Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/79b32b20-868a-4a87-a60c-1099af423e6a.roa
File:                     79b32b20-868a-4a87-a60c-1099af423e6a.roa (raw, json)
Hash identifier:          Zv+LQ72/HJ2R2vRqwDYufQJUv+yBrWeWw3jdt22/bDY=
Subject key identifier:   19:86:AF:59:C0:B1:EF:C1:6F:92:3E:A4:86:82:44:74:68:59:8B:6D
Certificate issuer:       /CN=97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424
Certificate serial:       53C7028F5B302E313557C298EF5874E1DAA76ED2
Authority key identifier: BA:0C:E1:7E:23:3F:BC:71:D4:30:AB:DA:C2:C3:0C:79:04:B6:A0:E7
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/79b32b20-868a-4a87-a60c-1099af423e6a.roa
Signing time:             Tue 28 Jan 2025 00:00:00 +0000
ROA not before:           Tue 28 Jan 2025 00:00:00 +0000
ROA not after:            Tue 04 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        173.82.67.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:c7:02:8f:5b:30:2e:31:35:57:c2:98:ef:58:74:e1:da:a7:6e:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424
        Validity
            Not Before: Jan 28 00:00:00 2025 GMT
            Not After : Mar  4 23:59:59 2025 GMT
        Subject: serialNumber=dd2208ecc51894cbc66afb852493d68a58885c23feee1660c1afe0dd1b128757, CN=f7243785-46de-414b-9b8f-7a9699e979e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:f8:16:17:6d:7d:e7:9f:f3:e0:a7:57:36:5d:
                    ee:66:e8:5a:e5:ab:59:06:5c:e4:cf:ca:61:56:3f:
                    92:9a:a7:27:b5:79:92:10:16:90:ad:a0:fc:15:d3:
                    15:df:8b:41:31:ed:d5:6e:ad:9b:b5:a3:71:3d:44:
                    e0:e4:24:f0:08:d5:99:5f:dd:3a:bf:83:bf:d4:87:
                    20:08:58:95:89:17:b9:6e:25:b0:c6:f3:b3:9a:02:
                    8e:a7:31:3b:93:2e:b4:8f:13:b1:55:2d:6a:3e:06:
                    4d:49:d6:62:5d:4f:18:80:14:40:f1:13:95:85:21:
                    1e:2b:4f:5a:2c:c4:b2:52:c8:0a:cf:f2:d7:19:04:
                    52:57:77:73:26:f7:24:a6:41:62:fa:66:77:8f:ee:
                    72:57:d0:9f:0b:10:4b:8f:dd:cd:eb:2f:65:ae:ca:
                    8d:9a:ee:6b:8d:b0:cb:55:70:9f:af:65:71:02:ee:
                    ec:a2:ff:f6:36:f9:52:dc:0b:62:80:f7:84:30:6d:
                    b4:cd:5b:95:0c:a8:ab:cd:76:72:9d:ae:e2:1d:9b:
                    52:a8:58:90:02:75:3d:2b:fa:73:5d:8d:ca:fa:55:
                    29:f0:f9:90:13:d0:fb:c4:cb:6e:a4:e8:06:fd:66:
                    1f:cb:bb:70:d5:b3:6f:0e:ba:24:0c:a5:a5:3f:d4:
                    e6:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:86:AF:59:C0:B1:EF:C1:6F:92:3E:A4:86:82:44:74:68:59:8B:6D
            X509v3 Authority Key Identifier:
                keyid:BA:0C:E1:7E:23:3F:BC:71:D4:30:AB:DA:C2:C3:0C:79:04:B6:A0:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/79b32b20-868a-4a87-a60c-1099af423e6a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/773a-32cceKetxwAXjT8GfH3xCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  173.82.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:86:d7:95:3b:bb:8b:35:02:f1:9b:1d:3e:65:13:d2:67:45:
