Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/55d6cbae-8b7f-45a9-8d9b-458d10a9b1ca.roa
File:                     55d6cbae-8b7f-45a9-8d9b-458d10a9b1ca.roa (raw, json)
Hash identifier:          Cb8OR0QDv/cdFeXJQgLjyRpQxv4dZWe8X3a/jQbOIp0=
Subject key identifier:   F3:D2:03:E7:21:C2:94:97:99:BC:64:65:A4:B4:20:21:23:AF:6A:96
Certificate issuer:       /CN=A91F635F0000/serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7
Certificate serial:       7C075C3235EEB6C0A1B798CD67F43E7DD515B77E
Authority key identifier: 53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/55d6cbae-8b7f-45a9-8d9b-458d10a9b1ca.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        159.248.216.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:07:5c:32:35:ee:b6:c0:a1:b7:98:cd:67:f4:3e:7d:d5:15:b7:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: serialNumber=28e05c837faaddbf269a2b3e9452a839c712ae0f29e82a650dc184a1ce8b184a, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:55:7d:95:27:be:02:bd:6d:5b:8c:8c:d7:7c:
                    fe:fe:a7:ec:ad:7e:68:73:f2:9c:86:bc:f1:37:bd:
                    0f:df:c6:20:b7:04:d3:5d:9a:92:7e:4e:74:a8:8d:
                    92:c1:29:c3:0f:8e:34:ba:fd:05:78:e0:47:2e:b3:
                    06:e9:41:8a:5d:c7:2d:e9:09:55:fc:e7:e8:f3:43:
                    9c:85:1e:e6:7a:56:87:77:59:e2:fc:44:9c:30:54:
                    eb:92:9c:fa:48:2d:f0:f7:1d:fd:7d:ee:03:dd:a1:
                    b5:f5:7d:4c:6e:c7:07:9b:0d:21:28:eb:c9:f7:18:
                    64:51:54:bd:6e:bc:2d:5e:1c:1f:05:f1:8a:83:7b:
                    e8:1f:bf:82:1f:0b:96:06:d6:5c:f3:56:b9:ac:4d:
                    5d:15:38:1b:8d:7a:be:40:7e:26:91:97:ae:74:a9:
                    62:9d:c3:9a:84:1e:0f:0c:54:f6:c7:fb:10:17:e6:
                    a9:f3:95:b8:e1:ad:11:5c:1b:a6:d4:b2:1b:ee:8b:
                    c4:0e:c3:1f:fc:82:87:3d:c8:7e:bf:46:a3:ac:36:
                    ec:14:d6:89:ca:2f:c1:c4:e8:81:6d:ed:ff:79:2e:
                    f7:e9:90:59:4d:80:68:54:26:a6:87:e4:1b:c7:99:
                    b9:35:f9:ee:5c:59:32:9e:9a:ea:a5:c2:8c:d2:06:
                    47:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:D2:03:E7:21:C2:94:97:99:BC:64:65:A4:B4:20:21:23:AF:6A:96
            X509v3 Authority Key Identifier:
                keyid:53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/55d6cbae-8b7f-45a9-8d9b-458d10a9b1ca.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a5b01bdd-cdeb-4cfc-8c93-7e70c5e09306.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.248.216.0/21

    Signature Algorithm: sha256WithRSAEncryption
