Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/0feedd18-2b71-48d5-a2ee-07ca90b4d203.roa
File:                     0feedd18-2b71-48d5-a2ee-07ca90b4d203.roa (raw, json)
Hash identifier:          GslZcDhn4ClNWJlvz6A11iePJvSZ5qQGrd6qW2nWf/4=
Subject key identifier:   66:18:00:F4:DB:22:E9:5A:67:D0:63:39:D3:C3:AC:5E:D0:79:FF:EA
Certificate issuer:       /CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
Certificate serial:       7D558BAB6C4E3014B622E358A783ED888EBD9543
Authority key identifier: 97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/0feedd18-2b71-48d5-a2ee-07ca90b4d203.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        240f:8014:800::/38 maxlen: 38
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:55:8b:ab:6c:4e:30:14:b6:22:e3:58:a7:83:ed:88:8e:bd:95:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: serialNumber=f70500ef4c72566adaa73aa480546e8aad3ef27be2ac67d65e7aa9eb3d50b6f0, CN=4257e925-715f-47a2-893e-0e3f97ec7e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:36:03:d9:d5:4b:8e:7b:b8:91:60:e5:5b:ea:
                    e8:0e:74:69:cb:e4:1e:bb:50:ee:77:4b:e9:34:88:
                    68:c8:7a:d4:3d:ca:22:dd:6b:7d:1b:88:3c:7f:82:
                    08:ee:5e:3a:c1:0e:93:6d:0e:48:df:bf:88:bb:12:
                    11:2a:e4:ce:57:8b:08:80:54:9c:25:92:d3:8f:98:
                    5c:9c:21:2c:f0:72:0f:bd:1e:8b:78:72:a9:39:00:
                    b2:47:d5:8b:7d:cc:ff:d0:14:b5:e7:da:fc:ec:1d:
                    58:aa:fa:ab:95:7e:e9:fd:d1:db:93:99:2a:e5:e7:
                    1c:ef:72:9b:ff:4e:28:19:86:f8:85:18:83:97:66:
                    87:1f:4a:34:d0:b6:7f:23:d5:a9:bf:d0:d6:df:38:
                    a4:e7:f4:04:77:e4:ff:6b:b0:b3:7a:04:b9:97:a6:
                    25:44:66:eb:5b:79:8e:75:6e:38:b1:74:7d:95:f6:
                    db:92:c1:72:eb:4c:20:54:00:1f:dd:af:43:3a:82:
                    4d:9f:47:53:88:d8:6f:c6:57:7f:de:f4:55:73:be:
                    1b:64:a9:1f:fa:7b:f2:4a:72:94:63:40:aa:a9:a3:
                    90:e6:51:ff:03:c9:50:86:82:91:d9:7d:75:d3:92:
                    ed:c5:c6:ae:d4:7d:ea:95:51:bb:84:ce:2b:f8:5f:
                    1b:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:18:00:F4:DB:22:E9:5A:67:D0:63:39:D3:C3:AC:5E:D0:79:FF:EA
            X509v3 Authority Key Identifier:
                keyid:97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/0feedd18-2b71-48d5-a2ee-07ca90b4d203.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240f:8014:800::/38

    Signature Algorithm: sha256WithRSAEncryption
         39:7f:ec:ac:10:f7:e6:41:9d:e7:fa:3b:f2:a5:f4:67:4f:07:
         59:d8:62:77:49:0e:fa:4c:9e:e8:03:cf:5e:8a:6b:ee:d3:94:
