Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/32bf2c39-b536-43d0-b557-f68d8ee64091.roa
File:                     32bf2c39-b536-43d0-b557-f68d8ee64091.roa (raw, json)
Hash identifier:          EaB5YsTkk7aPYJyuPmohStQuNkj6iqPkfjg8Dj+TBLM=
Subject key identifier:   AC:5D:F1:76:76:FB:CB:69:2B:22:31:B2:3B:81:1B:98:42:9C:E0:BF
Certificate issuer:       /CN=A91F635F0000/serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7
Certificate serial:       753F277B7630233827A1EDEE26C8A68DB9494644
Authority key identifier: 53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/32bf2c39-b536-43d0-b557-f68d8ee64091.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     7224
IP address blocks:        159.248.128.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:3f:27:7b:76:30:23:38:27:a1:ed:ee:26:c8:a6:8d:b9:49:46:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=d4c9437e5d7f1aef826b3161e7347e67e669ed9955a7ca153d8d11722925e709, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:ec:13:61:98:a3:0c:1f:b9:90:69:28:c6:3d:
                    a6:29:1e:d5:79:61:0d:41:f7:61:ef:1c:50:f5:ea:
                    e1:e9:1e:73:60:43:61:2b:32:e3:84:29:86:86:86:
                    31:b3:53:fc:a5:f7:e5:b7:cc:42:1c:cd:68:86:dd:
                    8a:7b:bf:5d:72:32:e0:b7:4e:dd:c7:72:d2:58:b4:
                    17:66:f5:08:6d:01:16:b9:00:10:04:33:a6:55:5b:
                    81:2d:0b:82:f3:fb:14:33:52:63:ef:2b:bc:23:00:
                    e2:63:97:d2:f7:da:3d:0b:fe:96:c7:2c:4e:27:32:
                    04:0f:dd:89:78:8a:2d:f6:86:35:60:4c:c7:1b:9b:
                    cc:51:e6:14:2b:e2:d0:7e:c7:9d:cc:68:6c:ee:e8:
                    22:a7:fd:1c:5e:f8:3d:1f:8b:d1:95:c8:82:66:38:
                    cc:7b:a5:72:c7:03:c9:1d:53:d4:83:56:78:91:5e:
                    49:87:0d:83:4e:71:e9:03:56:fa:0f:8a:ca:a2:bf:
                    1e:41:b8:79:96:04:46:51:21:b9:2b:da:c9:b5:5e:
                    4b:f0:ce:35:17:6f:d5:d3:0b:69:8f:b3:cb:f0:db:
                    d4:12:08:5f:69:e2:ef:d4:b6:d3:14:9d:50:da:48:
                    06:f9:45:72:83:fc:af:f0:f4:64:d5:6f:65:cd:9a:
                    a8:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:5D:F1:76:76:FB:CB:69:2B:22:31:B2:3B:81:1B:98:42:9C:E0:BF
            X509v3 Authority Key Identifier:
                keyid:53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/32bf2c39-b536-43d0-b557-f68d8ee64091.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a5b01bdd-cdeb-4cfc-8c93-7e70c5e09306.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.248.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         31:c4:5f:3c:6d:93:05:34:da:32:10:03:d4:b3:70:4d:7b:50:
         63:1f:be:47:49:43:0e:09:2a:9c:28:1c:69:76:92:34:81:2a:
         e6:e7:2b:6c:2e:be:31:74:34:8a:5a:ee:dd:fc:94:26:7d:f4:
         d9:d8:94:4b:66:1c:a5:de:e0:5b:fa:7f:b8:9c:52:7d:bb:42:
         ad:e7:7a:af:b0:97:9f:02:2b:39:11:fe:17:8b:78:e4:d1:b2:
         66:1a:ee:8f:ba:c5:b7:cf:40:e9:b4:25:bd:96:d6:88:1a:c3:
         eb:bd:43:80:37:11:be:50:4f:1a:ab:9e:bf:29:83:d5:b8:5d:
         cf:49:28:07:5d:d9:f1:02:3f:d0:c9:8c:ce:c1:0a:48:4a:5a:
         26:b3:25:a4:d3:9f:fb:e1:66:e5:64:37:e3:44:b8:20:f0:a2:
         a0:be:8a:1f:71:22:01:01:ab:68:5d:fc:19:80:7e:0c:2f:91:
         86:81:98:6c:07:14:7b:47:13:b6:30:73:f7:0c:1c:84:36:ec:
         0e:93:41:af:58:15:fb:0b:07:4f:b9:40:45:51:ad:fc:f2:b1:
         2d:7d:ef:91:40:1b:3b:ce:70:cd:10:dc:fe:b8:e5:be:0b:97:
         ff:88:06:05:d3:21:cc:9b:6f:84:28:ea:bd:cf:39:99:d1:f8:
         e2:8b:8b:06
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUdT8ne3YwIzgnoe3uJsimjblJRkQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg1M0RDMjIxMjVG
QTM0RjM5ODZDQkYxMjQyMkUzNEY5QjlDNjYxQkU3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNAZDRjOTQzN2U1ZDdmMWFlZjgyNmIz
MTYxZTczNDdlNjdlNjY5ZWQ5OTU1YTdjYTE1M2Q4ZDExNzIyOTI1ZTcwOTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlOwTYZijDB+5kGkoxj2mKR7VeWEN
Qfdh7xxQ9erh6R5zYENhKzLjhCmGhoYxs1P8pfflt8xCHM1oht2Ke79dcjLgt07d
x3LSWLQXZvUIbQEWuQAQBDOmVVuBLQuC8/sUM1Jj7yu8IwDiY5fS99o9C/6WxyxO
JzIED92JeIot9oY1YEzHG5vMUeYUK+LQfsedzGhs7ugip/0cXvg9H4vRlciCZjjM
e6VyxwPJHVPUg1Z4kV5Jhw2DTnHpA1b6D4rKor8eQbh5lgRGUSG5K9rJtV5L8M41
F2/V0wtpj7PL8NvUEghfaeLv1LbTFJ1Q2kgG+UVyg/yv8PRk1W9lzZqowwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFKxd8XZ2+8tpKyIxsjuBG5hCnOC/MB8GA1UdIwQY
MBaAFFPcIhJfo085hsvxJCLjT5ucZhvnMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CM0EyNEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9VOXdpRWwt
alR6bUd5X0VrSXVOUG01eG1HLWMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzMyYmYyYzM5LWI1MzYtNDNkMC1iNTU3LWY2OGQ4ZWU2NDA5MS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvYTViMDFiZGQtY2RlYi00Y2ZjLThjOTMtN2U3MGM1ZTA5MzA2LmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQCn/iAMA0GCSqGSIb3DQEBCwUAA4IBAQAxxF88bZMFNNoyEAPUs3BN
e1BjH75HSUMOCSqcKBxpdpI0gSrm5ytsLr4xdDSKWu7d/JQmffTZ2JRLZhyl3uBb
+n+4nFJ9u0Kt53qvsJefAis5Ef4Xi3jk0bJmGu6PusW3z0DptCW9ltaIGsPrvUOA
NxG+UE8aq56/KYPVuF3PSSgHXdnxAj/QyYzOwQpISlomsyWk05/74WblZDfjRLgg
8KKgvoofcSIBAatoXfwZgH4ML5GGgZhsBxR7RxO2MHP3DByENuwOk0GvWBX7CwdP
uUBFUa388rEtfe+RQBs7znDNENz+uOW+C5f/iAYF0yHMm2+EKOq9zzmZ0fjii4sG
-----END CERTIFICATE-----