Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/7b26d410-17d7-4310-bb58-41c465f8eef2.roa
File:                     7b26d410-17d7-4310-bb58-41c465f8eef2.roa (raw, json)
Hash identifier:          ZewET1uEBGLcNNcQQ7hG4YLysMagdnPDTMJn51uUvMM=
Subject key identifier:   DD:69:F8:04:F8:2D:2E:C2:D6:1E:3A:E3:25:A2:F9:51:D6:42:2C:10
Certificate issuer:       /CN=A91609040001/serialNumber=BCE9BA11292F847512C0A8412E51E6E3BA0D991D
Certificate serial:       52C42C60E74BA4D0E8DD652AD4273277AA8DBF2E
Authority key identifier: BC:E9:BA:11:29:2F:84:75:12:C0:A8:41:2E:51:E6:E3:BA:0D:99:1D
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/7b26d410-17d7-4310-bb58-41c465f8eef2.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        175.41.148.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:c4:2c:60:e7:4b:a4:d0:e8:dd:65:2a:d4:27:32:77:aa:8d:bf:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91609040001/serialNumber=BCE9BA11292F847512C0A8412E51E6E3BA0D991D
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=491711bb040207afff5a6af4648f77b87a0fb303c6c04779ff7bdb54166abcdf, CN=1684111e-31c1-42e6-8f20-fc9ab8b5cf57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:c0:6b:0f:9c:f6:a8:8a:67:25:5a:ae:10:9d:
                    15:3d:bb:88:db:f5:0e:57:7a:f1:90:aa:29:bd:38:
                    82:a4:81:5d:04:9a:d5:dd:63:b5:c5:6f:a2:3a:b3:
                    ae:31:0f:0a:7d:fc:77:23:c1:e6:4d:dd:54:42:5a:
                    58:c5:80:40:8a:80:23:ad:a8:4b:7d:73:cc:2f:6c:
                    75:a2:28:22:14:08:9b:67:a0:55:7a:27:f5:c0:d8:
                    0b:69:44:6a:f1:1b:75:8d:3a:97:07:c2:2d:3f:72:
                    1f:02:79:ac:1a:26:d6:d6:a4:52:31:52:9a:14:55:
                    0d:cf:3b:44:8f:73:c6:4b:15:44:8e:85:c0:cd:96:
                    a9:65:66:ed:83:fe:4e:32:3b:49:1d:8c:13:8f:23:
                    53:e6:b5:87:dd:a2:84:20:27:df:f9:f6:9d:2b:84:
                    81:d9:99:33:ef:8d:99:70:d4:d3:50:ac:23:ab:09:
                    ce:d8:9a:25:d9:e2:8d:2b:04:02:70:e7:d9:3f:d8:
                    57:00:7f:d2:f5:a2:89:86:f7:5c:1d:22:70:19:6c:
                    7e:e4:0d:f1:50:0c:61:a8:2c:56:04:0d:33:52:4e:
                    b2:7d:b2:e2:5a:db:dc:6c:29:ae:04:d8:4f:74:43:
                    01:18:40:29:e2:d8:34:17:e9:ce:e4:09:5b:e3:01:
                    e4:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:69:F8:04:F8:2D:2E:C2:D6:1E:3A:E3:25:A2:F9:51:D6:42:2C:10
            X509v3 Authority Key Identifier:
                keyid:BC:E9:BA:11:29:2F:84:75:12:C0:A8:41:2E:51:E6:E3:BA:0D:99:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/7b26d410-17d7-4310-bb58-41c465f8eef2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/220cee0c-6002-409a-8194-38e216c0096c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  175.41.148.0/23

