Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/00971cda-f8a5-49a0-a1dc-2285c68a8e9f.roa
File:                     00971cda-f8a5-49a0-a1dc-2285c68a8e9f.roa (raw, json)
Hash identifier:          XsPZALa7xpKzEIKyiYpqq+s3fvCK6V7Dz1LUP8xSZnI=
Subject key identifier:   DD:1F:8C:17:38:66:63:58:29:0B:0C:26:0D:C7:E3:99:7C:F0:7E:CA
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       785CBDB850AF1F9C6F79B917E46DE278D678C07F
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/00971cda-f8a5-49a0-a1dc-2285c68a8e9f.roa
Signing time:             Fri 10 Jan 2025 00:00:00 +0000
ROA not before:           Fri 10 Jan 2025 00:00:00 +0000
ROA not after:            Fri 14 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        43.200.0.0/13 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:5c:bd:b8:50:af:1f:9c:6f:79:b9:17:e4:6d:e2:78:d6:78:c0:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan 10 00:00:00 2025 GMT
            Not After : Feb 14 23:59:59 2025 GMT
        Subject: serialNumber=6de063731869b464f1cc395321f98c6a6fb292547534a37d9890c8aa5c4a1208, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:51:a4:ae:b1:36:ce:11:98:ba:03:26:85:3a:
                    06:6b:c6:6b:ad:9b:d1:d0:dd:53:e3:07:bf:57:d8:
                    97:15:16:3f:cc:d5:b9:97:c9:a8:a7:39:b9:4e:c1:
                    f1:df:ec:34:d4:68:de:a3:8a:e3:6d:9a:88:7d:a2:
                    5c:7b:17:86:ce:89:64:69:0a:63:c3:0b:0f:ed:97:
                    9d:35:c9:80:b8:58:94:80:b6:b2:56:41:69:a5:a0:
                    1d:00:1e:4f:93:a8:d8:75:52:7c:5e:00:59:0e:0b:
                    ef:bc:d5:76:21:e2:e8:5e:db:65:61:a4:0e:44:11:
                    23:19:7b:37:21:d7:72:bf:0c:8b:f0:7a:69:fb:6b:
                    41:3d:06:e9:0f:56:ae:b2:9c:62:01:20:0c:fd:ca:
                    46:36:09:d5:70:51:71:e8:3d:e9:6a:51:fe:93:cf:
                    50:0a:c4:d4:c0:e1:3a:a1:cb:0c:7e:d5:15:41:03:
                    83:de:54:f3:85:47:87:ce:25:55:54:8e:f8:0d:a5:
                    f9:b6:b3:6f:33:6d:ab:94:6f:c2:e8:b6:c8:74:a3:
                    49:72:3f:b8:15:0e:d8:5f:38:af:53:4f:33:e8:57:
                    01:dc:4b:64:ef:af:26:12:00:51:5e:37:c5:e2:45:
                    eb:c9:ac:eb:97:bf:52:47:e5:ef:1a:0d:04:c9:40:
                    43:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:1F:8C:17:38:66:63:58:29:0B:0C:26:0D:C7:E3:99:7C:F0:7E:CA
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/00971cda-f8a5-49a0-a1dc-2285c68a8e9f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.200.0.0/13

    Signature Algorithm: sha256WithRSAEncryption
         4a:7e:bc:c3:2d:b7:e3:75:80:07:ff:a7:7f:65:92:6d:d2:ba:
         6c:97:13:26:c3:77:5c:45:10:f6:5e:4e:8b:ef:b8:8d:58:de:
         a0:23:ad:42:f6:27:a4:35:3c:9d:b1:ac:56:33:86:56:de:a4:
         90:dc:85:51:cf:2b:68:a4:df:6d:b9:e5:f9:88:24:5f:32:76:
         c2:3f:5d:c1:67:9f:e7:38:1a:e7:d7:ba:08:43:3f:4c:e8:82:
         7b:80:98:1c:66:68:60:dd:12:d5:84:42:0e:c6:46:0b:56:b6:
         b9:02:52:08:5a:2b:f4:81:0b:d6:1b:9e:de:9a:14:84:42:dd:
         10:8f:6c:0d:97:e5:8f:46:ef:7a:8d:2b:ff:b6:00:e8:50:32:
         a1:d4:1e:92:6e:89:14:bf:84:0a:26:a1:e0:cb:83:fc:b0:03:
         76:30:6e:4f:77:ba:46:3e:e0:93:31:e1:dc:9a:8c:f0:87:50:
         38:2a:7d:46:7f:c6:e7:0b:02:74:67:f7:eb:8b:cd:2f:07:31:
         95:d9:0e:bb:85:67:1a:9c:f4:1a:b3:b3:75:07:f3:d1:47:5e:
         5f:f6:03:81:19:e5:2d:90:af:4d:e2:73:b5:52:d0:fd:43:fd:
         f0:b2:99:40:3c:4a:a9:bb:4e:e7:99:ca:c7:f3:d8:36:bd:a2:
         ee:30:e1:53
-----BEGIN CERTIFICATE-----
MIIFmzCCBIOgAwIBAgIUeFy9uFCvH5xvebkX5G3ieNZ4wH8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDExMDAwMDAwMFoX
DTI1MDIxNDIzNTk1OVowejFJMEcGA1UEBRNANmRlMDYzNzMxODY5YjQ2NGYxY2Mz
OTUzMjFmOThjNmE2ZmIyOTI1NDc1MzRhMzdkOTg5MGM4YWE1YzRhMTIwODEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn1GkrrE2zhGYugMmhToGa8ZrrZvR
0N1T4we/V9iXFRY/zNW5l8mopzm5TsHx3+w01Gjeo4rjbZqIfaJcexeGzolkaQpj
wwsP7ZedNcmAuFiUgLayVkFppaAdAB5Pk6jYdVJ8XgBZDgvvvNV2IeLoXttlYaQO
RBEjGXs3IddyvwyL8Hpp+2tBPQbpD1auspxiASAM/cpGNgnVcFFx6D3palH+k89Q
CsTUwOE6ocsMftUVQQOD3lTzhUeHziVVVI74DaX5trNvM22rlG/C6LbIdKNJcj+4
FQ7YXzivU08z6FcB3Etk768mEgBRXjfF4kXryazrl79SR+XvGg0EyUBDBwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFN0fjBc4ZmNYKQsMJg3H45l88H7KMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzAwOTcxY2RhLWY4YTUtNDlhMC1hMWRjLTIyODVjNjhhOGU5Zi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTAL
BAIAATAFAwMDK8gwDQYJKoZIhvcNAQELBQADggEBAEp+vMMtt+N1gAf/p39lkm3S
umyXEybDd1xFEPZeTovvuI1Y3qAjrUL2J6Q1PJ2xrFYzhlbepJDchVHPK2ik3225
5fmIJF8ydsI/XcFnn+c4GufXughDP0zognuAmBxmaGDdEtWEQg7GRgtWtrkCUgha
K/SBC9Ybnt6aFIRC3RCPbA2X5Y9G73qNK/+2AOhQMqHUHpJuiRS/hAomoeDLg/yw
A3Ywbk93ukY+4JMx4dyajPCHUDgqfUZ/xucLAnRn9+uLzS8HMZXZDruFZxqc9Bqz
s3UH89FHXl/2A4EZ5S2Qr03ic7VS0P1D/fCymUA8Sqm7TueZysfz2Da9ou4w4VM=
-----END CERTIFICATE-----