         be:31:41:1b:af:38:4d:be:bb:ef:46:e8:54:60:ba:0d:31:56:
         51:0f:90:f5:3a:91:ff:bd:2e:58:e3:bf:2d:da:e9:30:05:ac:
         a9:48:84:c3:3b:3d:25:de:59:a1:8f:f8:e4:d4:33:2c:b0:a5:
         95:93:88:55:b0:a9:3c:5f:21:e5:16:b1:c3:af:a1:c8:1c:7b:
         cd:58:24:05:76:af:a5:d8:92:8f:44:64:e7:1f:1f:42:49:54:
         7e:32:7c:47:8f:ae:3f:9e:e0:93:f7:03:27:da:fc:6d:71:fb:
         dd:24:0d:d1:84:9f:6b:57:ae:d9:67:d2:33:e4:aa:f7:fa:51:
         f1:fb:15:1c:6f:20:3b:5f:be:0d:d0:5e:67:6f:69:a0:95:45:
         f1:89:9b:08:d0:75:3f:53:a9:35:5c:8e:3d:3e:b6:9b:9f:3b:
         28:6f:a6:5c:8f:e2:15:fc:a9:cf:3e:8a:36:1e:af:4e:8e:5d:
         fd:ec:2b:44:9c:cd:b8:7c:d6:ee:7e:a6:02:b3:1d:ea:be:78:
         ca:b3:61:5a:e1:5e:a7:b2:9e:d5:b1:f6:28:bf:cd:c6:93:46:
         a7:88:5e:43:00:00:5e:96:a4:04:94:f8:8c:f5:6c:e2:41:2c:
         cc:f9:48:48
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUU8cCj1swLjE1V8KY71h04dqnbtIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOTdhYzAwMjhkNmVmYmRkYWZiN2Q5YzcxZTI5ZWI3MWMw
MDVlMzRmYzE5ZjFmN2M0MjQwHhcNMjUwMTI4MDAwMDAwWhcNMjUwMzA0MjM1OTU5
WjB6MUkwRwYDVQQFE0BkZDIyMDhlY2M1MTg5NGNiYzY2YWZiODUyNDkzZDY4YTU4
ODg1YzIzZmVlZTE2NjBjMWFmZTBkZDFiMTI4NzU3MS0wKwYDVQQDEyRmNzI0Mzc4
NS00NmRlLTQxNGItOWI4Zi03YTk2OTllOTc5ZTIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5+BYXbX3nn/Pgp1c2Xe5m6Frlq1kGXOTPymFWP5Kapye1
eZIQFpCtoPwV0xXfi0Ex7dVurZu1o3E9RODkJPAI1Zlf3Tq/g7/UhyAIWJWJF7lu
JbDG87OaAo6nMTuTLrSPE7FVLWo+Bk1J1mJdTxiAFEDxE5WFIR4rT1osxLJSyArP
8tcZBFJXd3Mm9ySmQWL6ZneP7nJX0J8LEEuP3c3rL2Wuyo2a7muNsMtVcJ+vZXEC
7uyi//Y2+VLcC2KA94QwbbTNW5UMqKvNdnKdruIdm1KoWJACdT0r+nNdjcr6VSnw
+ZAT0PvEy26k6Ab9Zh/Lu3DVs28OuiQMpaU/1OapAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUGYavWcCx78Fvkj6khoJEdGhZi20wHwYDVR0jBBgwFoAUugzhfiM/vHHU
MKvawsMMeQS2oOcwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy9kM2VhNmVhYi1m
NDFmLTRlNDYtYThmNi0zZGE0YTEyOGQ3OGMvOTdhYzAwMjhkNmVmYmRkYWZiN2Q5
YzcxZTI5ZWI3MWMwMDVlMzRmYzE5ZjFmN2M0MjQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTQ2MDJmYjAtYTlkNC00ZjlmLWIwY2EtYmUy
YTEzOWVhOTJiLzc5YjMyYjIwLTg2OGEtNGE4Ny1hNjBjLTEwOTlhZjQyM2U2YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzU0NjAyZmIwLWE5ZDQtNGY5Zi1iMGNh
LWJlMmExMzllYTkyYi83NzNhLTMyY2NlS2V0eHdBWGpUOEdmSDN4Q1EuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACtUkMwDQYJKoZIhvcNAQELBQADggEBAHyG15U7u4s1AvGbHT5lE9JnRb4x
QRuvOE2+u+9G6FRgug0xVlEPkPU6kf+9Lljjvy3a6TAFrKlIhMM7PSXeWaGP+OTU
MyywpZWTiFWwqTxfIeUWscOvocgce81YJAV2r6XYko9EZOcfH0JJVH4yfEePrj+e
4JP3Ayfa/G1x+90kDdGEn2tXrtln0jPkqvf6UfH7FRxvIDtfvg3QXmdvaaCVRfGJ
mwjQdT9TqTVcjj0+tpufOyhvplyP4hX8qc8+ijYer06OXf3sK0Sczbh81u5+pgKz
Heq+eMqzYVrhXqeyntWx9ii/zcaTRqeIXkMAAF6WpASU+Iz1bOJBLMz5SEg=
-----END CERTIFICATE-----