Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/4bbd1bdf-866e-4b25-9ac6-e929a05080b9.roa
File:                     4bbd1bdf-866e-4b25-9ac6-e929a05080b9.roa (raw, json)
Hash identifier:          klQ50KQSSPIOcIrVrdyD0UWzIpjemiq90SNt/GcU+sk=
Subject key identifier:   85:92:DD:BA:52:2D:89:FB:45:64:61:26:99:3F:DD:61:BA:21:74:B6
Certificate issuer:       /CN=A918806F0000/serialNumber=E7CADA5F0881D77BEA48B0768A3766B50065AF08
Certificate serial:       50523B45D07D9506FB369C17448E6834749E8192
Authority key identifier: E7:CA:DA:5F:08:81:D7:7B:EA:48:B0:76:8A:37:66:B5:00:65:AF:08
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/58raXwiB13vqSLB2ijdmtQBlrwg.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/4bbd1bdf-866e-4b25-9ac6-e929a05080b9.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2403:b300:1000::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:52:3b:45:d0:7d:95:06:fb:36:9c:17:44:8e:68:34:74:9e:81:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918806F0000/serialNumber=E7CADA5F0881D77BEA48B0768A3766B50065AF08
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=65da0b5427ab856127d0337f363dba27d49da5e4f1fe5d0362dff4e9e920342e, CN=bb9a9116-f615-462e-a680-5266b327e0fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:88:ad:c4:9e:85:10:04:e6:f7:a0:b6:0f:4d:
                    57:08:98:df:55:d0:7e:cd:32:ff:7b:c2:51:97:29:
                    44:d8:5c:be:1b:5e:0f:78:af:c8:c6:b0:ec:f9:ff:
                    7d:a6:24:a8:a3:00:e3:50:c6:08:6a:c1:12:8f:3d:
                    16:5c:42:2e:65:93:7b:07:d0:64:23:c8:65:9e:3e:
                    1e:50:c5:69:06:7a:8a:6c:b3:2d:b2:a0:76:92:f1:
                    11:31:8b:b8:01:7e:65:d4:3e:04:12:ab:e4:7a:07:
                    69:b2:58:91:6c:06:69:33:6f:14:d9:6b:ed:ed:1d:
                    99:67:b9:37:51:ff:77:c3:10:de:f0:53:56:4c:ef:
                    22:6a:ca:40:b3:83:e1:ae:27:cd:a2:c3:c5:6a:bb:
                    b4:69:d0:cf:97:58:5c:86:cb:db:2b:ac:2a:85:08:
                    ca:12:88:af:cf:95:96:49:3b:95:e1:f8:d6:1b:32:
                    21:d0:39:b3:da:fa:df:ed:00:28:72:7a:29:f0:9c:
                    a1:6f:e5:34:e5:1a:20:fb:97:3c:38:0d:98:81:74:
                    f3:b7:16:fa:09:81:99:ed:f1:a4:1f:df:48:35:b1:
                    2f:cc:8d:f7:d9:95:f4:e9:94:6a:8e:ec:2a:8c:c1:
                    4e:29:b9:c6:e7:f4:88:87:27:24:e0:9e:af:ba:54:
                    4f:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:92:DD:BA:52:2D:89:FB:45:64:61:26:99:3F:DD:61:BA:21:74:B6
            X509v3 Authority Key Identifier:
                keyid:E7:CA:DA:5F:08:81:D7:7B:EA:48:B0:76:8A:37:66:B5:00:65:AF:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/58raXwiB13vqSLB2ijdmtQBlrwg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/4bbd1bdf-866e-4b25-9ac6-e929a05080b9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/12e59001-35ac-4abf-858f-37b955a24b3f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2403:b300:1000::/48

