Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/2247f34f-e5b1-423c-ac0f-7142ad86bd9b.roa
File:                     2247f34f-e5b1-423c-ac0f-7142ad86bd9b.roa (raw, json)
Hash identifier:          kqxiD92dLzVWRzeM9qbByOLlAIlq3vAfRIcMloMGk+c=
Subject key identifier:   16:10:32:6D:20:AF:EF:2E:7B:E8:89:DD:C6:83:A8:43:55:13:B3:CB
Certificate issuer:       /CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
Certificate serial:       29C5529A7CC5E00BC5B205C8ED6E0ED60AF301FD
Authority key identifier: 97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/2247f34f-e5b1-423c-ac0f-7142ad86bd9b.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        240f:80f9:8000::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:c5:52:9a:7c:c5:e0:0b:c5:b2:05:c8:ed:6e:0e:d6:0a:f3:01:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=97ca7f962132fcca4fa3c93c2377f4bba23546543ebf285d025e77239c2937f5, CN=4257e925-715f-47a2-893e-0e3f97ec7e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:b6:4b:4c:db:1e:22:b6:14:80:3f:0b:a6:75:
                    be:c0:78:87:a4:5b:f3:73:5f:d8:a6:27:51:78:8f:
                    22:ac:61:e1:9b:cd:e4:9d:7b:73:27:29:19:80:e5:
                    e1:da:f7:02:71:32:5c:f7:65:c4:0c:29:8f:13:1e:
                    dc:67:50:83:b4:e4:c3:4d:5b:01:70:3b:63:a2:7a:
                    34:b5:83:d2:dd:d1:53:15:25:66:13:6e:f7:23:16:
                    9b:4f:a5:7e:cb:1e:7b:7e:c8:eb:e2:5b:c3:1d:c7:
                    9a:d0:e1:53:29:64:63:07:a6:d6:4d:80:12:45:8c:
                    b4:59:08:9d:81:7e:a5:ac:bc:26:2e:48:19:4c:c5:
                    74:fb:6d:d6:5e:18:a7:84:e9:ed:e1:c0:5c:0f:7f:
                    12:89:de:a1:35:68:23:74:ec:31:c7:24:3f:c0:dd:
                    1c:e7:e9:3e:2d:7f:34:e4:ee:83:f2:d3:b1:a1:c3:
                    a7:a9:5f:b0:ae:7b:b4:62:a0:4e:f0:90:75:63:c3:
                    9b:05:66:05:45:57:7a:6e:88:24:44:00:fe:b8:5e:
                    e5:8f:b7:05:46:95:16:0a:b5:e9:65:bd:a7:2e:0d:
                    68:17:62:13:78:c4:23:b1:c4:08:2c:15:cd:e9:5e:
                    a4:9e:97:c1:0e:ab:a1:c5:6e:18:a8:52:53:59:34:
                    4d:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:10:32:6D:20:AF:EF:2E:7B:E8:89:DD:C6:83:A8:43:55:13:B3:CB
            X509v3 Authority Key Identifier:
                keyid:97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/2247f34f-e5b1-423c-ac0f-7142ad86bd9b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240f:80f9:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         b7:53:bc:c9:48:39:f8:ae:a7:8d:73:03:07:e8:13:d5:45:63:
         59:d2:2f:a0:f4:06:c3:6f:7c:9c:bb:a3:34:d0:9d:d4:d2:cb:
