Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/fcd6adab-06f0-4676-9568-6d4d48f7658c.roa
File:                     fcd6adab-06f0-4676-9568-6d4d48f7658c.roa (raw, json)
Hash identifier:          bPZBGXJAaZcVmFZ6a56kEVLF8TbqMiDHD7mYsyum7i8=
Subject key identifier:   A6:56:0C:CB:EC:F9:69:31:EE:DB:BF:14:DE:58:24:B8:1C:4A:F0:3D
Certificate issuer:       /CN=A91609040001/serialNumber=BCE9BA11292F847512C0A8412E51E6E3BA0D991D
Certificate serial:       73EE0085EB8E44EE64394EFC178A00275DEC0B8F
Authority key identifier: BC:E9:BA:11:29:2F:84:75:12:C0:A8:41:2E:51:E6:E3:BA:0D:99:1D
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/fcd6adab-06f0-4676-9568-6d4d48f7658c.roa
Signing time:             Mon 20 Jan 2025 00:00:00 +0000
ROA not before:           Mon 20 Jan 2025 00:00:00 +0000
ROA not after:            Mon 24 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2400:6500:ff00::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:ee:00:85:eb:8e:44:ee:64:39:4e:fc:17:8a:00:27:5d:ec:0b:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91609040001/serialNumber=BCE9BA11292F847512C0A8412E51E6E3BA0D991D
        Validity
            Not Before: Jan 20 00:00:00 2025 GMT
            Not After : Feb 24 23:59:59 2025 GMT
        Subject: serialNumber=16e254b8927a7a61e6d4ef1fd77606b0f1ccf3908f910b027aa4afc7354dee42, CN=1684111e-31c1-42e6-8f20-fc9ab8b5cf57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:d5:25:10:a3:f1:e7:ae:d3:9e:8d:ba:9a:65:
                    88:af:14:53:7e:a7:43:c2:d7:78:51:d7:e3:5b:d6:
                    db:b3:81:eb:d3:b6:b0:ee:2a:2e:34:d5:ed:c5:80:
                    b5:f4:ef:bc:60:4f:46:a9:0f:fd:90:36:a9:3c:76:
                    c6:83:07:2d:63:08:95:1a:53:d8:f7:95:a8:b2:2e:
                    cd:bd:0f:e2:16:29:b5:cf:2e:73:e7:26:45:4b:27:
                    4d:a0:c5:4f:d9:0c:33:62:26:78:b8:50:0a:a5:e1:
                    84:60:cf:85:3a:0e:6e:c1:65:be:14:78:67:ca:16:
                    bb:1f:57:3f:5d:a7:6b:a0:61:b5:a1:ff:ae:bd:76:
                    93:87:f0:31:28:7f:4d:ee:fe:f8:d7:99:e6:18:8d:
                    31:7c:e1:80:18:ac:cb:fe:b2:c9:db:d4:98:06:76:
                    39:17:d7:aa:73:04:11:24:79:40:c7:09:dc:11:cb:
                    f2:52:eb:95:e8:f7:98:99:5b:f0:b9:79:e2:78:1f:
                    5f:92:88:15:23:bc:ea:dd:d6:4e:45:74:45:8c:ef:
                    98:8c:6d:75:76:9b:dc:10:a9:8a:4d:0d:a1:b4:5a:
                    80:76:2c:08:fc:3c:bd:bf:f1:b4:f1:74:4a:3d:5c:
                    e9:b7:9a:3f:e7:af:8a:bd:ff:22:30:c1:83:76:36:
                    f5:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:56:0C:CB:EC:F9:69:31:EE:DB:BF:14:DE:58:24:B8:1C:4A:F0:3D
            X509v3 Authority Key Identifier:
                keyid:BC:E9:BA:11:29:2F:84:75:12:C0:A8:41:2E:51:E6:E3:BA:0D:99:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/fcd6adab-06f0-4676-9568-6d4d48f7658c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/220cee0c-6002-409a-8194-38e216c0096c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2400:6500:ff00::/48

