Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/cebef322-460c-4f6e-8a8a-2f4b41debd9b.roa
File:                     cebef322-460c-4f6e-8a8a-2f4b41debd9b.roa (raw, json)
Hash identifier:          hK8MT6w6Y/92/CTUwoimhL6OcdqHQU0UVRyCjEsx4Ns=
Subject key identifier:   C2:C2:0B:71:6D:10:BC:36:55:6A:96:6F:4B:6D:FC:34:C4:B2:1D:D9
Certificate issuer:       /CN=A91609040001/serialNumber=BCE9BA11292F847512C0A8412E51E6E3BA0D991D
Certificate serial:       0FBA7DFA4189220B8785C4E844FD92C7AAFC399D
Authority key identifier: BC:E9:BA:11:29:2F:84:75:12:C0:A8:41:2E:51:E6:E3:BA:0D:99:1D
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/cebef322-460c-4f6e-8a8a-2f4b41debd9b.roa
Signing time:             Mon 20 Jan 2025 00:00:00 +0000
ROA not before:           Mon 20 Jan 2025 00:00:00 +0000
ROA not after:            Mon 24 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2400:6500::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:ba:7d:fa:41:89:22:0b:87:85:c4:e8:44:fd:92:c7:aa:fc:39:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91609040001/serialNumber=BCE9BA11292F847512C0A8412E51E6E3BA0D991D
        Validity
            Not Before: Jan 20 00:00:00 2025 GMT
            Not After : Feb 24 23:59:59 2025 GMT
        Subject: serialNumber=78246978b9c63873d99292266ede5b694a85b4602c70029a917fc6f19d2f8c3a, CN=1684111e-31c1-42e6-8f20-fc9ab8b5cf57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:90:71:27:2d:64:54:db:a9:53:f1:04:36:31:
                    02:f3:4d:1d:82:55:50:a3:4b:75:43:97:66:29:33:
                    5c:5c:89:71:a4:99:6a:b6:50:c8:78:5a:d7:f9:8e:
                    e8:e9:a1:a6:38:68:67:63:66:57:45:66:cc:a2:df:
                    77:a3:11:7b:78:b4:7c:95:ba:2f:9c:af:10:05:91:
                    c5:5a:13:2c:2d:02:b3:05:32:2f:a3:43:db:39:94:
                    91:2b:a9:bf:d7:1e:50:d5:15:d3:cc:59:25:0d:77:
                    21:fb:1f:33:fa:6a:e6:86:89:c8:78:2f:96:22:f4:
                    d3:c4:fb:b1:22:07:a6:6c:fa:83:e1:76:d1:cc:97:
                    53:0c:b5:a5:29:1f:61:4c:e5:b9:d2:24:c5:a6:e0:
                    85:4c:74:b8:8e:5a:a9:be:88:da:f5:0c:7f:46:05:
                    aa:c9:af:70:bc:fd:eb:cd:e2:3f:ef:4d:35:7c:80:
                    2f:2e:84:ed:8d:52:5f:87:63:77:2a:81:53:94:f6:
                    1b:21:be:40:a5:4d:02:23:e4:aa:ba:87:1a:ab:2a:
                    57:3c:11:2b:43:0b:d1:51:06:ec:b9:cc:4b:3a:f1:
                    76:41:8b:20:7d:ee:44:a0:70:73:8b:c2:56:aa:d3:
                    d9:7b:5b:af:7f:88:2e:3f:70:f7:56:ce:cf:20:7f:
                    c1:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:C2:0B:71:6D:10:BC:36:55:6A:96:6F:4B:6D:FC:34:C4:B2:1D:D9
            X509v3 Authority Key Identifier:
                keyid:BC:E9:BA:11:29:2F:84:75:12:C0:A8:41:2E:51:E6:E3:BA:0D:99:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/cebef322-460c-4f6e-8a8a-2f4b41debd9b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/220cee0c-6002-409a-8194-38e216c0096c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2400:6500::/32

