Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/5badb39b-b8ba-4eb1-b806-461be5bd804c.roa
File:                     5badb39b-b8ba-4eb1-b806-461be5bd804c.roa (raw, json)
Hash identifier:          sL3fjRbMZEguko2BKYWeyBOQkJhycCqMS7vDsxNRn/4=
Subject key identifier:   5E:7F:A6:7D:E7:77:A9:F9:DD:5F:B8:8D:A6:0A:DC:6B:B2:5F:15:4D
Certificate issuer:       /CN=97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424
Certificate serial:       48C0B43253D347F16CBBB071612215872BDC2A50
Authority key identifier: BA:0C:E1:7E:23:3F:BC:71:D4:30:AB:DA:C2:C3:0C:79:04:B6:A0:E7
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/5badb39b-b8ba-4eb1-b806-461be5bd804c.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        173.82.7.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:c0:b4:32:53:d3:47:f1:6c:bb:b0:71:61:22:15:87:2b:dc:2a:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=5fe7c7c7ac0751130cc128312c0e36c9ac5c08c164455cb78eb8693ed882f569, CN=f7243785-46de-414b-9b8f-7a9699e979e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:46:03:28:61:7d:33:7f:99:ea:b3:e3:0e:2c:
                    9b:d9:7a:a5:bc:3a:a1:cd:7d:00:e2:c3:a6:8e:5f:
                    a6:a3:5b:a9:5b:ac:ca:51:91:2a:f4:b8:35:d7:04:
                    40:a8:8e:80:1f:4c:a4:82:dd:a6:1f:03:94:d1:1e:
                    b7:84:6a:9d:13:77:74:04:56:a7:f7:4c:dc:00:ce:
                    44:91:4f:5c:ee:3b:71:16:8d:3a:2a:fa:db:c8:18:
                    0b:8f:0c:76:ac:3c:4b:6e:35:69:a8:32:51:d8:ea:
                    f3:77:e7:b8:a8:f2:0b:a6:cb:d7:90:dd:99:31:05:
                    3d:9c:4a:08:34:b8:a3:c6:95:7a:f5:73:c6:94:85:
                    e4:76:3d:6a:0f:e9:ee:6a:e3:08:89:81:dc:f3:ca:
                    ab:c5:dd:d5:ef:ce:2f:70:72:56:78:78:f3:47:04:
                    88:ee:d1:97:05:b7:39:72:bc:b9:a3:88:81:db:2d:
                    d2:61:1d:bb:76:5f:f3:7d:3c:59:b0:50:0e:61:51:
                    5a:5b:42:72:e5:08:6e:6a:e4:aa:b8:69:81:fd:0b:
                    64:57:ab:78:5b:1d:2f:8c:3a:cf:de:1a:05:73:de:
                    24:0d:d7:dd:d8:1e:5d:13:5e:13:f4:36:f4:6f:31:
                    89:32:59:ba:d1:74:ed:03:bf:e6:d2:99:1d:b6:7e:
                    c3:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:7F:A6:7D:E7:77:A9:F9:DD:5F:B8:8D:A6:0A:DC:6B:B2:5F:15:4D
            X509v3 Authority Key Identifier:
                keyid:BA:0C:E1:7E:23:3F:BC:71:D4:30:AB:DA:C2:C3:0C:79:04:B6:A0:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/5badb39b-b8ba-4eb1-b806-461be5bd804c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/773a-32cceKetxwAXjT8GfH3xCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  173.82.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:c9:b2:27:9d:c8:c4:47:68:c2:11:a9:2a:55:36:86:0a:db:
