Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/5663bf34-10ed-4309-a236-7466afd6f02f.roa
File:                     5663bf34-10ed-4309-a236-7466afd6f02f.roa (raw, json)
Hash identifier:          HR65o9tlK+RLM2+gSv8runRrH8PwuHE7YJMH/60DOvY=
Subject key identifier:   71:BA:2E:5F:96:C5:42:68:05:48:4E:87:09:43:03:BC:E8:F5:61:37
Certificate issuer:       /CN=A918806F0000/serialNumber=E7CADA5F0881D77BEA48B0768A3766B50065AF08
Certificate serial:       65569348C81CA9F057E4CC92ED88ED7B446ACF7C
Authority key identifier: E7:CA:DA:5F:08:81:D7:7B:EA:48:B0:76:8A:37:66:B5:00:65:AF:08
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/58raXwiB13vqSLB2ijdmtQBlrwg.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/5663bf34-10ed-4309-a236-7466afd6f02f.roa
Signing time:             Mon 20 Jan 2025 00:00:00 +0000
ROA not before:           Mon 20 Jan 2025 00:00:00 +0000
ROA not after:            Mon 24 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2403:b300:ff00::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:56:93:48:c8:1c:a9:f0:57:e4:cc:92:ed:88:ed:7b:44:6a:cf:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918806F0000/serialNumber=E7CADA5F0881D77BEA48B0768A3766B50065AF08
        Validity
            Not Before: Jan 20 00:00:00 2025 GMT
            Not After : Feb 24 23:59:59 2025 GMT
        Subject: serialNumber=5c06ed267aac61672fbfcb72b4eaf3df9d2700425afd4c0dbce29656684bc974, CN=bb9a9116-f615-462e-a680-5266b327e0fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:c3:89:ef:d0:83:34:57:46:c8:57:fd:64:a1:
                    2e:f6:34:a2:eb:d1:2c:43:1e:1a:50:73:71:c7:72:
                    43:eb:6f:28:89:f3:42:99:66:5b:48:55:49:5c:49:
                    b2:5c:e1:66:16:14:78:93:aa:d7:42:9b:58:29:18:
                    b4:eb:5e:12:60:80:f8:2d:1c:79:5a:e3:85:92:72:
                    35:fd:7c:04:99:37:ae:ab:4a:b3:01:61:c8:ea:95:
                    9b:81:4a:c1:fd:0b:a6:94:45:7c:5e:a7:61:17:53:
                    ed:33:65:df:c5:e8:66:a9:1f:90:a6:cd:22:d2:c6:
                    55:60:2e:82:17:75:e6:c2:e6:d9:52:51:34:c0:0d:
                    7c:de:15:d4:e7:c5:59:50:53:8f:26:a1:59:cb:6e:
                    82:dc:73:ff:ca:75:5b:f1:76:ba:70:10:09:32:e0:
                    57:36:23:30:66:05:de:fe:68:67:5c:07:2d:21:11:
                    fa:4d:1f:55:95:77:1a:3a:de:fb:26:25:f1:cd:13:
                    62:5d:d5:25:81:b6:d4:a3:50:1c:ff:76:84:28:43:
                    37:e1:a6:96:f8:84:d6:d7:a4:ac:2d:ad:b3:25:2d:
                    91:4f:52:66:17:c1:ba:f8:5d:86:55:c4:cb:30:5e:
                    92:4d:56:c8:23:12:49:d6:e2:59:d3:9d:70:39:42:
                    05:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:BA:2E:5F:96:C5:42:68:05:48:4E:87:09:43:03:BC:E8:F5:61:37
            X509v3 Authority Key Identifier:
                keyid:E7:CA:DA:5F:08:81:D7:7B:EA:48:B0:76:8A:37:66:B5:00:65:AF:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/58raXwiB13vqSLB2ijdmtQBlrwg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/5663bf34-10ed-4309-a236-7466afd6f02f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/12e59001-35ac-4abf-858f-37b955a24b3f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2403:b300:ff00::/48

    Signature Algorithm: sha256WithRSAEncryption
         31:0a:1e:f7:5f:21:67:9a:19:ab:5c:19:eb:1d:24:24:71:0b:
         38:9f:f0:0b:d1:07:1f:41:98:48:92:99:bf:0b:98:c9:b2:85:
         5f:0b:2a:28:77:d8:fc:eb:6e:c2:16:51:ed:eb:da:7f:bd:a9:
         1b:7d:98:0b:2a:07:4e:2c:33:3b:2f:72:41:c6:eb:32:3f:fe:
         c9:57:3f:fa:fc:60:24:f1:a4:67:19:53:64:17:8f:7c:ef:21:
         5c:ab:f6:ad:fc:db:e1:9c:43:23:eb:8e:5a:cc:73:e4:5c:33:
         65:f0:3e:2d:e1:38:73:ee:e2:11:bf:9d:db:4f:86:b8:65:5a:
         5c:89:af:5e:1e:a9:c0:de:08:9c:81:12:f2:80:28:5e:1b:3a:
         c1:0a:87:b7:25:94:96:c2:7b:23:b2:89:d3:31:fa:7c:0e:d9:
         3f:aa:df:50:0d:80:c0:f1:30:26:f7:22:b3:b5:62:c8:7a:21:
         de:e9:68:0d:f7:56:0a:41:90:74:85:06:88:2c:c4:65:08:9f:
         f0:04:7a:ef:b3:e4:15:b7:52:34:fa:6f:44:b8:26:b3:b4:4e:
         94:94:b5:3c:17:79:70:22:91:a8:f3:7b:2d:5d:d0:1d:a7:1f:
         4f:65:ae:01:eb:e7:58:05:85:31:7b:d7:b8:47:cc:b9:55:c6:
         49:7a:1d:a6
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUZVaTSMgcqfBX5MyS7Yjte0Rqz3wwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODgwNkYwMDAwMTEwLwYDVQQFEyhFN0NBREE1RjA4
ODFENzdCRUE0OEIwNzY4QTM3NjZCNTAwNjVBRjA4MB4XDTI1MDEyMDAwMDAwMFoX
DTI1MDIyNDIzNTk1OVowejFJMEcGA1UEBRNANWMwNmVkMjY3YWFjNjE2NzJmYmZj
YjcyYjRlYWYzZGY5ZDI3MDA0MjVhZmQ0YzBkYmNlMjk2NTY2ODRiYzk3NDEtMCsG
A1UEAxMkYmI5YTkxMTYtZjYxNS00NjJlLWE2ODAtNTI2NmIzMjdlMGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArcOJ79CDNFdGyFf9ZKEu9jSi69Es
Qx4aUHNxx3JD628oifNCmWZbSFVJXEmyXOFmFhR4k6rXQptYKRi0614SYID4LRx5
WuOFknI1/XwEmTeuq0qzAWHI6pWbgUrB/QumlEV8XqdhF1PtM2XfxehmqR+Qps0i
0sZVYC6CF3XmwubZUlE0wA183hXU58VZUFOPJqFZy26C3HP/ynVb8Xa6cBAJMuBX
NiMwZgXe/mhnXActIRH6TR9VlXcaOt77JiXxzRNiXdUlgbbUo1Ac/3aEKEM34aaW
+ITW16SsLa2zJS2RT1JmF8G6+F2GVcTLMF6STVbIIxJJ1uJZ051wOUIFhQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFHG6Ll+WxUJoBUhOhwlDA7zo9WE3MB8GA1UdIwQY
MBaAFOfK2l8Igdd76kiwdoo3ZrUAZa8IMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi81OHJhWHdp
QjEzdnFTTEIyaWpkbXRRQmxyd2cuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvNzA4YWFmYWYtMDBiNC00ODViLTg1NGMtMGIzMmNhMzBmNTdi
LzU2NjNiZjM0LTEwZWQtNDMwOS1hMjM2LTc0NjZhZmQ2ZjAyZi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS83MDhhYWZhZi0wMGI0LTQ4NWItODU0Yy0wYjMy
Y2EzMGY1N2IvMTJlNTkwMDEtMzVhYy00YWJmLTg1OGYtMzdiOTU1YTI0YjNmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAOzAP8AMA0GCSqGSIb3DQEBCwUAA4IBAQAxCh73XyFnmhmrXBnr
HSQkcQs4n/AL0QcfQZhIkpm/C5jJsoVfCyood9j8627CFlHt69p/vakbfZgLKgdO
LDM7L3JBxusyP/7JVz/6/GAk8aRnGVNkF4987yFcq/at/NvhnEMj645azHPkXDNl
8D4t4Thz7uIRv53bT4a4ZVpcia9eHqnA3gicgRLygCheGzrBCoe3JZSWwnsjsonT
Mfp8Dtk/qt9QDYDA8TAm9yKztWLIeiHe6WgN91YKQZB0hQaILMRlCJ/wBHrvs+QV
t1I0+m9EuCaztE6UlLU8F3lwIpGo83stXdAdpx9PZa4B6+dYBYUxe9e4R8y5VcZJ
eh2m
-----END CERTIFICATE-----