Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/9d703748-f446-47a1-b0a7-5e3357f2e0d2.roa
File:                     9d703748-f446-47a1-b0a7-5e3357f2e0d2.roa (raw, json)
Hash identifier:          ogeO8r+Y/bDRRRdQirFH/1+zrn4r7qpm3YVZ99Wb1iw=
Subject key identifier:   A9:10:AA:E5:C7:A8:AA:EF:3E:1F:7C:55:03:3F:13:3F:81:08:03:5A
Certificate issuer:       /CN=A91F635F0000/serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7
Certificate serial:       245CB33B917697FE8403200E08372F3BEF3C9B7D
Authority key identifier: 53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/9d703748-f446-47a1-b0a7-5e3357f2e0d2.roa
Signing time:             Wed 22 Jan 2025 00:00:00 +0000
ROA not before:           Wed 22 Jan 2025 00:00:00 +0000
ROA not after:            Wed 26 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        159.248.132.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:5c:b3:3b:91:76:97:fe:84:03:20:0e:08:37:2f:3b:ef:3c:9b:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7
        Validity
            Not Before: Jan 22 00:00:00 2025 GMT
            Not After : Feb 26 23:59:59 2025 GMT
        Subject: serialNumber=a24853847b831920018733a034c25a773f1987061481aeb38b73b8ceb3fd090b, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:01:2a:b0:b9:dd:47:92:7d:1d:e8:79:40:e6:
                    88:ff:a1:90:67:c7:1e:98:95:4a:ca:37:2a:7e:fc:
                    78:13:cd:7f:dc:b1:78:19:25:80:7c:23:3f:26:47:
                    09:02:9f:b6:ce:20:d5:2c:12:c3:06:e0:b0:fa:99:
                    30:79:e6:c0:e0:b3:2e:9a:cc:7c:d0:ee:83:dc:2f:
                    41:00:06:ed:c0:03:69:31:91:40:5c:11:b5:5f:a6:
                    ec:23:b2:a9:7d:03:f7:a3:dd:5b:74:53:28:da:eb:
                    36:47:20:5a:0e:7b:ed:e3:94:84:58:c2:14:ff:0e:
                    2e:9f:54:69:69:5d:ef:5a:41:4b:9f:c8:d4:ae:f4:
                    9a:0a:f0:f1:83:ff:57:d9:ed:8e:0a:53:83:37:7d:
                    d2:87:29:69:ca:4b:d8:e9:f8:fa:4a:38:49:84:24:
                    ab:21:59:9b:e5:36:6d:c5:46:46:5b:f4:40:de:ce:
                    0d:86:7d:fc:f7:d1:e8:84:af:7f:b5:8f:29:73:92:
                    7c:f7:55:8d:f4:84:86:cd:d5:28:3e:cb:bf:9a:11:
                    a9:cb:e7:aa:ab:8d:6a:70:f9:14:c3:03:29:6b:15:
                    bb:a8:69:38:56:28:7d:8b:ec:38:29:16:f8:dc:b0:
                    2d:bf:d7:a0:d3:99:86:a8:7b:2b:45:2f:ac:61:7c:
                    7d:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:10:AA:E5:C7:A8:AA:EF:3E:1F:7C:55:03:3F:13:3F:81:08:03:5A
            X509v3 Authority Key Identifier:
                keyid:53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/9d703748-f446-47a1-b0a7-5e3357f2e0d2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a5b01bdd-cdeb-4cfc-8c93-7e70c5e09306.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.248.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:ba:b5:02:73:b6:e9:7e:cd:b5:7d:8f:27:ed:98:da:4d:a4:
         a9:fa:88:f9:60:14:24:3b:b2:97:5d:68:c8:15:d1:51:76:e1:
         6b:4d:ce:61:1a:42:52:32:d0:ff:ea:81:4a:9c:35:86:2d:2b:
         c4:dd:8c:d6:b5:07:43:4a:e0:8c:cc:97:7b:c3:2a:ad:24:4b:
         79:c4:58:4a:03:ea:f8:b1:06:40:83:26:7d:9a:29:88:64:e5:
         fd:4a:59:f5:da:ed:84:ea:4c:ea:67:7d:ec:f4:e4:fb:fc:65:
         98:27:f8:42:cf:5c:f5:12:52:9d:23:c2:7e:5d:c6:f5:a0:d5:
         5d:2e:f6:be:45:68:fb:14:64:f7:a5:ca:b4:a1:78:7c:34:d2:
         78:3b:5f:4d:85:ed:1a:0f:3b:23:d4:07:57:b9:fe:93:74:a8:
         10:aa:71:d8:07:b0:29:fb:8b:e7:09:c3:9a:0e:93:e6:d6:26:
         5a:5a:c2:68:6e:69:89:5a:83:f8:bf:4d:3d:5a:f9:ef:ca:94:
         b7:5f:12:ee:72:65:0c:75:0f:c1:ff:dd:90:0e:06:86:2d:eb:
         ea:32:0d:88:34:f9:6f:af:d4:46:c4:e0:4d:e1:b3:3f:28:85:
         9d:b3:dd:bf:fd:ef:5f:29:23:88:12:ad:84:6f:27:5a:c4:04:
         b6:ea:78:13
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUJFyzO5F2l/6EAyAOCDcvO+88m30wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg1M0RDMjIxMjVG
QTM0RjM5ODZDQkYxMjQyMkUzNEY5QjlDNjYxQkU3MB4XDTI1MDEyMjAwMDAwMFoX
DTI1MDIyNjIzNTk1OVowejFJMEcGA1UEBRNAYTI0ODUzODQ3YjgzMTkyMDAxODcz
M2EwMzRjMjVhNzczZjE5ODcwNjE0ODFhZWIzOGI3M2I4Y2ViM2ZkMDkwYjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiAEqsLndR5J9Heh5QOaI/6GQZ8ce
mJVKyjcqfvx4E81/3LF4GSWAfCM/JkcJAp+2ziDVLBLDBuCw+pkweebA4LMumsx8
0O6D3C9BAAbtwANpMZFAXBG1X6bsI7KpfQP3o91bdFMo2us2RyBaDnvt45SEWMIU
/w4un1RpaV3vWkFLn8jUrvSaCvDxg/9X2e2OClODN33ShylpykvY6fj6SjhJhCSr
IVmb5TZtxUZGW/RA3s4Nhn3899HohK9/tY8pc5J891WN9ISGzdUoPsu/mhGpy+eq
q41qcPkUwwMpaxW7qGk4Vih9i+w4KRb43LAtv9eg05mGqHsrRS+sYXx9HQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFKkQquXHqKrvPh98VQM/Ez+BCANaMB8GA1UdIwQY
MBaAFFPcIhJfo085hsvxJCLjT5ucZhvnMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CM0EyNEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9VOXdpRWwt
alR6bUd5X0VrSXVOUG01eG1HLWMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzlkNzAzNzQ4LWY0NDYtNDdhMS1iMGE3LTVlMzM1N2YyZTBkMi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvYTViMDFiZGQtY2RlYi00Y2ZjLThjOTMtN2U3MGM1ZTA5MzA2LmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQAn/iEMA0GCSqGSIb3DQEBCwUAA4IBAQBRurUCc7bpfs21fY8n7Zja
TaSp+oj5YBQkO7KXXWjIFdFRduFrTc5hGkJSMtD/6oFKnDWGLSvE3YzWtQdDSuCM
zJd7wyqtJEt5xFhKA+r4sQZAgyZ9mimIZOX9Sln12u2E6kzqZ33s9OT7/GWYJ/hC
z1z1ElKdI8J+Xcb1oNVdLva+RWj7FGT3pcq0oXh8NNJ4O19Nhe0aDzsj1AdXuf6T
dKgQqnHYB7Ap+4vnCcOaDpPm1iZaWsJobmmJWoP4v009WvnvypS3XxLucmUMdQ/B
/92QDgaGLevqMg2INPlvr9RGxOBN4bM/KIWds92//e9fKSOIEq2EbydaxAS26ngT
-----END CERTIFICATE-----