Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/2e8d8271-3a39-44e7-8971-4754b2796103.roa
File:                     2e8d8271-3a39-44e7-8971-4754b2796103.roa (raw, json)
Hash identifier:          /pXOB+1oOON58gxFMxWpgDpQqX8HPqI93AQ2+6WNzuk=
Subject key identifier:   6A:47:AC:C6:7F:E6:95:75:C1:28:CF:81:DE:73:78:E4:67:1A:A4:23
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       5653D5C16E61A0B40627D188A669D866F655E8F1
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/2e8d8271-3a39-44e7-8971-4754b2796103.roa
Signing time:             Fri 10 Jan 2025 00:00:00 +0000
ROA not before:           Fri 10 Jan 2025 00:00:00 +0000
ROA not after:            Fri 14 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        43.200.0.0/13 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:53:d5:c1:6e:61:a0:b4:06:27:d1:88:a6:69:d8:66:f6:55:e8:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan 10 00:00:00 2025 GMT
            Not After : Feb 14 23:59:59 2025 GMT
        Subject: serialNumber=9f28821a93c87f245b6326fc17343b40f0e342dc7a8779932f70d7eae12535a6, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:90:f1:9e:10:18:79:ad:2e:f1:88:87:59:21:
                    aa:9c:61:16:11:11:97:da:d8:29:af:8b:ed:ea:d6:
                    71:c7:97:47:b8:34:5b:eb:07:ea:8d:41:7a:d2:87:
                    8d:b7:59:99:e6:39:dd:e1:50:f5:3c:a8:df:6d:ac:
                    b9:5d:77:a5:95:aa:49:23:9d:87:2e:4f:83:92:9c:
                    b0:a4:ca:98:0e:08:8e:17:15:54:4e:4c:30:ca:75:
                    97:23:87:c4:9a:51:a7:21:0a:8b:1c:b9:39:b7:1c:
                    39:d9:0b:49:bb:d9:62:45:99:db:22:e6:22:e0:a8:
                    f4:8b:06:f7:73:27:6f:73:1c:8a:0e:42:8b:a5:2a:
                    a2:9a:c0:05:da:b7:d6:b1:3e:1a:d0:f7:ac:60:c6:
                    38:cf:10:64:64:09:ab:f9:f0:99:9e:7f:43:7c:67:
                    2c:6e:55:f9:fd:ff:f1:ab:8f:26:c9:ec:82:ad:7b:
                    36:7f:cc:b0:84:2d:e8:19:18:b2:19:b7:53:52:a3:
                    26:00:a9:3e:0f:08:fa:88:9e:c0:af:94:55:88:e7:
                    d4:dc:77:59:f2:f9:f1:93:5f:41:ba:51:2f:56:a6:
                    1a:09:6c:dc:57:4b:e3:50:e9:67:2d:25:eb:98:03:
                    e2:fa:78:d7:71:26:34:6e:f0:9b:06:1d:42:31:d6:
                    d5:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:47:AC:C6:7F:E6:95:75:C1:28:CF:81:DE:73:78:E4:67:1A:A4:23
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/2e8d8271-3a39-44e7-8971-4754b2796103.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.200.0.0/13

    Signature Algorithm: sha256WithRSAEncryption
         c9:53:61:71:26:11:b2:95:50:2c:e0:73:70:e2:67:01:52:45:
         88:a7:ea:9d:07:9e:af:9a:70:a9:a1:09:98:b4:62:b1:1f:99:
         ea:25:fb:8f:a8:e7:1e:bc:ff:4a:1a:04:20:bb:48:c0:8a:4e:
         32:ea:16:fa:6b:be:03:a9:32:86:dc:0b:b3:78:18:89:eb:52:
         14:cf:4c:11:db:5a:3a:8c:88:aa:9a:2a:00:aa:81:20:b5:3e:
         8f:f0:51:a3:95:0d:de:15:1e:40:73:64:80:39:33:c9:f8:21:
         32:24:05:84:c8:bf:cc:02:a0:2e:28:c8:52:ca:02:52:68:d3:
         93:ea:42:e5:00:da:aa:4d:b7:c8:b5:88:f1:7c:c6:d4:1b:d7:
         ce:21:06:d2:3e:63:02:44:4c:61:73:40:6a:45:02:0e:0c:45:
         80:ca:d4:b9:b5:81:b7:a4:e5:3a:ca:1c:4e:a9:4a:a4:9f:e9:
         d3:34:6b:b8:d0:d6:27:81:63:33:76:df:a0:41:03:21:a2:4b:
         08:a8:77:33:de:b9:d6:f4:74:1c:ae:a4:1f:ab:e5:e6:2c:06:
         7e:c1:19:3e:b3:3f:1d:7f:00:a5:40:77:c9:75:1a:f4:7a:0e:
         98:07:4a:03:9d:a3:43:80:37:80:21:da:68:69:13:bb:23:7a:
         0d:2c:d1:ef
-----BEGIN CERTIFICATE-----
MIIFmzCCBIOgAwIBAgIUVlPVwW5hoLQGJ9GIpmnYZvZV6PEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDExMDAwMDAwMFoX
DTI1MDIxNDIzNTk1OVowejFJMEcGA1UEBRNAOWYyODgyMWE5M2M4N2YyNDViNjMy
NmZjMTczNDNiNDBmMGUzNDJkYzdhODc3OTkzMmY3MGQ3ZWFlMTI1MzVhNjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx5DxnhAYea0u8YiHWSGqnGEWERGX
2tgpr4vt6tZxx5dHuDRb6wfqjUF60oeNt1mZ5jnd4VD1PKjfbay5XXellapJI52H
Lk+DkpywpMqYDgiOFxVUTkwwynWXI4fEmlGnIQqLHLk5txw52QtJu9liRZnbIuYi
4Kj0iwb3cydvcxyKDkKLpSqimsAF2rfWsT4a0PesYMY4zxBkZAmr+fCZnn9DfGcs
blX5/f/xq48myeyCrXs2f8ywhC3oGRiyGbdTUqMmAKk+Dwj6iJ7Ar5RViOfU3HdZ
8vnxk19BulEvVqYaCWzcV0vjUOlnLSXrmAPi+njXcSY0bvCbBh1CMdbVCwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFGpHrMZ/5pV1wSjPgd5zeORnGqQjMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzJlOGQ4MjcxLTNhMzktNDRlNy04OTcxLTQ3NTRiMjc5NjEwMy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTAL
BAIAATAFAwMDK8gwDQYJKoZIhvcNAQELBQADggEBAMlTYXEmEbKVUCzgc3DiZwFS
RYin6p0Hnq+acKmhCZi0YrEfmeol+4+o5x68/0oaBCC7SMCKTjLqFvprvgOpMobc
C7N4GInrUhTPTBHbWjqMiKqaKgCqgSC1Po/wUaOVDd4VHkBzZIA5M8n4ITIkBYTI
v8wCoC4oyFLKAlJo05PqQuUA2qpNt8i1iPF8xtQb184hBtI+YwJETGFzQGpFAg4M
RYDK1Lm1gbek5TrKHE6pSqSf6dM0a7jQ1ieBYzN236BBAyGiSwiodzPeudb0dByu
pB+r5eYsBn7BGT6zPx1/AKVAd8l1GvR6DpgHSgOdo0OAN4Ah2mhpE7sjeg0s0e8=
-----END CERTIFICATE-----