Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/2fe9db9b-190c-4cb8-b39b-c434b766e412.roa
File:                     2fe9db9b-190c-4cb8-b39b-c434b766e412.roa (raw, json)
Hash identifier:          qv2OQXxXgNpNlY+WbKShNqSQcGaCK668cdwQaveSeJg=
Subject key identifier:   41:7D:B8:DA:32:44:46:5A:8C:F2:1E:9A:F9:68:D9:EA:76:05:B5:CF
Certificate issuer:       /CN=97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424
Certificate serial:       4D3ACBF6991329B8DA84F65E409D6C329DA18B12
Authority key identifier: BA:0C:E1:7E:23:3F:BC:71:D4:30:AB:DA:C2:C3:0C:79:04:B6:A0:E7
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/2fe9db9b-190c-4cb8-b39b-c434b766e412.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        173.82.16.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:3a:cb:f6:99:13:29:b8:da:84:f6:5e:40:9d:6c:32:9d:a1:8b:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: serialNumber=f3bce9e1e66a256e768e596eaaf2e3d6fff272dfdb1244102e0c68ae45d91572, CN=f7243785-46de-414b-9b8f-7a9699e979e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:0c:1e:03:99:6c:37:98:69:cb:02:f5:28:c4:
                    46:37:d6:6e:24:28:db:f1:bb:e3:f5:0c:bd:c5:7e:
                    e1:e7:88:99:bc:b9:d9:3d:e9:67:f3:de:d6:3f:f5:
                    dd:db:03:56:5a:90:b4:78:44:05:e3:da:5b:fb:cb:
                    1b:2c:2e:04:c8:4a:16:49:49:13:fc:2e:52:e8:9e:
                    8b:01:72:fc:65:28:a6:55:70:2e:ec:58:6a:37:86:
                    63:8b:af:86:e1:f5:69:e0:32:53:4a:3e:a1:48:9e:
                    a1:bc:2d:3c:d5:30:f5:b0:9e:72:ab:15:70:59:5d:
                    c7:15:22:82:3c:ff:bb:9f:ce:28:85:ec:2d:f4:b7:
                    1c:6f:91:41:a6:7a:14:d2:98:36:98:5a:29:f9:02:
                    ba:10:16:a0:54:c8:1f:4e:b8:e8:25:72:88:3b:53:
                    70:68:97:78:3d:63:d3:27:67:9d:82:ac:ba:ef:dc:
                    07:ae:65:9e:3a:fa:6c:ff:d5:fd:57:59:89:52:1c:
                    58:72:0c:c0:9a:50:4c:23:67:37:8f:97:5b:dc:4d:
                    01:4d:e3:67:9d:8d:93:0c:3b:38:6c:34:34:f8:21:
                    0b:58:da:b9:f2:b1:8a:a9:90:64:21:54:db:28:ef:
                    8a:76:f8:e0:65:02:98:24:b5:a3:06:f4:cc:56:f3:
                    7f:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:7D:B8:DA:32:44:46:5A:8C:F2:1E:9A:F9:68:D9:EA:76:05:B5:CF
            X509v3 Authority Key Identifier:
                keyid:BA:0C:E1:7E:23:3F:BC:71:D4:30:AB:DA:C2:C3:0C:79:04:B6:A0:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/2fe9db9b-190c-4cb8-b39b-c434b766e412.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/773a-32cceKetxwAXjT8GfH3xCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  173.82.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:fd:c0:d2:d5:f3:ac:f2:53:a6:b2:0c:02:97:c2:90:fc:52:
