Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/2720640e-9111-44dd-a0b8-a005f04956a0.roa
File:                     2720640e-9111-44dd-a0b8-a005f04956a0.roa (raw, json)
Hash identifier:          OCmZO0Wv/Lnfh61C7PGrfKhaGuPQFqp8n8GHvfni2OY=
Subject key identifier:   DA:88:89:AF:0E:94:2F:A4:05:E6:67:77:3E:EA:95:C2:1F:4D:95:A5
Certificate issuer:       /CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
Certificate serial:       1425DAD14273F39E76FB1E96D94AD94366B8A169
Authority key identifier: 97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/2720640e-9111-44dd-a0b8-a005f04956a0.roa
Signing time:             Sat 11 Jan 2025 00:00:00 +0000
ROA not before:           Sat 11 Jan 2025 00:00:00 +0000
ROA not after:            Sat 15 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        240f:80a0:8000::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:25:da:d1:42:73:f3:9e:76:fb:1e:96:d9:4a:d9:43:66:b8:a1:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
        Validity
            Not Before: Jan 11 00:00:00 2025 GMT
            Not After : Feb 15 23:59:59 2025 GMT
        Subject: serialNumber=465bda7b507bdb5b3530c7f443ed56911bb1b8f303b831300bea4d13c6c8f265, CN=4257e925-715f-47a2-893e-0e3f97ec7e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:5c:c8:7f:88:4a:ff:21:92:c3:13:dd:11:63:
                    ab:c7:97:68:17:8c:e1:ca:a8:3c:e2:90:80:3e:3d:
                    a2:f5:72:ad:c8:e7:91:3b:51:cb:68:18:b5:65:3c:
                    d2:db:10:45:13:10:53:10:9a:a8:0a:09:24:06:1d:
                    3a:b7:af:4f:26:dc:00:07:5b:90:3a:fc:16:e7:58:
                    23:10:4c:34:75:a5:d0:73:16:f4:bc:a5:28:27:7c:
                    7a:e8:ea:64:8c:a6:42:1c:a9:a0:79:a4:1e:4b:91:
                    81:26:7e:39:55:1a:d3:70:4f:0c:4c:5a:bd:fa:7d:
                    91:90:9a:9f:43:fc:44:38:7b:73:75:b4:74:6e:38:
                    e8:d1:4c:26:66:7d:2b:d9:9a:d3:c2:53:b9:02:a9:
                    78:d4:2a:19:b8:74:d3:44:b3:c7:48:53:dc:67:08:
                    32:b4:82:4b:e1:10:16:6e:54:6c:be:fe:b9:90:b3:
                    d7:9c:24:d2:ac:8f:47:c7:3b:5f:ad:74:bf:5c:9c:
                    95:b7:25:0b:ce:af:3f:b7:a6:2b:8f:b8:56:11:e3:
                    12:d3:8a:d7:11:7a:53:40:25:aa:fa:0c:77:42:e4:
                    ef:69:66:1f:14:62:0f:1d:5e:d2:68:90:2b:e1:72:
                    ec:43:ba:1d:c5:56:b4:16:57:a9:e1:8d:a1:9a:04:
                    c1:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:88:89:AF:0E:94:2F:A4:05:E6:67:77:3E:EA:95:C2:1F:4D:95:A5
            X509v3 Authority Key Identifier:
                keyid:97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/2720640e-9111-44dd-a0b8-a005f04956a0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240f:80a0:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         3f:14:c8:59:94:8c:30:c3:f6:1e:ec:85:ba:8f:b2:45:5a:7f:
         6c:aa:27:f8:2a:9c:23:da:ff:41:35:79:fa:f3:df:b9:cd:e0:
         9b:ac:7d:8f:7d:dc:d7:42:15:11:67:7f:86:78:c6:d3:b4:6c:
         79:0a:e6:cb:d4:7d:c1:8b:ee:85:cf:07:ea:69:50:b8:51:71:
         c4:fa:4d:9a:e4:39:d1:df:62:c5:d7:91:c1:95:39:26:5f:70:
         db:28:a0:cf:12:99:d5:d1:4d:2d:df:3c:d2:ef:23:e1:c9:3a:
         d3:8b:3f:4f:44:0d:ea:5b:ce:97:f9:9a:db:8c:43:ea:47:20:
         38:ce:cb:79:8a:f6:f4:97:42:43:04:92:23:df:db:72:7a:c8:
         62:22:75:d8:5b:27:9e:24:92:1e:c3:59:88:de:d1:4c:3e:40:
         c3:bc:14:c9:49:d9:4b:c5:e1:82:c0:58:75:21:89:32:57:0f:
         dc:9d:3e:f1:8e:8f:52:6f:bc:0f:db:ea:d6:ea:6b:20:a5:1e:
         fc:77:99:f8:9a:2a:78:64:91:27:26:65:f9:54:94:76:f0:d4:
         03:45:7e:e5:88:08:01:e2:dd:8d:3a:31:8d:b8:ad:47:a1:67:
         23:8b:7b:55:c0:01:2c:c1:ed:31:4d:1e:ce:8b:d3:e7:99:c2:
         f9:f5:16:77
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUFCXa0UJz8552+x6W2UrZQ2a4oWkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQ0QyOEEwMDAwMTEwLwYDVQQFEyg5N0VCRjM0OEYz
NzZCODY3RkM3NkIyQjJCOTEwNzhDM0RENDk0ODgzMB4XDTI1MDExMTAwMDAwMFoX
DTI1MDIxNTIzNTk1OVowejFJMEcGA1UEBRNANDY1YmRhN2I1MDdiZGI1YjM1MzBj
N2Y0NDNlZDU2OTExYmIxYjhmMzAzYjgzMTMwMGJlYTRkMTNjNmM4ZjI2NTEtMCsG
A1UEAxMkNDI1N2U5MjUtNzE1Zi00N2EyLTg5M2UtMGUzZjk3ZWM3ZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2FzIf4hK/yGSwxPdEWOrx5doF4zh
yqg84pCAPj2i9XKtyOeRO1HLaBi1ZTzS2xBFExBTEJqoCgkkBh06t69PJtwAB1uQ
OvwW51gjEEw0daXQcxb0vKUoJ3x66OpkjKZCHKmgeaQeS5GBJn45VRrTcE8MTFq9
+n2RkJqfQ/xEOHtzdbR0bjjo0UwmZn0r2ZrTwlO5Aql41CoZuHTTRLPHSFPcZwgy
tIJL4RAWblRsvv65kLPXnCTSrI9HxztfrXS/XJyVtyULzq8/t6Yrj7hWEeMS04rX
EXpTQCWq+gx3QuTvaWYfFGIPHV7SaJAr4XLsQ7odxVa0Flep4Y2hmgTB4wIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFNqIia8OlC+kBeZndz7qlcIfTZWlMB8GA1UdIwQY
MBaAFJfr80jzdrhn/HaysrkQeMPdSUiDMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9sLXZ6U1BO
MnVHZjhkckt5dVJCNHc5MUpTSU0uY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYzNjZDdjMjQtMTJjYi00YWJjLThmZDItNWUyYmNiYjg1YWU2
LzI3MjA2NDBlLTkxMTEtNDRkZC1hMGI4LWEwMDVmMDQ5NTZhMC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9jM2NkN2MyNC0xMmNiLTRhYmMtOGZkMi01ZTJi
Y2JiODVhZTYvOTBjYTkwYTktYTEwYS00NGU3LTgyYjktMTM2NTc0NmJhNTVlLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJA+AoIAwDQYJKoZIhvcNAQELBQADggEBAD8UyFmUjDDD9h7shbqP
skVaf2yqJ/gqnCPa/0E1efrz37nN4JusfY993NdCFRFnf4Z4xtO0bHkK5svUfcGL
7oXPB+ppULhRccT6TZrkOdHfYsXXkcGVOSZfcNsooM8SmdXRTS3fPNLvI+HJOtOL
P09EDepbzpf5mtuMQ+pHIDjOy3mK9vSXQkMEkiPf23J6yGIiddhbJ54kkh7DWYje
0Uw+QMO8FMlJ2UvF4YLAWHUhiTJXD9ydPvGOj1JvvA/b6tbqayClHvx3mfiaKnhk
kScmZflUlHbw1ANFfuWICAHi3Y06MY24rUehZyOLe1XAASzB7TFNHs6L0+eZwvn1
Fnc=
-----END CERTIFICATE-----