    Signature Algorithm: sha256WithRSAEncryption
         e8:98:75:cb:86:94:c8:53:15:ad:97:39:88:38:c0:17:4c:0b:
         85:20:a5:f9:ea:d9:41:f0:51:b9:a6:c8:90:62:d5:cf:fb:e3:
         ab:d7:1e:f4:26:d1:26:3d:e7:a5:53:f8:10:3e:17:bc:ab:94:
         3c:e4:38:94:f9:aa:89:79:e1:e7:94:c9:fc:00:a1:d0:d3:35:
         50:04:a8:45:ee:44:b6:a3:cb:09:a5:60:39:11:18:30:04:a1:
         d8:32:b9:44:11:ab:b8:3d:5f:58:00:4a:51:20:8d:2e:e6:05:
         33:69:68:d1:a3:e3:c0:bb:ac:5e:9c:15:ed:a0:8d:88:bd:00:
         95:09:da:0b:95:e9:7d:09:fa:de:39:66:38:31:7e:19:10:d1:
         2f:d6:ab:0b:28:55:44:78:7b:d0:99:13:dd:f2:39:54:aa:e9:
         13:80:c3:41:dc:ab:07:18:ee:8d:d6:15:05:5f:55:84:2d:3b:
         58:15:b9:b6:12:c6:8d:7d:c8:69:a3:a5:67:1c:57:12:d5:00:
         fc:5e:11:43:1f:37:19:a0:1f:63:b1:76:40:b1:f4:f2:7e:ac:
         77:d5:98:a2:43:42:da:fe:13:ae:af:97:88:b7:46:6f:fc:af:
         b4:fd:d0:bf:7e:70:16:0b:40:18:c9:73:ec:e1:16:81:75:92:
         e2:b9:fe:76
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUc+4AheuORO5kOU78F4oAJ13sC48wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxNjA5MDQwMDAxMTEwLwYDVQQFEyhCQ0U5QkExMTI5
MkY4NDc1MTJDMEE4NDEyRTUxRTZFM0JBMEQ5OTFEMB4XDTI1MDEyMDAwMDAwMFoX
DTI1MDIyNDIzNTk1OVowejFJMEcGA1UEBRNAMTZlMjU0Yjg5MjdhN2E2MWU2ZDRl
ZjFmZDc3NjA2YjBmMWNjZjM5MDhmOTEwYjAyN2FhNGFmYzczNTRkZWU0MjEtMCsG
A1UEAxMkMTY4NDExMWUtMzFjMS00MmU2LThmMjAtZmM5YWI4YjVjZjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjtUlEKPx567Tno26mmWIrxRTfqdD
wtd4UdfjW9bbs4Hr07aw7iouNNXtxYC19O+8YE9GqQ/9kDapPHbGgwctYwiVGlPY
95Wosi7NvQ/iFim1zy5z5yZFSydNoMVP2QwzYiZ4uFAKpeGEYM+FOg5uwWW+FHhn
yha7H1c/XadroGG1of+uvXaTh/AxKH9N7v7415nmGI0xfOGAGKzL/rLJ29SYBnY5
F9eqcwQRJHlAxwncEcvyUuuV6PeYmVvwuXnieB9fkogVI7zq3dZORXRFjO+YjG11
dpvcEKmKTQ2htFqAdiwI/Dy9v/G08XRKPVzpt5o/56+Kvf8iMMGDdjb14wIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFKZWDMvs+Wkx7tu/FN5YJLgcSvA9MB8GA1UdIwQY
MBaAFLzpuhEpL4R1EsCoQS5R5uO6DZkdMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi92T202RVNr
dmhIVVN3S2hCTGxIbTQ3b05tUjAuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYmQ0OGExZmEtMzQ3MS00YWIyLTg1MDgtYWQzNmI5NjgxM2U0
L2ZjZDZhZGFiLTA2ZjAtNDY3Ni05NTY4LTZkNGQ0OGY3NjU4Yy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9iZDQ4YTFmYS0zNDcxLTRhYjItODUwOC1hZDM2
Yjk2ODEzZTQvMjIwY2VlMGMtNjAwMi00MDlhLTgxOTQtMzhlMjE2YzAwOTZjLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJABlAP8AMA0GCSqGSIb3DQEBCwUAA4IBAQDomHXLhpTIUxWtlzmI
OMAXTAuFIKX56tlB8FG5psiQYtXP++Or1x70JtEmPeelU/gQPhe8q5Q85DiU+aqJ
eeHnlMn8AKHQ0zVQBKhF7kS2o8sJpWA5ERgwBKHYMrlEEau4PV9YAEpRII0u5gUz
aWjRo+PAu6xenBXtoI2IvQCVCdoLlel9CfreOWY4MX4ZENEv1qsLKFVEeHvQmRPd
8jlUqukTgMNB3KsHGO6N1hUFX1WELTtYFbm2EsaNfchpo6VnHFcS1QD8XhFDHzcZ
oB9jsXZAsfTyfqx31ZiiQ0La/hOur5eIt0Zv/K+0/dC/fnAWC0AYyXPs4RaBdZLi
uf52
-----END CERTIFICATE-----