Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/40956690-3661-49f2-8ebc-2fa5a47a98ad.roa
File:                     40956690-3661-49f2-8ebc-2fa5a47a98ad.roa (raw, json)
Hash identifier:          y5UYJrHzMdrlGSfOE7X70HSByspMDK7G+1C0DI1Iki0=
Subject key identifier:   04:A6:9B:78:E2:9A:9D:C7:A1:4B:E0:90:1C:16:5F:CB:BD:72:E7:20
Certificate issuer:       /CN=A91F635F0000/serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7
Certificate serial:       55495AD56041FC6EFFA7C77A34D16B61036EFB56
Authority key identifier: 53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/40956690-3661-49f2-8ebc-2fa5a47a98ad.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        159.248.240.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:49:5a:d5:60:41:fc:6e:ff:a7:c7:7a:34:d1:6b:61:03:6e:fb:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: serialNumber=8ff6d31889fc575d0becfabcd0a03cbd275da58bbd356a287b3e825d22547e39, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fa:83:3b:7d:bd:c9:64:da:8e:2f:6c:32:fe:eb:
                    6b:2b:8d:a4:9d:9d:38:dc:24:4d:4d:55:e9:d2:1b:
                    61:61:a6:0f:87:96:c5:58:31:01:80:df:32:42:3e:
                    27:66:48:e7:1f:53:29:03:68:f4:ae:a2:83:ae:16:
                    6c:e8:84:ba:a7:10:fd:92:a5:0c:36:f6:b2:0f:b9:
                    34:64:7a:c7:b6:1d:c3:2f:c5:bb:63:ab:d2:33:b5:
                    f0:54:dd:66:79:12:db:f5:a9:a3:49:fe:04:83:6b:
                    10:89:99:96:6d:2a:c4:66:49:ca:b5:24:4b:01:58:
                    36:de:60:f2:0a:ec:0b:ab:5f:51:26:12:b7:aa:fd:
                    60:06:c4:71:59:b8:b9:00:92:8e:4f:db:e2:8b:82:
                    c4:4f:33:cc:53:b0:f3:23:0c:5b:8d:6f:89:cb:e7:
                    59:ba:a1:bc:1c:e7:55:dd:d3:6c:ca:e7:50:08:9e:
                    fa:b3:db:94:2f:78:7b:78:4c:14:46:03:de:b6:5e:
                    d2:e9:e2:c0:f0:03:29:83:50:fa:14:85:46:4b:d9:
                    6a:d5:9a:26:4d:79:9e:08:b5:cd:fd:cd:87:d5:e1:
                    f2:b9:4f:d7:fe:e8:4d:c7:74:8d:4b:0a:bd:c1:df:
                    e6:f4:78:5b:b7:f0:4f:22:a5:6c:3e:0a:1b:52:f3:
                    e1:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:A6:9B:78:E2:9A:9D:C7:A1:4B:E0:90:1C:16:5F:CB:BD:72:E7:20
            X509v3 Authority Key Identifier:
                keyid:53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/40956690-3661-49f2-8ebc-2fa5a47a98ad.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a5b01bdd-cdeb-4cfc-8c93-7e70c5e09306.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.248.240.0/21

    Signature Algorithm: sha256WithRSAEncryption