         24:23:d8:c0:d8:09:b1:26:12:69:4a:b5:8b:2d:33:9c:16:75:
         79:98:6a:b1:21:a8:08:8a:c4:f9:d2:5a:8e:62:c4:af:92:08:
         51:99:b9:f0:ec:f6:98:35:97:ba:77:54:eb:d8:9e:8a:58:f8:
         8f:bf:42:69:df:7c:d2:8f:4e:83:da:5d:a3:6b:49:d8:ec:de:
         d0:11:2e:f9:4b:ff:26:81:c6:a3:49:04:c8:ba:d3:57:be:97:
         de:e2:de:ec:c7:96:bb:29:f2:02:be:75:f5:37:0c:58:9d:77:
         39:f0:3e:c8:56:10:d6:34:f4:06:80:06:0a:62:db:d1:f2:10:
         a3:1a:8b:0c:1d:04:f1:e7:26:98:b3:92:06:99:93:da:57:3e:
         64:6d:9d:7c:d2:23:7e:25:93:1b:24:64:b3:93:b5:60:6e:8d:
         cb:b4:29:70:46:a5:a3:26:c0:68:e7:96:1b:d9:c7:1b:fb:3b:
         d9:0c:0a:ea:9a:73:a8:18:cc:dd:41:92:88:7c:94:4d:56:96:
         14:80:1e:b6:e9:75:89:fd:c9:ca:f5:4f:1c:04:f6:9b:b2:09:
         7c:e2:06:f4
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUKcVSmnzF4AvFsgXI7W4O1grzAf0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQ0QyOEEwMDAwMTEwLwYDVQQFEyg5N0VCRjM0OEYz
NzZCODY3RkM3NkIyQjJCOTEwNzhDM0RENDk0ODgzMB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNAOTdjYTdmOTYyMTMyZmNjYTRmYTNj
OTNjMjM3N2Y0YmJhMjM1NDY1NDNlYmYyODVkMDI1ZTc3MjM5YzI5MzdmNTEtMCsG
A1UEAxMkNDI1N2U5MjUtNzE1Zi00N2EyLTg5M2UtMGUzZjk3ZWM3ZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApbZLTNseIrYUgD8LpnW+wHiHpFvz
c1/YpidReI8irGHhm83knXtzJykZgOXh2vcCcTJc92XEDCmPEx7cZ1CDtOTDTVsB
cDtjono0tYPS3dFTFSVmE273IxabT6V+yx57fsjr4lvDHcea0OFTKWRjB6bWTYAS
RYy0WQidgX6lrLwmLkgZTMV0+23WXhinhOnt4cBcD38Sid6hNWgjdOwxxyQ/wN0c
5+k+LX805O6D8tOxocOnqV+wrnu0YqBO8JB1Y8ObBWYFRVd6bogkRAD+uF7lj7cF
RpUWCrXpZb2nLg1oF2ITeMQjscQILBXN6V6knpfBDquhxW4YqFJTWTRNSwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFBYQMm0gr+8ue+iJ3caDqENVE7PLMB8GA1UdIwQY
MBaAFJfr80jzdrhn/HaysrkQeMPdSUiDMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9sLXZ6U1BO
MnVHZjhkckt5dVJCNHc5MUpTSU0uY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYzNjZDdjMjQtMTJjYi00YWJjLThmZDItNWUyYmNiYjg1YWU2
LzIyNDdmMzRmLWU1YjEtNDIzYy1hYzBmLTcxNDJhZDg2YmQ5Yi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9jM2NkN2MyNC0xMmNiLTRhYmMtOGZkMi01ZTJi
Y2JiODVhZTYvOTBjYTkwYTktYTEwYS00NGU3LTgyYjktMTM2NTc0NmJhNTVlLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJA+A+YAwDQYJKoZIhvcNAQELBQADggEBALdTvMlIOfiup41zAwfo
E9VFY1nSL6D0BsNvfJy7ozTQndTSyyQj2MDYCbEmEmlKtYstM5wWdXmYarEhqAiK
xPnSWo5ixK+SCFGZufDs9pg1l7p3VOvYnopY+I+/QmnffNKPToPaXaNrSdjs3tAR
LvlL/yaBxqNJBMi601e+l97i3uzHlrsp8gK+dfU3DFiddznwPshWENY09AaABgpi
29HyEKMaiwwdBPHnJpizkgaZk9pXPmRtnXzSI34lkxskZLOTtWBujcu0KXBGpaMm
wGjnlhvZxxv7O9kMCuqac6gYzN1Bkoh8lE1WlhSAHrbpdYn9ycr1TxwE9puyCXzi
BvQ=
-----END CERTIFICATE-----