Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/adf75e2e-9d2c-4718-a49d-ad44079b266b.roa
File:                     adf75e2e-9d2c-4718-a49d-ad44079b266b.roa (raw, json)
Hash identifier:          Bn59N8LU+NhSxBvyGVBoLNo5CG5yn7Tm6vPfKkV4PiA=
Subject key identifier:   07:F2:2B:23:7D:5E:5C:9A:28:1C:E0:6D:09:42:C9:EF:94:F0:73:64
Certificate issuer:       /CN=A91609040001/serialNumber=BCE9BA11292F847512C0A8412E51E6E3BA0D991D
Certificate serial:       48929AC2BE914D46A06926921D1BC910D68D33B5
Authority key identifier: BC:E9:BA:11:29:2F:84:75:12:C0:A8:41:2E:51:E6:E3:BA:0D:99:1D
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/adf75e2e-9d2c-4718-a49d-ad44079b266b.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        175.41.152.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:92:9a:c2:be:91:4d:46:a0:69:26:92:1d:1b:c9:10:d6:8d:33:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91609040001/serialNumber=BCE9BA11292F847512C0A8412E51E6E3BA0D991D
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=d68888143e24fe96b217f3218682e73e9d665beb59b61412ad918a373fcf9dbd, CN=1684111e-31c1-42e6-8f20-fc9ab8b5cf57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:91:7b:66:aa:9a:85:65:2e:ff:f7:64:45:18:
                    5f:1d:a4:f9:c8:4e:10:6f:24:b4:66:e8:6b:a7:47:
                    73:48:2e:be:86:44:d1:32:b4:1f:04:d4:77:a9:a2:
                    07:49:9d:da:77:9d:58:a5:3e:74:d2:fb:b8:d6:d0:
                    df:0d:4f:02:f3:94:ce:da:54:63:aa:02:66:67:58:
                    5b:30:02:16:6e:e4:2d:6f:0d:b6:48:72:5e:c7:d0:
                    d8:ab:77:6d:16:ce:2b:a1:16:f9:10:c1:03:80:97:
                    e1:a6:13:e4:fd:4e:b3:4a:ef:45:12:46:f1:ed:2a:
                    b5:2d:29:b9:2a:51:a0:7b:d8:7a:c7:c1:f7:84:ab:
                    7f:8f:e5:b7:77:b2:2d:bf:db:38:96:be:4b:26:30:
                    49:3c:ff:bb:2f:18:22:a2:95:9c:c1:e4:10:6b:7c:
                    99:53:27:98:56:51:b8:14:af:b1:cd:09:06:39:77:
                    d4:c0:4c:13:89:65:0f:d0:b0:29:c7:8d:3d:7e:bd:
                    9f:75:17:57:d8:62:b3:e4:7b:57:d3:eb:9d:60:34:
                    19:08:a6:db:c4:a5:0b:27:53:08:9a:35:ca:0c:e1:
                    95:9b:ec:09:78:0b:dc:1e:bd:ad:f9:52:98:a6:d8:
                    87:b6:b9:fd:a5:40:1a:99:56:73:6d:b2:05:ce:f2:
                    2e:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:F2:2B:23:7D:5E:5C:9A:28:1C:E0:6D:09:42:C9:EF:94:F0:73:64
            X509v3 Authority Key Identifier:
                keyid:BC:E9:BA:11:29:2F:84:75:12:C0:A8:41:2E:51:E6:E3:BA:0D:99:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/adf75e2e-9d2c-4718-a49d-ad44079b266b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/220cee0c-6002-409a-8194-38e216c0096c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  175.41.152.0/21

