Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/245a65bb-591c-47bc-8a8c-6c86b093fd8b.roa
File:                     245a65bb-591c-47bc-8a8c-6c86b093fd8b.roa (raw, json)
Hash identifier:          KX+VPs2Q3wNKIKxLxIuXJDR04AgqQi84uyfbu0j40+o=
Subject key identifier:   DE:28:35:D8:47:61:2B:0E:CB:7A:7A:FE:A0:10:A0:50:40:FE:B5:5F
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       590661C0088FB3BA8603D7536108DCD91EE4EEB1
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/245a65bb-591c-47bc-8a8c-6c86b093fd8b.roa
Signing time:             Fri 10 Jan 2025 00:00:00 +0000
ROA not before:           Fri 10 Jan 2025 00:00:00 +0000
ROA not after:            Fri 14 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        43.249.44.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:06:61:c0:08:8f:b3:ba:86:03:d7:53:61:08:dc:d9:1e:e4:ee:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan 10 00:00:00 2025 GMT
            Not After : Feb 14 23:59:59 2025 GMT
        Subject: serialNumber=846550739a6b12cceb592674e9d3a201d0e86022aa5fb6cee6fad582488bcae3, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:bc:57:8e:a2:93:63:b6:fc:05:05:7a:0d:5c:
                    f9:a7:f3:47:0a:c2:03:cc:5d:a2:b4:70:44:13:d3:
                    de:e1:65:80:d1:4c:b2:ef:b2:54:b4:6c:be:e7:ac:
                    c5:51:62:e0:48:0e:9b:21:58:0e:61:90:49:55:5f:
                    65:8d:24:5d:94:30:d5:3b:f9:ac:27:ee:ae:b4:70:
                    7f:a0:2e:24:ae:8d:ce:fb:c1:6c:63:e3:90:40:59:
                    8f:5e:6e:5a:7a:1f:2a:11:5c:26:de:27:f0:1e:dd:
                    bc:00:9b:3b:8b:3e:92:99:f0:9b:58:ee:f1:52:ac:
                    ec:e5:c8:a9:4c:9f:d7:2a:83:64:78:1c:b4:ca:b3:
                    c6:ea:8b:2f:b4:75:9a:e4:8a:6a:48:e0:f6:d4:fa:
                    33:48:70:24:ee:d8:91:7d:40:4d:0e:42:d2:0d:cd:
                    16:61:b3:30:f7:b8:52:59:a4:c0:e7:5f:99:ca:b8:
                    1b:ee:90:bc:b9:ed:3d:08:dc:a4:77:78:67:4b:5b:
                    61:2c:c7:ab:ba:c4:a5:46:90:33:66:41:4b:26:d1:
                    d3:c8:f7:31:3e:eb:69:ed:4b:1a:96:42:48:e9:71:
                    07:b1:61:3a:b9:6b:3c:77:fd:4e:0e:98:9c:51:ef:
                    d7:e6:40:2f:76:f8:0b:28:6f:7f:83:1f:b7:11:21:
                    a7:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:28:35:D8:47:61:2B:0E:CB:7A:7A:FE:A0:10:A0:50:40:FE:B5:5F
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/245a65bb-591c-47bc-8a8c-6c86b093fd8b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.249.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8c:61:a6:d5:01:2c:26:e7:08:9b:c7:65:5a:df:38:19:41:a3:
         6c:12:13:ff:7d:45:d3:7c:7c:b3:d3:42:02:7d:b9:65:5a:e5:
         c7:af:15:c7:5a:73:aa:e4:d6:e6:86:61:b4:9c:24:85:1b:3d:
         fa:a8:27:29:49:ff:4d:67:19:b5:37:a7:4f:dc:7c:36:c6:fe:
         e8:f8:52:c7:4c:e1:9b:81:05:94:c9:56:64:46:fa:dd:eb:aa:
         95:74:c8:d1:4e:21:af:43:79:72:29:f7:9f:2d:49:81:15:84:
         8f:6e:7f:ce:d9:fe:81:61:8e:49:c3:85:15:7e:5a:be:31:8f:
         fa:eb:b5:4a:a1:fb:46:31:90:fc:cd:b5:69:80:58:e5:0c:14:
         41:7a:14:2b:f9:7e:b7:87:47:63:a6:a2:75:a7:70:8f:e4:83:
         c4:f1:f9:33:c1:e6:46:6e:f5:8f:ba:8d:fd:5d:3d:69:bd:7a:
         19:f6:90:4a:7e:d6:b0:83:2a:a8:86:df:32:39:40:b3:1d:1a:
         d3:05:7f:d3:ed:e8:a3:3c:77:32:72:d8:94:0b:eb:6a:3c:16:
         d3:2a:b4:d8:33:2d:a5:c8:a2:36:4c:6e:ca:97:39:d5:6d:00:
         ea:f8:0d:03:28:a7:27:c8:20:f0:7f:3c:8f:83:c7:d5:7d:66:
         a2:42:03:42
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUWQZhwAiPs7qGA9dTYQjc2R7k7rEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDExMDAwMDAwMFoX
DTI1MDIxNDIzNTk1OVowejFJMEcGA1UEBRNAODQ2NTUwNzM5YTZiMTJjY2ViNTky
Njc0ZTlkM2EyMDFkMGU4NjAyMmFhNWZiNmNlZTZmYWQ1ODI0ODhiY2FlMzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw7xXjqKTY7b8BQV6DVz5p/NHCsID
zF2itHBEE9Pe4WWA0Uyy77JUtGy+56zFUWLgSA6bIVgOYZBJVV9ljSRdlDDVO/ms
J+6utHB/oC4kro3O+8FsY+OQQFmPXm5aeh8qEVwm3ifwHt28AJs7iz6SmfCbWO7x
Uqzs5cipTJ/XKoNkeBy0yrPG6osvtHWa5IpqSOD21PozSHAk7tiRfUBNDkLSDc0W
YbMw97hSWaTA51+Zyrgb7pC8ue09CNykd3hnS1thLMerusSlRpAzZkFLJtHTyPcx
Putp7UsalkJI6XEHsWE6uWs8d/1ODpicUe/X5kAvdvgLKG9/gx+3ESGn/QIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFN4oNdhHYSsOy3p6/qAQoFBA/rVfMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzI0NWE2NWJiLTU5MWMtNDdiYy04YThjLTZjODZiMDkzZmQ4Yi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQCK/ksMA0GCSqGSIb3DQEBCwUAA4IBAQCMYabVASwm5wibx2Va3zgZ
QaNsEhP/fUXTfHyz00ICfbllWuXHrxXHWnOq5NbmhmG0nCSFGz36qCcpSf9NZxm1
N6dP3Hw2xv7o+FLHTOGbgQWUyVZkRvrd66qVdMjRTiGvQ3lyKfefLUmBFYSPbn/O
2f6BYY5Jw4UVflq+MY/667VKoftGMZD8zbVpgFjlDBRBehQr+X63h0djpqJ1p3CP
5IPE8fkzweZGbvWPuo39XT1pvXoZ9pBKftawgyqoht8yOUCzHRrTBX/T7eijPHcy
ctiUC+tqPBbTKrTYMy2lyKI2TG7KlznVbQDq+A0DKKcnyCDwfzyPg8fVfWaiQgNC
-----END CERTIFICATE-----