         a5:ee:9a:ea:13:ef:53:a1:70:ef:3d:5a:ef:77:5c:5f:f6:f2:
         2e:3a:9b:d1:0b:39:52:ad:10:3e:1f:bd:41:7e:70:d2:01:2b:
         8a:60:1d:0c:f6:8d:38:85:33:05:15:91:ea:a7:5c:69:0f:b9:
         37:c7:76:b9:ac:c0:da:5e:e5:74:bf:1f:48:c3:f6:02:04:59:
         b2:be:10:a8:28:4d:df:f4:94:e8:ca:d2:96:0d:6d:74:07:6c:
         f9:df:51:68:36:97:1c:47:20:0a:34:61:83:ef:92:24:e2:15:
         1b:ca:55:40:5c:70:6b:fb:96:68:8c:8e:4d:d1:6c:41:24:0d:
         46:5b:5b:d3:a0:2a:3a:17:ed:ef:8d:53:7c:a1:77:de:d6:8b:
         6a:dc:f2:50:3f:ff:25:9d:c9:74:f9:e9:ad:10:57:e3:67:ce:
         1a:46:79:46:8a:f9:8e:9e:bd:f6:0f:08:35:2b:a5:22:be:6a:
         49:62:74:f4:d2:20:36:bc:99:28:88:08:69:9a:6e:4f:1a:d9:
         77:59:cb:8c:45:50:f5:7d:9e:04:96:88:19:89:53:82:f8:8e:
         01:e6:9c:e0
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUfVWLq2xOMBS2IuNYp4PtiI69lUMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQ0QyOEEwMDAwMTEwLwYDVQQFEyg5N0VCRjM0OEYz
NzZCODY3RkM3NkIyQjJCOTEwNzhDM0RENDk0ODgzMB4XDTI1MDExNDAwMDAwMFoX
DTI1MDIxODIzNTk1OVowejFJMEcGA1UEBRNAZjcwNTAwZWY0YzcyNTY2YWRhYTcz
YWE0ODA1NDZlOGFhZDNlZjI3YmUyYWM2N2Q2NWU3YWE5ZWIzZDUwYjZmMDEtMCsG
A1UEAxMkNDI1N2U5MjUtNzE1Zi00N2EyLTg5M2UtMGUzZjk3ZWM3ZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqjYD2dVLjnu4kWDlW+roDnRpy+Qe
u1Dud0vpNIhoyHrUPcoi3Wt9G4g8f4II7l46wQ6TbQ5I37+IuxIRKuTOV4sIgFSc
JZLTj5hcnCEs8HIPvR6LeHKpOQCyR9WLfcz/0BS159r87B1YqvqrlX7p/dHbk5kq
5ecc73Kb/04oGYb4hRiDl2aHH0o00LZ/I9Wpv9DW3zik5/QEd+T/a7CzegS5l6Yl
RGbrW3mOdW44sXR9lfbbksFy60wgVAAf3a9DOoJNn0dTiNhvxld/3vRVc74bZKkf
+nvySnKUY0CqqaOQ5lH/A8lQhoKR2X1105Ltxcau1H3qlVG7hM4r+F8bQQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFGYYAPTbIulaZ9BjOdPDrF7Qef/qMB8GA1UdIwQY
MBaAFJfr80jzdrhn/HaysrkQeMPdSUiDMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9sLXZ6U1BO
MnVHZjhkckt5dVJCNHc5MUpTSU0uY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYzNjZDdjMjQtMTJjYi00YWJjLThmZDItNWUyYmNiYjg1YWU2
LzBmZWVkZDE4LTJiNzEtNDhkNS1hMmVlLTA3Y2E5MGI0ZDIwMy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9jM2NkN2MyNC0xMmNiLTRhYmMtOGZkMi01ZTJi
Y2JiODVhZTYvOTBjYTkwYTktYTEwYS00NGU3LTgyYjktMTM2NTc0NmJhNTVlLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYCJA+AFAgwDQYJKoZIhvcNAQELBQADggEBADl/7KwQ9+ZBnef6O/Kl
9GdPB1nYYndJDvpMnugDz16Ka+7TlKXumuoT71OhcO89Wu93XF/28i46m9ELOVKt
ED4fvUF+cNIBK4pgHQz2jTiFMwUVkeqnXGkPuTfHdrmswNpe5XS/H0jD9gIEWbK+
EKgoTd/0lOjK0pYNbXQHbPnfUWg2lxxHIAo0YYPvkiTiFRvKVUBccGv7lmiMjk3R
bEEkDUZbW9OgKjoX7e+NU3yhd97Wi2rc8lA//yWdyXT56a0QV+NnzhpGeUaK+Y6e
vfYPCDUrpSK+aklidPTSIDa8mSiICGmabk8a2XdZy4xFUPV9ngSWiBmJU4L4jgHm
nOA=
-----END CERTIFICATE-----