         8d:7d:51:38:d6:ec:70:54:3a:ea:ef:e6:88:5d:d7:32:e7:49:
         e8:6c:ea:ea:8d:19:b7:72:48:7d:de:eb:90:f2:e7:47:b7:97:
         14:fa:88:a7:14:ce:cc:6c:f1:d8:b6:c3:8c:39:ab:4c:8e:ce:
         5c:c8:26:d5:bc:25:ac:6b:56:3c:64:23:1c:6c:a8:f7:da:df:
         12:a4:b2:b8:0b:7e:3e:11:1f:1f:8f:4e:4b:7d:1c:97:98:ab:
         13:1d:b9:49:d6:df:ba:81:28:7e:f2:f7:38:bc:99:88:d5:73:
         2a:c4:48:c7:6e:8f:0e:41:e1:bc:f7:4f:67:e6:39:b0:c6:1e:
         19:93:63:4f:ae:5f:de:4c:c6:a1:e3:f2:24:ad:44:b2:66:ac:
         92:e2:41:ad:12:d5:c4:ee:a7:ad:69:a9:9c:2b:90:ae:6f:1b:
         84:15:7b:4f:47:f9:d9:76:07:d9:de:dc:1a:e1:36:96:8b:e7:
         62:94:85:48:b1:e6:2e:ed:61:af:1b:9d:47:d3:c6:f0:22:4a:
         68:d7:d7:cf:11:67:be:11:31:21:70:44:52:34:f2:6e:17:84:
         35:b8:c8:2f:44:a0:da:8a:7e:28:05:1f:db:0b:7f:9a:2f:c6:
         46:e9:5a:a9:ee:8b:26:af:5e:d2:d1:91:89:45:0f:06:44:37:
         cf:80:60:11
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUVUla1WBB/G7/p8d6NNFrYQNu+1YwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg1M0RDMjIxMjVG
QTM0RjM5ODZDQkYxMjQyMkUzNEY5QjlDNjYxQkU3MB4XDTI1MDExNDAwMDAwMFoX
DTI1MDIxODIzNTk1OVowejFJMEcGA1UEBRNAOGZmNmQzMTg4OWZjNTc1ZDBiZWNm
YWJjZDBhMDNjYmQyNzVkYTU4YmJkMzU2YTI4N2IzZTgyNWQyMjU0N2UzOTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+oM7fb3JZNqOL2wy/utrK42knZ04
3CRNTVXp0hthYaYPh5bFWDEBgN8yQj4nZkjnH1MpA2j0rqKDrhZs6IS6pxD9kqUM
NvayD7k0ZHrHth3DL8W7Y6vSM7XwVN1meRLb9amjSf4Eg2sQiZmWbSrEZknKtSRL
AVg23mDyCuwLq19RJhK3qv1gBsRxWbi5AJKOT9vii4LETzPMU7DzIwxbjW+Jy+dZ
uqG8HOdV3dNsyudQCJ76s9uUL3h7eEwURgPetl7S6eLA8AMpg1D6FIVGS9lq1Zom
TXmeCLXN/c2H1eHyuU/X/uhNx3SNSwq9wd/m9Hhbt/BPIqVsPgobUvPhXwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFASmm3jimp3HoUvgkBwWX8u9cucgMB8GA1UdIwQY
MBaAFFPcIhJfo085hsvxJCLjT5ucZhvnMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CM0EyNEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9VOXdpRWwt
alR6bUd5X0VrSXVOUG01eG1HLWMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzQwOTU2NjkwLTM2NjEtNDlmMi04ZWJjLTJmYTVhNDdhOThhZC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvYTViMDFiZGQtY2RlYi00Y2ZjLThjOTMtN2U3MGM1ZTA5MzA2LmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQDn/jwMA0GCSqGSIb3DQEBCwUAA4IBAQCNfVE41uxwVDrq7+aIXdcy
50nobOrqjRm3ckh93uuQ8udHt5cU+oinFM7MbPHYtsOMOatMjs5cyCbVvCWsa1Y8
ZCMcbKj32t8SpLK4C34+ER8fj05LfRyXmKsTHblJ1t+6gSh+8vc4vJmI1XMqxEjH
bo8OQeG8909n5jmwxh4Zk2NPrl/eTMah4/IkrUSyZqyS4kGtEtXE7qetaamcK5Cu
bxuEFXtPR/nZdgfZ3twa4TaWi+dilIVIseYu7WGvG51H08bwIkpo19fPEWe+ETEh
cERSNPJuF4Q1uMgvRKDain4oBR/bC3+aL8ZG6Vqp7osmr17S0ZGJRQ8GRDfPgGAR
-----END CERTIFICATE-----