89:b5:ec:82:3a:2c:f7:5b:
                    fe:13:fa:7b:53:58:63:11:01:5d:46:03:0e:43:36:
                    fe:89:34:7c:0f:5b:79:a8:a3:0f:fe:d9:fc:07:41:
                    04:7a:33:6e:1e:f2:10:95:ac:b2:22:35:8a:72:ef:
                    64:aa:9f:87:65:b8:dc:1d:39:40:04:44:3c:df:32:
                    0d:b5:ff:48:2b:30:a9:ea:b3:87:33:07:37:fa:d1:
                    d7:f6:2a:35:1d:ae:ea:ec:84:6e:e1:3f:ba:93:c4:
                    c3:9c:12:cb:bf:61:f5:bd:76:a7:b1:f5:3a:89:34:
                    3d:cd:52:5c:2f:98:b7:07:cf:9c:27:ee:e3:f5:25:
                    84:ab:1d:7c:1d:ee:65:15:19:64:21:82:d3:01:5b:
                    47:54:fe:02:55:17:ef:eb:54:27:36:84:31:11:9d:
                    8d:ce:84:c9:4b:68:5d:43:72:6a:08:eb:84:67:4e:
                    44:77:9e:16:a2:37:50:59:a4:ea:1f:26:58:29:56:
                    19:9f:6f:31:1a:dc:0b:ae:7e:76:c1:7d:59:14:d5:
                    88:97:c0:9d:29:c3:f7:b3:7c:75:89:59:1e:08:66:
                    68:da:89:8e:c6:ea:94:76:62:16:fa:b3:1a:77:68:
                    90:1f:b0:19:4c:c6:a6:5b:5e:b7:dd:3b:25:80:8b:
                    38:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:E9:18:89:82:1C:EE:61:F3:4B:21:74:05:2E:C7:BA:EB:F1:AA:A8
            X509v3 Authority Key Identifier:
                keyid:BA:0C:E1:7E:23:3F:BC:71:D4:30:AB:DA:C2:C3:0C:79:04:B6:A0:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/297c1031-a356-464c-a545-9d3b278c4ae9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/773a-32cceKetxwAXjT8GfH3xCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  173.82.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:1c:0d:1b:79:30:44:72:f0:2b:d1:31:1d:f5:4b:79:7c:b5:
         e7:d3:c8:7c:e3:96:2b:72:8d:d5:f9:50:ff:ae:31:e5:54:c0:
         34:92:1c:22:e2:7f:8f:f6:69:a6:03:8a:23:d5:36:00:c4:9e:
         33:3e:57:b6:1a:6f:c9:e3:85:d3:9a:0a:60:d9:4f:19:78:23:
         67:c6:65:de:05:5b:df:9c:26:ee:c9:a3:36:c8:d4:c7:f2:f6:
         d3:89:d5:e3:86:19:bf:50:6f:48:79:b0:3e:56:40:b9:44:c6:
         2d:6d:e4:a5:99:71:28:41:d5:3b:75:d2:c1:fd:b2:2c:b7:b0:
         2a:4f:d5:dd:f9:15:cf:5f:cb:45:21:dc:07:b5:08:eb:d4:86:
         fb:ae:69:b7:50:8d:d7:51:ff:1a:f9:3c:3e:a8:ea:91:60:e9:
         46:5a:df:6c:62:cf:94:b1:a9:0a:6c:77:4d:df:bb:d4:6a:27:
         c1:37:38:31:37:44:d0:b3:92:39:0b:e4:0c:e1:f0:fb:d2:78:
         13:41:a5:57:17:97:c5:aa:2c:e3:ae:7b:0c:2a:59:75:54:e7:
         26:0c:ad:4b:35:db:a3:af:bc:99:76:5e:2e:2b:5a:a7:65:13:
         fc:62:b2:07:27:50:7e:eb:e9:e0:51:15:56:c0:65:de:07:ca:
         59:96:50:40
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUH1pLiHO7iGWbo+oNdfWq7uZiEAcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOTdhYzAwMjhkNmVmYmRkYWZiN2Q5YzcxZTI5ZWI3MWMw
MDVlMzRmYzE5ZjFmN2M0MjQwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0AzMzA0Y2VhMjI2OTgyNTVjNzBmNmVmNTA3M2FhYTdjNDMz
NTBlODI2MzNlYjU4NTUzN2FhOGMxNWVmMTE3OTNiMS0wKwYDVQQDEyRmNzI0Mzc4
NS00NmRlLTQxNGItOWI4Zi03YTk2OTllOTc5ZTIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQChqyrLlF2JteyCOiz3W/4T+ntTWGMRAV1GAw5DNv6JNHwP
W3moow/+2fwHQQR6M24e8hCVrLIiNYpy72Sqn4dluNwdOUAERDzfMg21/0grMKnq
s4czBzf60df2KjUdrurshG7hP7qTxMOcEsu/YfW9dqex9TqJND3NUlwvmLcHz5wn
7uP1JYSrHXwd7mUVGWQhgtMBW0dU/gJVF+/rVCc2hDERnY3OhMlLaF1DcmoI64Rn
TkR3nhaiN1BZpOofJlgpVhmfbzEa3AuufnbBfVkU1YiXwJ0pw/ezfHWJWR4IZmja
iY7G6pR2Yhb6sxp3aJAfsBlMxqZbXrfdOyWAizi5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUI+kYiYIc7mHzSyF0BS7HuuvxqqgwHwYDVR0jBBgwFoAUugzhfiM/vHHU
MKvawsMMeQS2oOcwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy9kM2VhNmVhYi1m
NDFmLTRlNDYtYThmNi0zZGE0YTEyOGQ3OGMvOTdhYzAwMjhkNmVmYmRkYWZiN2Q5
YzcxZTI5ZWI3MWMwMDVlMzRmYzE5ZjFmN2M0MjQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTQ2MDJmYjAtYTlkNC00ZjlmLWIwY2EtYmUy
YTEzOWVhOTJiLzI5N2MxMDMxLWEzNTYtNDY0Yy1hNTQ1LTlkM2IyNzhjNGFlOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzU0NjAyZmIwLWE5ZDQtNGY5Zi1iMGNh
LWJlMmExMzllYTkyYi83NzNhLTMyY2NlS2V0eHdBWGpUOEdmSDN4Q1EuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACtUmEwDQYJKoZIhvcNAQELBQADggEBAHkcDRt5MERy8CvRMR31S3l8tefT
yHzjlityjdX5UP+uMeVUwDSSHCLif4/2aaYDiiPVNgDEnjM+V7Yab8njhdOaCmDZ
Txl4I2fGZd4FW9+cJu7JozbI1Mfy9tOJ1eOGGb9Qb0h5sD5WQLlExi1t5KWZcShB
1Tt10sH9siy3sCpP1d35Fc9fy0Uh3Ae1COvUhvuuabdQjddR/xr5PD6o6pFg6UZa
32xiz5SxqQpsd03fu9RqJ8E3ODE3RNCzkjkL5Azh8PvSeBNBpVcXl8WqLOOuewwq
WXVU5yYMrUs126OvvJl2Xi4rWqdlE/xisgcnUH7r6eBRFVbAZd4HylmWUEA=
-----END CERTIFICATE-----