         30:41:c2:49:c9:79:18:cd:4f:ab:55:76:85:73:78:93:0e:3e:
         76:76:5b:33:23:d1:47:bd:64:20:ac:70:42:32:74:0b:ed:a9:
         4f:1b:44:9f:d1:df:bf:14:cf:83:d3:0e:98:c6:83:35:6b:fc:
         85:ff:07:86:0d:e2:29:b7:c4:a1:79:13:8f:61:ed:5a:8e:1f:
         92:c7:35:c4:6a:de:db:6a:9a:33:45:70:d7:f5:df:d5:23:5c:
         c5:84:02:49:06:33:67:4f:8a:ee:8c:54:6e:ad:6e:24:84:3a:
         f3:7b:f7:a2:27:34:cf:1b:52:b4:ef:9b:6e:a0:57:94:d2:63:
         db:fb:76:fb:b8:1d:5e:6e:01:de:45:c6:e8:57:d5:0d:7b:c0:
         48:a8:46:17:cf:6c:eb:31:03:16:a6:6a:45:b9:17:1c:14:ce:
         4e:77:41:3a:fc:73:f0:65:0a:de:e7:2d:bc:34:ce:cf:1a:41:
         92:73:73:45:96:33:41:64:f5:78:40:83:56:5b:7e:be:b8:7b:
         cf:8f:b9:72:da:b4:78:2b:5e:b5:8c:81:55:12:91:d7:fb:33:
         31:ee:43:34:ef:6d:ee:0d:34:cb:cb:04:47:95:3d:70:72:4e:
         70:9e:a7:21
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTTrL9pkTKbjahPZeQJ1sMp2hixIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOTdhYzAwMjhkNmVmYmRkYWZiN2Q5YzcxZTI5ZWI3MWMw
MDVlMzRmYzE5ZjFmN2M0MjQwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BmM2JjZTllMWU2NmEyNTZlNzY4ZTU5NmVhYWYyZTNkNmZm
ZjI3MmRmZGIxMjQ0MTAyZTBjNjhhZTQ1ZDkxNTcyMS0wKwYDVQQDEyRmNzI0Mzc4
NS00NmRlLTQxNGItOWI4Zi03YTk2OTllOTc5ZTIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzDB4DmWw3mGnLAvUoxEY31m4kKNvxu+P1DL3FfuHniJm8
udk96Wfz3tY/9d3bA1ZakLR4RAXj2lv7yxssLgTIShZJSRP8LlLonosBcvxlKKZV
cC7sWGo3hmOLr4bh9WngMlNKPqFInqG8LTzVMPWwnnKrFXBZXccVIoI8/7ufziiF
7C30txxvkUGmehTSmDaYWin5AroQFqBUyB9OuOglcog7U3Bol3g9Y9MnZ52CrLrv
3AeuZZ46+mz/1f1XWYlSHFhyDMCaUEwjZzePl1vcTQFN42edjZMMOzhsNDT4IQtY
2rnysYqpkGQhVNso74p2+OBlApgktaMG9MxW83/DAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQX242jJERlqM8h6a+WjZ6nYFtc8wHwYDVR0jBBgwFoAUugzhfiM/vHHU
MKvawsMMeQS2oOcwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy9kM2VhNmVhYi1m
NDFmLTRlNDYtYThmNi0zZGE0YTEyOGQ3OGMvOTdhYzAwMjhkNmVmYmRkYWZiN2Q5
YzcxZTI5ZWI3MWMwMDVlMzRmYzE5ZjFmN2M0MjQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTQ2MDJmYjAtYTlkNC00ZjlmLWIwY2EtYmUy
YTEzOWVhOTJiLzJmZTlkYjliLTE5MGMtNGNiOC1iMzliLWM0MzRiNzY2ZTQxMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzU0NjAyZmIwLWE5ZDQtNGY5Zi1iMGNh
LWJlMmExMzllYTkyYi83NzNhLTMyY2NlS2V0eHdBWGpUOEdmSDN4Q1EuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACtUhAwDQYJKoZIhvcNAQELBQADggEBADT9wNLV86zyU6ayDAKXwpD8UjBB
wknJeRjNT6tVdoVzeJMOPnZ2WzMj0Ue9ZCCscEIydAvtqU8bRJ/R378Uz4PTDpjG
gzVr/IX/B4YN4im3xKF5E49h7VqOH5LHNcRq3ttqmjNFcNf139UjXMWEAkkGM2dP
iu6MVG6tbiSEOvN796InNM8bUrTvm26gV5TSY9v7dvu4HV5uAd5FxuhX1Q17wEio
RhfPbOsxAxamakW5FxwUzk53QTr8c/BlCt7nLbw0zs8aQZJzc0WWM0Fk9XhAg1Zb
fr64e8+PuXLatHgrXrWMgVUSkdf7MzHuQzTvbe4NNMvLBEeVPXByTnCepyE=
-----END CERTIFICATE-----