         3d:0e:c3:d9:2c:55:05:ce:63:c0:a2:69:29:7e:bd:31:8a:e7:
         00:bc:b9:ec:7f:73:8d:62:c7:ec:6b:13:52:4e:57:2a:1e:fd:
         c5:73:32:a2:4e:2b:95:b9:e2:3c:7c:35:af:57:1d:13:fb:87:
         a5:1a:4f:79:fe:91:4b:d0:04:4a:c9:7a:93:29:32:c5:bd:40:
         e8:1a:8d:07:a6:e1:b8:c0:39:73:d3:87:5a:fa:e7:4c:90:ff:
         ad:6b:49:de:b0:85:ad:af:ca:fa:2d:ef:b4:18:01:e7:ae:84:
         15:c7:80:b3:3f:ee:15:e6:a2:ca:ce:e3:39:ac:1b:85:67:c9:
         7f:4a:c6:ae:c1:27:b7:3d:03:da:03:64:19:63:fe:cb:95:4b:
         59:77:5b:29:2d:d4:da:82:88:16:b8:84:25:64:b9:92:ac:a6:
         de:90:41:8c:9f:f8:e6:77:e4:b3:f4:95:49:01:b8:37:20:56:
         f9:d2:93:2b:1b:93:98:44:1f:d8:bd:6c:9f:e8:ca:04:53:94:
         56:04:80:0e:b6:2f:8f:3e:dd:aa:10:7a:7a:8e:7d:db:82:a9:
         e4:8c:e9:65:44:e1:a2:c4:80:53:c5:39:c1:ad:40:24:04:80:
         02:59:5a:5b:01:2b:36:ca:9c:da:f3:59:50:63:b0:9c:47:b3:
         97:50:44:9c
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUfAdcMjXutsCht5jNZ/Q+fdUVt34wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg1M0RDMjIxMjVG
QTM0RjM5ODZDQkYxMjQyMkUzNEY5QjlDNjYxQkU3MB4XDTI1MDExNDAwMDAwMFoX
DTI1MDIxODIzNTk1OVowejFJMEcGA1UEBRNAMjhlMDVjODM3ZmFhZGRiZjI2OWEy
YjNlOTQ1MmE4MzljNzEyYWUwZjI5ZTgyYTY1MGRjMTg0YTFjZThiMTg0YTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqVV9lSe+Ar1tW4yM13z+/qfsrX5o
c/KchrzxN70P38YgtwTTXZqSfk50qI2SwSnDD440uv0FeOBHLrMG6UGKXcct6QlV
/Ofo80OchR7melaHd1ni/EScMFTrkpz6SC3w9x39fe4D3aG19X1MbscHmw0hKOvJ
9xhkUVS9brwtXhwfBfGKg3voH7+CHwuWBtZc81a5rE1dFTgbjXq+QH4mkZeudKli
ncOahB4PDFT2x/sQF+ap85W44a0RXBum1LIb7ovEDsMf/IKHPch+v0ajrDbsFNaJ
yi/BxOiBbe3/eS736ZBZTYBoVCamh+Qbx5m5NfnuXFkynprqpcKM0gZH1wIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFPPSA+chwpSXmbxkZaS0ICEjr2qWMB8GA1UdIwQY
MBaAFFPcIhJfo085hsvxJCLjT5ucZhvnMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CM0EyNEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9VOXdpRWwt
alR6bUd5X0VrSXVOUG01eG1HLWMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzU1ZDZjYmFlLThiN2YtNDVhOS04ZDliLTQ1OGQxMGE5YjFjYS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvYTViMDFiZGQtY2RlYi00Y2ZjLThjOTMtN2U3MGM1ZTA5MzA2LmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQDn/jYMA0GCSqGSIb3DQEBCwUAA4IBAQA9DsPZLFUFzmPAomkpfr0x
iucAvLnsf3ONYsfsaxNSTlcqHv3FczKiTiuVueI8fDWvVx0T+4elGk95/pFL0ARK
yXqTKTLFvUDoGo0HpuG4wDlz04da+udMkP+ta0nesIWtr8r6Le+0GAHnroQVx4Cz
P+4V5qLKzuM5rBuFZ8l/SsauwSe3PQPaA2QZY/7LlUtZd1spLdTagogWuIQlZLmS
rKbekEGMn/jmd+Sz9JVJAbg3IFb50pMrG5OYRB/YvWyf6MoEU5RWBIAOti+PPt2q
EHp6jn3bgqnkjOllROGixIBTxTnBrUAkBIACWVpbASs2ypza81lQY7CcR7OXUESc
-----END CERTIFICATE-----