    Signature Algorithm: sha256WithRSAEncryption
         00:73:cc:26:06:96:9c:15:e8:8a:28:2d:17:17:98:02:d5:96:
         45:30:4d:72:4f:c8:09:c3:57:5c:c8:05:48:e2:c4:0c:dc:d5:
         8d:aa:14:ca:8c:9a:04:4e:cf:a8:7c:b0:e8:d6:1f:03:4f:d6:
         86:f1:bd:f9:bd:8a:e3:8e:a1:4a:1a:b4:a9:fc:86:e5:a2:a4:
         95:7b:33:17:49:bb:33:b9:e8:79:fc:9f:51:5d:ac:56:e1:33:
         3c:3b:a5:1f:63:9a:6b:5b:9c:93:d7:fa:52:44:3c:74:7d:dd:
         eb:b2:9c:81:b7:73:86:e8:7d:1b:2a:84:d7:5f:4d:d3:d4:c7:
         21:ef:70:ae:a0:d8:d1:e8:f5:f7:32:34:6a:b8:ba:d0:e8:82:
         77:16:aa:a9:01:cf:b1:6a:69:d0:ed:16:bb:fe:69:dd:7c:63:
         08:8e:14:02:ed:f9:9c:05:fb:52:a6:f1:a1:52:bc:cc:ce:12:
         6c:90:77:94:5d:5e:d2:f7:38:e4:c5:52:19:e7:d7:40:cf:fe:
         c1:d7:d2:3d:72:84:cd:44:7e:ee:61:67:10:6d:58:e0:6a:f4:
         d0:05:c0:4a:bf:d5:7b:bf:27:58:7b:e0:60:36:5e:55:5e:7c:
         2b:ac:a6:44:aa:46:31:25:79:6d:82:83:45:96:80:4e:d8:1b:
         63:e9:28:f5
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUUsQsYOdLpNDo3WUq1Ccyd6qNvy4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxNjA5MDQwMDAxMTEwLwYDVQQFEyhCQ0U5QkExMTI5
MkY4NDc1MTJDMEE4NDEyRTUxRTZFM0JBMEQ5OTFEMB4XDTI1MDExMzAwMDAwMFoX
DTI1MDIxNzIzNTk1OVowejFJMEcGA1UEBRNANDkxNzExYmIwNDAyMDdhZmZmNWE2
YWY0NjQ4Zjc3Yjg3YTBmYjMwM2M2YzA0Nzc5ZmY3YmRiNTQxNjZhYmNkZjEtMCsG
A1UEAxMkMTY4NDExMWUtMzFjMS00MmU2LThmMjAtZmM5YWI4YjVjZjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjcBrD5z2qIpnJVquEJ0VPbuI2/UO
V3rxkKopvTiCpIFdBJrV3WO1xW+iOrOuMQ8Kffx3I8HmTd1UQlpYxYBAioAjrahL
fXPML2x1oigiFAibZ6BVeif1wNgLaURq8Rt1jTqXB8ItP3IfAnmsGibW1qRSMVKa
FFUNzztEj3PGSxVEjoXAzZapZWbtg/5OMjtJHYwTjyNT5rWH3aKEICff+fadK4SB
2Zkz742ZcNTTUKwjqwnO2Jol2eKNKwQCcOfZP9hXAH/S9aKJhvdcHSJwGWx+5A3x
UAxhqCxWBA0zUk6yfbLiWtvcbCmuBNhPdEMBGEAp4tg0F+nO5Alb4wHkgQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFN1p+AT4LS7C1h464yWi+VHWQiwQMB8GA1UdIwQY
MBaAFLzpuhEpL4R1EsCoQS5R5uO6DZkdMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi92T202RVNr
dmhIVVN3S2hCTGxIbTQ3b05tUjAuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYmQ0OGExZmEtMzQ3MS00YWIyLTg1MDgtYWQzNmI5NjgxM2U0
LzdiMjZkNDEwLTE3ZDctNDMxMC1iYjU4LTQxYzQ2NWY4ZWVmMi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9iZDQ4YTFmYS0zNDcxLTRhYjItODUwOC1hZDM2
Yjk2ODEzZTQvMjIwY2VlMGMtNjAwMi00MDlhLTgxOTQtMzhlMjE2YzAwOTZjLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQBrymUMA0GCSqGSIb3DQEBCwUAA4IBAQAAc8wmBpacFeiKKC0XF5gC
1ZZFME1yT8gJw1dcyAVI4sQM3NWNqhTKjJoETs+ofLDo1h8DT9aG8b35vYrjjqFK
GrSp/IbloqSVezMXSbszueh5/J9RXaxW4TM8O6UfY5prW5yT1/pSRDx0fd3rspyB
t3OG6H0bKoTXX03T1Mch73CuoNjR6PX3MjRquLrQ6IJ3FqqpAc+xamnQ7Ra7/mnd
fGMIjhQC7fmcBftSpvGhUrzMzhJskHeUXV7S9zjkxVIZ59dAz/7B19I9coTNRH7u
YWcQbVjgavTQBcBKv9V7vydYe+BgNl5VXnwrrKZEqkYxJXltgoNFloBO2Btj6Sj1
-----END CERTIFICATE-----