Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/427017ca-fc05-4df1-9de8-dc6182848704.roa
File:                     427017ca-fc05-4df1-9de8-dc6182848704.roa (raw, json)
Hash identifier:          u1Nsu/QoqbVD1Aw3AWSMv0Q93NFW+iwfbl2uTdGP3c4=
Subject key identifier:   AE:7B:94:6B:EA:3B:67:9D:46:48:3E:6C:06:BF:32:DB:B5:D1:23:53
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       0C76377C801BB01D5FD8C43FEFE771362500306D
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/427017ca-fc05-4df1-9de8-dc6182848704.roa
Signing time:             Fri 10 Jan 2025 00:00:00 +0000
ROA not before:           Fri 10 Jan 2025 00:00:00 +0000
ROA not after:            Fri 14 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        43.198.0.0/15 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:76:37:7c:80:1b:b0:1d:5f:d8:c4:3f:ef:e7:71:36:25:00:30:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan 10 00:00:00 2025 GMT
            Not After : Feb 14 23:59:59 2025 GMT
        Subject: serialNumber=4669e554cc33c9519d2f08510b8047c38307c0e484fd9e48f81db508342e4ea1, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:78:47:f9:72:b9:67:42:65:cb:eb:72:e6:1d:
                    21:47:a0:9a:61:7f:5e:46:e8:12:f7:1b:b9:df:df:
                    0e:86:45:4f:94:96:c7:c5:61:0f:fa:26:d1:f8:7a:
                    fb:9d:24:c8:eb:2e:51:bb:99:26:93:c0:16:1d:8a:
                    35:57:22:96:e7:d5:43:41:11:f4:f6:e1:c2:2c:7f:
                    0d:be:6c:0e:40:f4:ab:49:7c:1c:9f:13:35:dd:42:
                    de:90:8e:bf:72:34:2d:c2:91:68:49:d3:3c:52:e9:
                    80:e6:29:84:d4:7e:03:84:1c:0d:a6:41:dd:e4:d7:
                    c1:c4:1b:06:fc:8b:08:84:42:2c:8c:b5:33:4c:bc:
                    7d:31:aa:ae:7f:0a:0e:69:25:cb:f8:ac:87:82:c5:
                    65:da:1b:54:ab:5d:bf:82:20:bb:61:d2:63:92:51:
                    72:5b:21:21:b6:b3:3f:e8:6f:89:be:db:38:84:04:
                    eb:97:a7:97:54:4c:87:e1:14:a3:f7:22:14:f6:ce:
                    5e:c9:50:44:f1:59:af:29:2e:f1:c1:46:ff:c3:85:
                    2d:40:bd:ed:a0:6d:9e:04:cf:6d:29:9f:0c:de:47:
                    e9:56:bc:79:1f:4a:ae:65:fb:21:4a:6f:1a:56:a9:
                    57:f5:26:47:d5:ba:37:a3:5c:e7:05:78:a8:0a:32:
                    bb:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:7B:94:6B:EA:3B:67:9D:46:48:3E:6C:06:BF:32:DB:B5:D1:23:53
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/427017ca-fc05-4df1-9de8-dc6182848704.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.198.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         ae:01:df:80:a4:42:88:ce:ea:87:3e:22:9b:2d:8c:5a:03:0e:
         88:94:68:44:ff:c8:65:0e:c4:af:2e:4f:d8:96:22:5d:13:91:
         da:47:03:ef:24:69:a0:fd:3a:a5:40:17:94:63:c6:c1:57:cb:
         1f:f2:5f:75:32:c1:d0:80:c5:c6:e5:ee:65:14:2b:38:58:a7:
         3a:35:c9:36:ae:2d:83:01:31:69:e4:5d:8a:d1:32:43:97:29:
         c2:54:59:b2:3e:14:0d:df:7a:1b:2a:80:93:53:81:d0:fe:ab:
         52:03:03:c1:52:18:34:16:f9:97:fe:9f:17:a3:26:ba:55:d6:
         ad:56:11:38:8f:61:d2:f5:27:29:4b:b0:0d:82:54:55:fe:24:
         ff:1b:00:c7:31:5b:85:cd:01:a5:79:42:42:cb:d5:c6:da:ef:
         f2:ea:83:5e:63:f9:66:00:24:bb:ec:79:69:be:4a:e7:be:c5:
         d3:e1:2a:cc:50:1f:b6:33:64:a2:7c:ef:ce:44:77:54:a1:32:
         9d:21:36:29:ea:f7:84:f7:3d:9a:be:6d:1f:14:08:1e:fe:47:
         6d:0b:f6:83:c8:93:cf:ff:9d:cc:29:30:59:7b:06:ca:29:c7:
         1a:4e:af:25:31:e8:85:02:23:63:df:b5:3d:f4:47:75:00:77:
         3a:c3:a2:fa
-----BEGIN CERTIFICATE-----
MIIFmzCCBIOgAwIBAgIUDHY3fIAbsB1f2MQ/7+dxNiUAMG0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDExMDAwMDAwMFoX
DTI1MDIxNDIzNTk1OVowejFJMEcGA1UEBRNANDY2OWU1NTRjYzMzYzk1MTlkMmYw
ODUxMGI4MDQ3YzM4MzA3YzBlNDg0ZmQ5ZTQ4ZjgxZGI1MDgzNDJlNGVhMTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHhH+XK5Z0Jly+ty5h0hR6CaYX9e
RugS9xu5398OhkVPlJbHxWEP+ibR+Hr7nSTI6y5Ru5kmk8AWHYo1VyKW59VDQRH0
9uHCLH8NvmwOQPSrSXwcnxM13ULekI6/cjQtwpFoSdM8UumA5imE1H4DhBwNpkHd
5NfBxBsG/IsIhEIsjLUzTLx9MaqufwoOaSXL+KyHgsVl2htUq12/giC7YdJjklFy
WyEhtrM/6G+Jvts4hATrl6eXVEyH4RSj9yIU9s5eyVBE8VmvKS7xwUb/w4UtQL3t
oG2eBM9tKZ8M3kfpVrx5H0quZfshSm8aVqlX9SZH1bo3o1znBXioCjK7hwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFK57lGvqO2edRkg+bAa/Mtu10SNTMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzQyNzAxN2NhLWZjMDUtNGRmMS05ZGU4LWRjNjE4Mjg0ODcwNC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTAL
BAIAATAFAwMBK8YwDQYJKoZIhvcNAQELBQADggEBAK4B34CkQojO6oc+IpstjFoD
DoiUaET/yGUOxK8uT9iWIl0TkdpHA+8kaaD9OqVAF5RjxsFXyx/yX3UywdCAxcbl
7mUUKzhYpzo1yTauLYMBMWnkXYrRMkOXKcJUWbI+FA3fehsqgJNTgdD+q1IDA8FS
GDQW+Zf+nxejJrpV1q1WETiPYdL1JylLsA2CVFX+JP8bAMcxW4XNAaV5QkLL1cba
7/Lqg15j+WYAJLvseWm+Sue+xdPhKsxQH7YzZKJ8785Ed1ShMp0hNinq94T3PZq+
bR8UCB7+R20L9oPIk8//ncwpMFl7BsopxxpOryUx6IUCI2PftT30R3UAdzrDovo=
-----END CERTIFICATE-----