Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/230893db-3f28-4ea3-8a9a-8b4ba6bb1580.roa
File:                     230893db-3f28-4ea3-8a9a-8b4ba6bb1580.roa (raw, json)
Hash identifier:          U/q8CiRFzsC86fVauLfj9eEmRclUG7DN15Rk5i/XSyM=
Subject key identifier:   DD:81:FC:CC:34:EA:EC:F6:29:7A:78:EC:F1:3E:DE:A9:88:0B:8A:DD
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       2D721267B8704D76E9CA6590F8703901160C0844
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/230893db-3f28-4ea3-8a9a-8b4ba6bb1580.roa
Signing time:             Fri 10 Jan 2025 00:00:00 +0000
ROA not before:           Fri 10 Jan 2025 00:00:00 +0000
ROA not after:            Fri 14 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        27.0.0.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:72:12:67:b8:70:4d:76:e9:ca:65:90:f8:70:39:01:16:0c:08:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan 10 00:00:00 2025 GMT
            Not After : Feb 14 23:59:59 2025 GMT
        Subject: serialNumber=90fda7f8d22dc4a5ecc9b527b6b298e807e78af56f940b958430caa92ecbd031, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:e6:cf:b9:0f:25:22:27:7d:60:63:72:2f:e2:
                    23:4e:56:d5:90:58:4e:2f:f2:4c:2c:bb:e8:62:6d:
                    a2:50:1c:d0:44:28:a0:5e:2f:ed:fa:0b:34:7a:99:
                    3f:ca:42:4e:0f:fe:19:46:11:0a:ef:f1:27:75:81:
                    61:f4:52:37:39:87:ca:38:9b:19:65:3d:c2:74:c5:
                    af:41:0c:9b:d8:8b:9a:03:d3:7e:aa:f9:19:44:ec:
                    31:1b:e8:71:bd:b6:39:0a:5b:df:9e:b0:17:3b:fd:
                    03:de:5b:8c:f0:3f:4b:1a:5b:63:8a:bb:68:69:56:
                    28:f6:be:77:ad:e9:0b:f1:f0:71:7d:31:1a:0c:b9:
                    2f:44:c4:e7:bf:51:37:46:ef:0f:f0:79:1c:cf:71:
                    21:e8:77:1b:98:dd:49:45:ff:3b:3d:08:d4:d3:7a:
                    8e:20:f6:1c:ff:94:8d:fb:89:13:32:75:db:6e:a8:
                    36:d5:14:32:23:68:db:b7:45:62:7b:a4:60:5f:1b:
                    a0:0c:be:77:dc:aa:37:02:f5:1d:97:d3:7d:93:10:
                    36:21:7e:5e:13:4d:85:b0:5b:1e:1d:9e:32:f9:36:
                    8e:5e:a9:92:96:13:39:4c:64:cb:2e:6c:fb:be:b9:
                    21:24:b0:db:93:5a:06:16:a8:51:d2:79:22:e6:88:
                    5e:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:81:FC:CC:34:EA:EC:F6:29:7A:78:EC:F1:3E:DE:A9:88:0B:8A:DD
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/230893db-3f28-4ea3-8a9a-8b4ba6bb1580.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  27.0.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1a:f3:04:af:e3:f3:f3:fd:bc:30:fc:de:d0:db:98:33:71:b8:
         3e:e2:5f:ae:88:b9:23:d6:16:ec:80:cd:25:4d:fa:36:32:fd:
         80:98:0a:fe:e0:bc:73:a8:9b:b3:ad:ee:bb:8b:7d:89:cf:d6:
         49:4c:ae:8b:9b:d6:83:f7:b2:82:c8:01:03:cb:ee:c7:02:91:
         04:a8:c8:27:57:ac:e4:83:ec:bd:2a:88:11:81:0c:02:39:6a:
         c8:57:f4:3b:78:19:76:18:5a:f7:98:55:8f:4e:9b:44:5f:bd:
         d5:56:54:c4:94:09:a5:17:43:83:f6:8f:cd:3f:f2:ea:c8:4b:
         8b:a2:6b:47:78:bf:da:37:a4:29:46:45:80:36:97:60:67:02:
         24:15:fc:34:bb:7e:72:1a:d4:3a:81:d6:15:de:2d:eb:a3:1e:
         fe:2f:e2:43:02:3b:e5:0a:81:77:b2:b3:0e:47:21:31:98:d5:
         3f:f9:f6:9b:56:e4:eb:65:db:06:d0:53:0d:38:6c:a7:31:50:
         10:47:0b:49:3a:66:2f:a3:02:1b:bd:5d:a4:0a:95:b3:e8:09:
         35:8d:f9:1d:51:55:24:70:25:ce:fa:25:af:8c:b7:f8:96:13:
         43:f5:52:d3:ec:af:4b:26:01:89:b6:22:c0:d1:8f:6a:4d:e9:
         61:b5:29:13
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIULXISZ7hwTXbpymWQ+HA5ARYMCEQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDExMDAwMDAwMFoX
DTI1MDIxNDIzNTk1OVowejFJMEcGA1UEBRNAOTBmZGE3ZjhkMjJkYzRhNWVjYzli
NTI3YjZiMjk4ZTgwN2U3OGFmNTZmOTQwYjk1ODQzMGNhYTkyZWNiZDAzMTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+bPuQ8lIid9YGNyL+IjTlbVkFhO
L/JMLLvoYm2iUBzQRCigXi/t+gs0epk/ykJOD/4ZRhEK7/EndYFh9FI3OYfKOJsZ
ZT3CdMWvQQyb2IuaA9N+qvkZROwxG+hxvbY5ClvfnrAXO/0D3luM8D9LGltjirto
aVYo9r53rekL8fBxfTEaDLkvRMTnv1E3Ru8P8Hkcz3Eh6HcbmN1JRf87PQjU03qO
IPYc/5SN+4kTMnXbbqg21RQyI2jbt0Vie6RgXxugDL533Ko3AvUdl9N9kxA2IX5e
E02FsFseHZ4y+TaOXqmSlhM5TGTLLmz7vrkhJLDbk1oGFqhR0nki5ohe4QIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFN2B/Mw06uz2KXp47PE+3qmIC4rdMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzIzMDg5M2RiLTNmMjgtNGVhMy04YTlhLThiNGJhNmJiMTU4MC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQCGwAAMA0GCSqGSIb3DQEBCwUAA4IBAQAa8wSv4/Pz/bww/N7Q25gz
cbg+4l+uiLkj1hbsgM0lTfo2Mv2AmAr+4LxzqJuzre67i32Jz9ZJTK6Lm9aD97KC
yAEDy+7HApEEqMgnV6zkg+y9KogRgQwCOWrIV/Q7eBl2GFr3mFWPTptEX73VVlTE
lAmlF0OD9o/NP/LqyEuLomtHeL/aN6QpRkWANpdgZwIkFfw0u35yGtQ6gdYV3i3r
ox7+L+JDAjvlCoF3srMORyExmNU/+fabVuTrZdsG0FMNOGynMVAQRwtJOmYvowIb
vV2kCpWz6Ak1jfkdUVUkcCXO+iWvjLf4lhND9VLT7K9LJgGJtiLA0Y9qTelhtSkT
-----END CERTIFICATE-----