Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/3fa850b1-98aa-437a-9e64-c470fb18d5de.roa
File:                     3fa850b1-98aa-437a-9e64-c470fb18d5de.roa (raw, json)
Hash identifier:          GQPJCAzFSHoLnn0gsYU4rhe05L4rsmMP9M0CnviveA0=
Subject key identifier:   8F:1B:D8:B8:E7:CF:C5:68:A0:F5:5D:B8:3B:BC:12:51:9B:66:78:66
Certificate issuer:       /CN=97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424
Certificate serial:       4FCC67DF362A89C4ED9E77FBED87E3A0F208109D
Authority key identifier: BA:0C:E1:7E:23:3F:BC:71:D4:30:AB:DA:C2:C3:0C:79:04:B6:A0:E7
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/3fa850b1-98aa-437a-9e64-c470fb18d5de.roa
Signing time:             Tue 28 Jan 2025 00:00:00 +0000
ROA not before:           Tue 28 Jan 2025 00:00:00 +0000
ROA not after:            Tue 04 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        173.82.73.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:cc:67:df:36:2a:89:c4:ed:9e:77:fb:ed:87:e3:a0:f2:08:10:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424
        Validity
            Not Before: Jan 28 00:00:00 2025 GMT
            Not After : Mar  4 23:59:59 2025 GMT
        Subject: serialNumber=1779deb77af42cb16fa66b43a840b1a1d9d98429463f7fa4e36305a05f0833aa, CN=f7243785-46de-414b-9b8f-7a9699e979e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:1e:b8:f3:c9:9f:ce:b9:d9:fa:a6:5d:8b:29:
                    b1:bf:17:f8:89:16:b9:17:63:3d:ef:58:c8:91:75:
                    91:1c:04:b9:8c:e1:ec:8a:e6:68:72:d1:dc:6f:f3:
                    27:65:fe:8d:0d:2b:46:b4:fe:3b:f8:f9:9e:83:98:
                    a5:34:24:23:50:ec:07:5f:9a:8c:44:ab:59:33:99:
                    7f:f6:d5:86:5e:dd:b0:fe:42:a0:73:80:e0:3b:50:
                    62:c0:53:cd:c9:9a:51:85:f2:f5:06:17:86:75:a4:
                    3f:a2:4f:50:58:cf:b6:88:c9:3f:81:59:97:55:23:
                    95:ba:f9:02:44:ea:11:45:e6:d1:99:77:34:2c:ed:
                    8c:ab:fc:1d:10:8f:bb:15:3b:92:14:1d:25:23:4b:
                    30:2d:36:de:09:e9:ec:03:de:37:ff:2f:cd:fe:45:
                    4e:0f:69:da:77:b8:cc:05:13:61:4f:c6:9e:95:4c:
                    c0:c6:a3:dc:0b:c5:cf:5c:32:b8:6f:d2:17:05:15:
                    09:99:b7:a8:ca:10:2f:d9:0b:fd:ec:45:1a:a6:e7:
                    b9:0b:3a:76:2d:af:af:45:0d:a6:2f:00:be:4e:cb:
                    9a:1b:d9:22:39:ca:06:31:d4:93:0b:f4:74:0b:71:
                    9a:41:bf:9c:06:89:10:90:8f:e1:ac:1f:c9:01:6a:
                    72:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:1B:D8:B8:E7:CF:C5:68:A0:F5:5D:B8:3B:BC:12:51:9B:66:78:66
            X509v3 Authority Key Identifier:
                keyid:BA:0C:E1:7E:23:3F:BC:71:D4:30:AB:DA:C2:C3:0C:79:04:B6:A0:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/3fa850b1-98aa-437a-9e64-c470fb18d5de.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/773a-32cceKetxwAXjT8GfH3xCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  173.82.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:4d:d4:b5:4e:0e:df:31:c6:42:97:cb:2d:93:e7:1e:a8:9b:
         29:29:b7:7d:89:e9:28:09:d8:fb:09:67:d9:59:0d:bb:5b:15:
         b4:3e:27:10:2f:99:b2:a3:e5:bc:99:54:19:d3:1b:bb:10:e8:
         d3:b6:a3:74:1d:3c:f0:07:98:55:20:05:9f:27:47:92:d7:fd:
         1e:44:84:56:eb:4f:8d:a8:a8:74:e5:77:83:65:81:ec:49:19:
         c9:79:81:f1:10:9a:f5:87:51:8f:f3:81:6a:57:8d:5c:5b:62:
         a6:d8:a3:e6:e9:1e:0f:9f:b8:f7:25:7c:79:09:0f:8e:6c:93:
         70:84:22:ba:fc:b6:4b:7f:e7:d6:57:a2:c0:03:4d:bb:30:6d:
         b8:c5:ab:80:35:ef:54:e0:00:f9:43:7b:4a:9f:bd:d0:e6:ec:
         2d:e8:65:5b:bc:e3:52:f0:30:24:be:26:5c:52:6d:a4:b9:29:
         c6:18:69:80:b5:24:5e:3b:64:bc:52:f1:34:12:7e:38:af:f2:
         c3:66:cb:34:12:fd:23:b8:db:9e:c7:e8:91:75:dc:ab:28:a1:
         f2:81:4d:10:49:f7:78:d7:f0:e6:54:ee:b6:bf:24:9a:25:30:
         46:2d:ec:48:a0:68:35:a8:a5:d8:d9:e7:9f:98:a8:0a:df:b1:
         8b:07:29:32
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUT8xn3zYqicTtnnf77YfjoPIIEJ0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOTdhYzAwMjhkNmVmYmRkYWZiN2Q5YzcxZTI5ZWI3MWMw
MDVlMzRmYzE5ZjFmN2M0MjQwHhcNMjUwMTI4MDAwMDAwWhcNMjUwMzA0MjM1OTU5
WjB6MUkwRwYDVQQFE0AxNzc5ZGViNzdhZjQyY2IxNmZhNjZiNDNhODQwYjFhMWQ5
ZDk4NDI5NDYzZjdmYTRlMzYzMDVhMDVmMDgzM2FhMS0wKwYDVQQDEyRmNzI0Mzc4
NS00NmRlLTQxNGItOWI4Zi03YTk2OTllOTc5ZTIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCaHrjzyZ/Oudn6pl2LKbG/F/iJFrkXYz3vWMiRdZEcBLmM
4eyK5mhy0dxv8ydl/o0NK0a0/jv4+Z6DmKU0JCNQ7AdfmoxEq1kzmX/21YZe3bD+
QqBzgOA7UGLAU83JmlGF8vUGF4Z1pD+iT1BYz7aIyT+BWZdVI5W6+QJE6hFF5tGZ
dzQs7Yyr/B0Qj7sVO5IUHSUjSzAtNt4J6ewD3jf/L83+RU4Padp3uMwFE2FPxp6V
TMDGo9wLxc9cMrhv0hcFFQmZt6jKEC/ZC/3sRRqm57kLOnYtr69FDaYvAL5Oy5ob
2SI5ygYx1JML9HQLcZpBv5wGiRCQj+GsH8kBanIxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUjxvYuOfPxWig9V24O7wSUZtmeGYwHwYDVR0jBBgwFoAUugzhfiM/vHHU
MKvawsMMeQS2oOcwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy9kM2VhNmVhYi1m
NDFmLTRlNDYtYThmNi0zZGE0YTEyOGQ3OGMvOTdhYzAwMjhkNmVmYmRkYWZiN2Q5
YzcxZTI5ZWI3MWMwMDVlMzRmYzE5ZjFmN2M0MjQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTQ2MDJmYjAtYTlkNC00ZjlmLWIwY2EtYmUy
YTEzOWVhOTJiLzNmYTg1MGIxLTk4YWEtNDM3YS05ZTY0LWM0NzBmYjE4ZDVkZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzU0NjAyZmIwLWE5ZDQtNGY5Zi1iMGNh
LWJlMmExMzllYTkyYi83NzNhLTMyY2NlS2V0eHdBWGpUOEdmSDN4Q1EuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACtUkkwDQYJKoZIhvcNAQELBQADggEBAAlN1LVODt8xxkKXyy2T5x6omykp
t32J6SgJ2PsJZ9lZDbtbFbQ+JxAvmbKj5byZVBnTG7sQ6NO2o3QdPPAHmFUgBZ8n
R5LX/R5EhFbrT42oqHTld4NlgexJGcl5gfEQmvWHUY/zgWpXjVxbYqbYo+bpHg+f
uPclfHkJD45sk3CEIrr8tkt/59ZXosADTbswbbjFq4A171TgAPlDe0qfvdDm7C3o
ZVu841LwMCS+JlxSbaS5KcYYaYC1JF47ZLxS8TQSfjiv8sNmyzQS/SO4257H6JF1
3KsoofKBTRBJ93jX8OZU7ra/JJolMEYt7EigaDWopdjZ55+YqArfsYsHKTI=
-----END CERTIFICATE-----