    Signature Algorithm: sha256WithRSAEncryption
         58:9f:4e:53:cb:49:4a:b4:6e:a1:a2:cf:95:8c:75:22:d7:bd:
         b3:d3:5a:ae:3c:06:f2:cf:04:a2:b3:51:17:c7:c3:4b:dd:75:
         d3:33:3b:b8:ea:f4:b7:f0:2d:5c:31:d8:79:9b:25:d1:9f:83:
         98:8b:f4:c5:50:02:b1:8a:c0:f9:f6:16:a7:cd:09:a8:cd:6a:
         23:4d:68:d0:46:9c:b8:3f:ca:cc:81:24:a3:85:dd:f9:33:43:
         af:45:a0:54:6f:eb:6c:4b:72:a5:7e:92:b6:6b:57:bd:d8:29:
         41:a8:e3:8c:a7:3a:64:45:f2:98:fd:02:f3:3e:09:de:a5:e0:
         fc:49:f7:4e:d2:d8:af:97:06:4b:26:4b:b2:b5:ee:97:8c:15:
         7d:c6:3a:3b:ac:cf:0e:bb:2b:b4:48:fa:19:25:a0:8b:a1:f1:
         97:f0:6c:8f:b4:85:c4:33:77:b4:d6:82:a6:e1:54:8d:92:28:
         c8:d3:b8:09:60:d9:d5:f7:b7:60:a8:3e:bd:cc:74:f2:31:e6:
         7d:ff:eb:ae:58:96:25:2a:c5:88:e9:86:c3:20:a4:b0:90:71:
         4e:f1:1d:db:b2:25:fc:9d:5b:8d:6b:2e:cc:69:99:3b:47:d7:
         76:3b:49:20:3c:39:01:b4:06:9b:e7:5c:af:83:e6:4e:1d:78:
         10:25:ef:8d
-----BEGIN CERTIFICATE-----
MIIFnTCCBIWgAwIBAgIUD7p9+kGJIguHhcToRP2Sx6r8OZ0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxNjA5MDQwMDAxMTEwLwYDVQQFEyhCQ0U5QkExMTI5
MkY4NDc1MTJDMEE4NDEyRTUxRTZFM0JBMEQ5OTFEMB4XDTI1MDEyMDAwMDAwMFoX
DTI1MDIyNDIzNTk1OVowejFJMEcGA1UEBRNANzgyNDY5NzhiOWM2Mzg3M2Q5OTI5
MjI2NmVkZTViNjk0YTg1YjQ2MDJjNzAwMjlhOTE3ZmM2ZjE5ZDJmOGMzYTEtMCsG
A1UEAxMkMTY4NDExMWUtMzFjMS00MmU2LThmMjAtZmM5YWI4YjVjZjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvZBxJy1kVNupU/EENjEC800dglVQ
o0t1Q5dmKTNcXIlxpJlqtlDIeFrX+Y7o6aGmOGhnY2ZXRWbMot93oxF7eLR8lbov
nK8QBZHFWhMsLQKzBTIvo0PbOZSRK6m/1x5Q1RXTzFklDXch+x8z+mrmhonIeC+W
IvTTxPuxIgembPqD4XbRzJdTDLWlKR9hTOW50iTFpuCFTHS4jlqpvoja9Qx/RgWq
ya9wvP3rzeI/7001fIAvLoTtjVJfh2N3KoFTlPYbIb5ApU0CI+SquocaqypXPBEr
QwvRUQbsucxLOvF2QYsgfe5EoHBzi8JWqtPZe1uvf4guP3D3Vs7PIH/BwwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFMLCC3FtELw2VWqWb0tt/DTEsh3ZMB8GA1UdIwQY
MBaAFLzpuhEpL4R1EsCoQS5R5uO6DZkdMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi92T202RVNr
dmhIVVN3S2hCTGxIbTQ3b05tUjAuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYmQ0OGExZmEtMzQ3MS00YWIyLTg1MDgtYWQzNmI5NjgxM2U0
L2NlYmVmMzIyLTQ2MGMtNGY2ZS04YThhLTJmNGI0MWRlYmQ5Yi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9iZDQ4YTFmYS0zNDcxLTRhYjItODUwOC1hZDM2
Yjk2ODEzZTQvMjIwY2VlMGMtNjAwMi00MDlhLTgxOTQtMzhlMjE2YzAwOTZjLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzAN
BAIAAjAHAwUAJABlADANBgkqhkiG9w0BAQsFAAOCAQEAWJ9OU8tJSrRuoaLPlYx1
Ite9s9NarjwG8s8EorNRF8fDS9110zM7uOr0t/AtXDHYeZsl0Z+DmIv0xVACsYrA
+fYWp80JqM1qI01o0EacuD/KzIEko4Xd+TNDr0WgVG/rbEtypX6StmtXvdgpQajj
jKc6ZEXymP0C8z4J3qXg/En3TtLYr5cGSyZLsrXul4wVfcY6O6zPDrsrtEj6GSWg
i6Hxl/Bsj7SFxDN3tNaCpuFUjZIoyNO4CWDZ1fe3YKg+vcx08jHmff/rrliWJSrF
iOmGwyCksJBxTvEd27Il/J1bjWsuzGmZO0fXdjtJIDw5AbQGm+dcr4PmTh14ECXv
jQ==
-----END CERTIFICATE-----