         6d:16:98:e9:02:0f:96:d7:aa:d0:41:fd:91:ab:0e:79:b0:64:
         98:85:52:35:fb:6b:1b:9a:5d:b5:db:72:1b:54:bb:f2:52:54:
         c6:4b:e9:43:52:06:09:f1:42:99:0c:69:d3:cd:5c:96:ff:14:
         82:39:1b:95:1d:7b:2b:28:11:62:37:b0:db:d1:04:c0:62:fb:
         87:dd:e6:26:0a:4c:69:d5:9f:0e:39:11:83:0c:56:d5:fb:fa:
         9c:52:b6:46:09:78:a4:b2:b5:51:54:1a:bf:31:0e:96:d1:7c:
         e3:70:48:be:5a:30:03:f3:c1:0f:70:1a:94:f9:dd:cb:66:69:
         91:ab:9d:48:be:e8:c2:b0:46:79:20:cc:b8:30:d1:ba:d6:d5:
         d6:6b:24:3c:17:66:70:ba:8c:dc:1c:c0:d7:1a:79:74:b0:9f:
         45:1e:ae:be:36:87:bd:d6:f9:8c:d2:ad:8a:e8:7d:70:84:8e:
         e2:87:68:48:42:8a:4c:b4:3e:15:15:dc:c7:fa:f1:18:fa:05:
         ed:1c:ba:91:c7:5f:b6:08:d9:98:5f:64:f6:32:c4:ca:47:d3:
         b2:87:75:fa:7d:0f:10:47:fe:d2:7f:a5:0d:0b:a4:37:35:d6:
         a9:e3:83:b2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSMC0MlPTR/Fsu7BxYSIVhyvcKlAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOTdhYzAwMjhkNmVmYmRkYWZiN2Q5YzcxZTI5ZWI3MWMw
MDVlMzRmYzE5ZjFmN2M0MjQwHhcNMjUwMTA3MDAwMDAwWhcNMjUwMjExMjM1OTU5
WjB6MUkwRwYDVQQFE0A1ZmU3YzdjN2FjMDc1MTEzMGNjMTI4MzEyYzBlMzZjOWFj
NWMwOGMxNjQ0NTVjYjc4ZWI4NjkzZWQ4ODJmNTY5MS0wKwYDVQQDEyRmNzI0Mzc4
NS00NmRlLTQxNGItOWI4Zi03YTk2OTllOTc5ZTIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCyRgMoYX0zf5nqs+MOLJvZeqW8OqHNfQDiw6aOX6ajW6lb
rMpRkSr0uDXXBECojoAfTKSC3aYfA5TRHreEap0Td3QEVqf3TNwAzkSRT1zuO3EW
jToq+tvIGAuPDHasPEtuNWmoMlHY6vN357io8gumy9eQ3ZkxBT2cSgg0uKPGlXr1
c8aUheR2PWoP6e5q4wiJgdzzyqvF3dXvzi9wclZ4ePNHBIju0ZcFtzlyvLmjiIHb
LdJhHbt2X/N9PFmwUA5hUVpbQnLlCG5q5Kq4aYH9C2RXq3hbHS+MOs/eGgVz3iQN
193YHl0TXhP0NvRvMYkyWbrRdO0Dv+bSmR22fsOdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUXn+mfed3qfndX7iNpgrca7JfFU0wHwYDVR0jBBgwFoAUugzhfiM/vHHU
MKvawsMMeQS2oOcwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy9kM2VhNmVhYi1m
NDFmLTRlNDYtYThmNi0zZGE0YTEyOGQ3OGMvOTdhYzAwMjhkNmVmYmRkYWZiN2Q5
YzcxZTI5ZWI3MWMwMDVlMzRmYzE5ZjFmN2M0MjQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTQ2MDJmYjAtYTlkNC00ZjlmLWIwY2EtYmUy
YTEzOWVhOTJiLzViYWRiMzliLWI4YmEtNGViMS1iODA2LTQ2MWJlNWJkODA0Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzU0NjAyZmIwLWE5ZDQtNGY5Zi1iMGNh
LWJlMmExMzllYTkyYi83NzNhLTMyY2NlS2V0eHdBWGpUOEdmSDN4Q1EuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACtUgcwDQYJKoZIhvcNAQELBQADggEBAAfJsiedyMRHaMIRqSpVNoYK220W
mOkCD5bXqtBB/ZGrDnmwZJiFUjX7axuaXbXbchtUu/JSVMZL6UNSBgnxQpkMadPN
XJb/FII5G5UdeysoEWI3sNvRBMBi+4fd5iYKTGnVnw45EYMMVtX7+pxStkYJeKSy
tVFUGr8xDpbRfONwSL5aMAPzwQ9wGpT53ctmaZGrnUi+6MKwRnkgzLgw0brW1dZr
JDwXZnC6jNwcwNcaeXSwn0Uerr42h73W+YzSrYrofXCEjuKHaEhCiky0PhUV3Mf6
8Rj6Be0cupHHX7YI2ZhfZPYyxMpH07KHdfp9DxBH/tJ/pQ0LpDc11qnjg7I=
-----END CERTIFICATE-----