    Signature Algorithm: sha256WithRSAEncryption
         79:b6:b2:e3:a1:40:60:74:91:d3:c4:1c:58:58:a4:f6:b9:41:
         d5:2c:70:7b:4b:e7:a5:43:38:59:e0:89:1f:de:73:7e:11:82:
         cf:c5:73:99:33:90:9f:4f:58:8f:c2:cf:b1:d5:cc:85:d8:e5:
         c2:89:41:10:e7:44:4e:47:28:70:56:eb:ea:06:bf:3f:60:02:
         26:92:5e:58:bf:bd:83:c7:a9:c4:4d:25:ac:29:1a:a1:e8:b4:
         32:e9:2d:c1:10:b2:64:f3:1f:d7:1a:80:2c:47:3f:c4:57:ce:
         a1:81:94:b6:c3:ac:7a:ff:24:4d:67:7f:22:10:9d:09:c7:b2:
         4c:e0:62:40:46:f9:65:25:33:29:7d:a2:4c:50:1d:7a:d9:b8:
         5d:d6:5f:15:32:ba:c3:55:56:67:26:c7:6e:51:bd:9b:90:38:
         6d:34:5c:8d:d2:38:e1:1a:e7:79:82:76:43:82:6b:ab:e4:35:
         fd:6c:67:01:58:10:b7:61:db:14:24:86:8b:f9:de:5f:de:8e:
         eb:a2:8f:04:bc:b9:7b:7e:3e:2f:e9:14:34:58:e9:b8:73:60:
         f5:f2:d7:3c:e8:2a:3e:55:d5:89:c1:c5:13:f7:fd:7b:65:5f:
         52:89:a6:ab:50:7e:d2:da:c7:65:c7:fd:d6:b7:d8:54:58:96:
         08:d2:cf:f9
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUSJKawr6RTUagaSaSHRvJENaNM7UwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxNjA5MDQwMDAxMTEwLwYDVQQFEyhCQ0U5QkExMTI5
MkY4NDc1MTJDMEE4NDEyRTUxRTZFM0JBMEQ5OTFEMB4XDTI1MDExMzAwMDAwMFoX
DTI1MDIxNzIzNTk1OVowejFJMEcGA1UEBRNAZDY4ODg4MTQzZTI0ZmU5NmIyMTdm
MzIxODY4MmU3M2U5ZDY2NWJlYjU5YjYxNDEyYWQ5MThhMzczZmNmOWRiZDEtMCsG
A1UEAxMkMTY4NDExMWUtMzFjMS00MmU2LThmMjAtZmM5YWI4YjVjZjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4JF7ZqqahWUu//dkRRhfHaT5yE4Q
byS0Zuhrp0dzSC6+hkTRMrQfBNR3qaIHSZ3ad51YpT500vu41tDfDU8C85TO2lRj
qgJmZ1hbMAIWbuQtbw22SHJex9DYq3dtFs4roRb5EMEDgJfhphPk/U6zSu9FEkbx
7Sq1LSm5KlGge9h6x8H3hKt/j+W3d7Itv9s4lr5LJjBJPP+7LxgiopWcweQQa3yZ
UyeYVlG4FK+xzQkGOXfUwEwTiWUP0LApx409fr2fdRdX2GKz5HtX0+udYDQZCKbb
xKULJ1MImjXKDOGVm+wJeAvcHr2t+VKYptiHtrn9pUAamVZzbbIFzvIuywIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFAfyKyN9XlyaKBzgbQlCye+U8HNkMB8GA1UdIwQY
MBaAFLzpuhEpL4R1EsCoQS5R5uO6DZkdMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi92T202RVNr
dmhIVVN3S2hCTGxIbTQ3b05tUjAuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYmQ0OGExZmEtMzQ3MS00YWIyLTg1MDgtYWQzNmI5NjgxM2U0
L2FkZjc1ZTJlLTlkMmMtNDcxOC1hNDlkLWFkNDQwNzliMjY2Yi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9iZDQ4YTFmYS0zNDcxLTRhYjItODUwOC1hZDM2
Yjk2ODEzZTQvMjIwY2VlMGMtNjAwMi00MDlhLTgxOTQtMzhlMjE2YzAwOTZjLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQDrymYMA0GCSqGSIb3DQEBCwUAA4IBAQB5trLjoUBgdJHTxBxYWKT2
uUHVLHB7S+elQzhZ4Ikf3nN+EYLPxXOZM5CfT1iPws+x1cyF2OXCiUEQ50RORyhw
VuvqBr8/YAImkl5Yv72Dx6nETSWsKRqh6LQy6S3BELJk8x/XGoAsRz/EV86hgZS2
w6x6/yRNZ38iEJ0Jx7JM4GJARvllJTMpfaJMUB162bhd1l8VMrrDVVZnJsduUb2b
kDhtNFyN0jjhGud5gnZDgmur5DX9bGcBWBC3YdsUJIaL+d5f3o7roo8EvLl7fj4v
6RQ0WOm4c2D18tc86Co+VdWJwcUT9/17ZV9SiaarUH7S2sdlx/3Wt9hUWJYI0s/5
-----END CERTIFICATE-----