    Signature Algorithm: sha256WithRSAEncryption
         47:0f:52:54:51:d7:59:e1:63:1b:63:59:9d:f7:33:42:2b:f0:
         d2:6a:db:b3:35:e0:ee:81:2b:9a:ff:56:7e:4c:0b:9e:1a:c7:
         1d:e1:44:bd:86:8e:cc:3e:fc:a4:d1:4a:54:c2:c9:7d:5a:cf:
         5d:22:dd:d4:a2:ba:2c:ad:d8:81:d9:67:bb:4d:6d:a9:8b:3e:
         93:55:f8:71:ad:77:1d:4e:2b:90:e1:ba:34:4b:5b:f3:02:c4:
         45:64:82:99:1d:ca:dc:d9:da:fb:d6:d1:20:4e:83:35:bb:cd:
         3b:dc:70:63:76:1c:69:ad:cd:9d:19:28:9e:cd:33:d2:16:6f:
         c8:26:31:bb:42:6a:44:66:c6:da:de:93:e9:ed:fd:dc:90:75:
         7c:8e:ec:c2:63:ad:0f:bd:47:23:79:00:08:39:d7:cd:c2:43:
         8d:ec:02:a1:1d:85:e3:64:4e:47:f1:6e:0b:ed:61:56:fe:af:
         f4:94:cc:d5:59:29:73:36:16:8a:e7:ae:10:28:ee:c7:0f:a5:
         30:69:70:46:fe:f3:5e:2e:bc:3b:ec:73:11:cf:2d:c1:d6:a6:
         f7:b2:6f:55:02:f8:56:a8:c2:05:0d:35:e3:c9:56:ab:5e:5b:
         61:1a:30:a7:53:9c:ce:f9:09:e4:1f:27:50:0c:95:48:b3:a8:
         ea:e0:72:26
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUUFI7RdB9lQb7NpwXRI5oNHSegZIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODgwNkYwMDAwMTEwLwYDVQQFEyhFN0NBREE1RjA4
ODFENzdCRUE0OEIwNzY4QTM3NjZCNTAwNjVBRjA4MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNANjVkYTBiNTQyN2FiODU2MTI3ZDAz
MzdmMzYzZGJhMjdkNDlkYTVlNGYxZmU1ZDAzNjJkZmY0ZTllOTIwMzQyZTEtMCsG
A1UEAxMkYmI5YTkxMTYtZjYxNS00NjJlLWE2ODAtNTI2NmIzMjdlMGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnoitxJ6FEATm96C2D01XCJjfVdB+
zTL/e8JRlylE2Fy+G14PeK/IxrDs+f99piSoowDjUMYIasESjz0WXEIuZZN7B9Bk
I8hlnj4eUMVpBnqKbLMtsqB2kvERMYu4AX5l1D4EEqvkegdpsliRbAZpM28U2Wvt
7R2ZZ7k3Uf93wxDe8FNWTO8iaspAs4PhrifNosPFaru0adDPl1hchsvbK6wqhQjK
Eoivz5WWSTuV4fjWGzIh0Dmz2vrf7QAocnop8Jyhb+U05Rog+5c8OA2YgXTztxb6
CYGZ7fGkH99INbEvzI332ZX06ZRqjuwqjMFOKbnG5/SIhyck4J6vulRPNQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFIWS3bpSLYn7RWRhJpk/3WG6IXS2MB8GA1UdIwQY
MBaAFOfK2l8Igdd76kiwdoo3ZrUAZa8IMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi81OHJhWHdp
QjEzdnFTTEIyaWpkbXRRQmxyd2cuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvNzA4YWFmYWYtMDBiNC00ODViLTg1NGMtMGIzMmNhMzBmNTdi
LzRiYmQxYmRmLTg2NmUtNGIyNS05YWM2LWU5MjlhMDUwODBiOS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS83MDhhYWZhZi0wMGI0LTQ4NWItODU0Yy0wYjMy
Y2EzMGY1N2IvMTJlNTkwMDEtMzVhYy00YWJmLTg1OGYtMzdiOTU1YTI0YjNmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAOzABAAMA0GCSqGSIb3DQEBCwUAA4IBAQBHD1JUUddZ4WMbY1md
9zNCK/DSatuzNeDugSua/1Z+TAueGscd4US9ho7MPvyk0UpUwsl9Ws9dIt3Uoros
rdiB2We7TW2piz6TVfhxrXcdTiuQ4bo0S1vzAsRFZIKZHcrc2dr71tEgToM1u807
3HBjdhxprc2dGSiezTPSFm/IJjG7QmpEZsba3pPp7f3ckHV8juzCY60PvUcjeQAI
OdfNwkON7AKhHYXjZE5H8W4L7WFW/q/0lMzVWSlzNhaK564QKO7HD6UwaXBG/vNe
Lrw77HMRzy3B1qb3sm9VAvhWqMIFDTXjyVarXlthGjCnU5zO+QnkHydQDJVIs6jq
4HIm
-----END CERTIFICATE-----