Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/8bf311e9-d27f-46fa-8f05-2ed6b176b5b9.roa
File:                     8bf311e9-d27f-46fa-8f05-2ed6b176b5b9.roa (raw, json)
Hash identifier:          qIKgzEhb0U3kBS1ci7jeaql7MLKqV3P6gUxeJkce4os=
Subject key identifier:   8B:96:54:78:4A:C9:6B:D0:4D:81:D4:75:CC:4A:8D:2F:A2:7E:77:90
Certificate issuer:       /CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
Certificate serial:       24195B17127C8BE44A4CB7D9F88C495261CE15E0
Authority key identifier: 97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/8bf311e9-d27f-46fa-8f05-2ed6b176b5b9.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        240f:8014:400::/38 maxlen: 38
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:19:5b:17:12:7c:8b:e4:4a:4c:b7:d9:f8:8c:49:52:61:ce:15:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: serialNumber=b14b9f6b5f23d67f39e41ed6d8cede282137083e37a7ddde8d19f97db3395b5c, CN=4257e925-715f-47a2-893e-0e3f97ec7e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:52:fa:47:00:10:ed:ab:95:9a:3c:27:3a:fd:
                    76:7a:28:03:b7:76:86:6b:ec:bd:fd:02:7e:fd:a0:
                    5a:79:60:c7:3a:60:ea:72:23:5d:a7:e7:63:1f:11:
                    cd:2a:1a:eb:a8:2d:4a:bf:2f:c7:0c:e1:04:66:76:
                    15:a4:53:12:fe:c9:9a:43:97:1c:e5:c1:05:f1:87:
                    aa:07:39:1d:f1:3a:6c:58:7f:09:2b:b3:cb:fe:82:
                    a3:83:88:8c:bc:78:e9:ca:37:95:01:9a:d1:d3:25:
                    07:84:ce:81:10:ca:ca:61:9b:eb:12:3d:f6:b0:71:
                    e8:12:53:7c:ac:c8:98:f0:e9:c1:2f:a8:ab:03:f6:
                    77:fd:9e:5c:25:0a:77:04:b2:a8:79:5f:b6:88:ba:
                    12:7a:4b:e9:f4:37:42:c3:22:ea:0e:19:2b:e0:e1:
                    53:db:75:24:08:0a:02:d3:af:0d:72:d4:05:b2:6b:
                    a7:7d:76:82:6b:7b:3a:1a:8d:66:38:c2:2a:89:5e:
                    1e:f0:91:52:47:2d:9f:fa:94:a0:97:74:fa:6c:5c:
                    4c:4f:85:12:e7:62:ec:99:e9:d8:52:f1:6a:5e:2b:
                    0a:00:03:7e:d5:5f:71:d6:3a:5d:15:72:f7:a2:31:
                    1a:0d:92:55:1e:50:cd:f0:c7:48:37:69:54:06:42:
                    bf:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:96:54:78:4A:C9:6B:D0:4D:81:D4:75:CC:4A:8D:2F:A2:7E:77:90
            X509v3 Authority Key Identifier:
                keyid:97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/8bf311e9-d27f-46fa-8f05-2ed6b176b5b9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240f:8014:400::/38

    Signature Algorithm: sha256WithRSAEncryption
         12:ab:8e:51:27:5e:65:40:48:d8:df:c8:00:f0:c6:ce:b7:6b:
         81:06:92:7c:b8:7a:d2:0c:ba:5c:be:4f:07:9b:5a:99:75:de:
         82:9a:54:50:5c:6f:80:1b:ff:d7:7f:bc:e8:f8:8f:ff:fe:68:
         b5:31:e5:ef:e4:6f:3f:b3:d4:dd:24:c3:0f:04:0b:ea:4c:fa:
         23:db:4a:ff:72:0b:c6:56:5b:af:70:ba:e8:16:93:85:0e:5e:
         fb:bf:eb:ae:16:63:20:68:55:6f:4b:8e:b0:b5:5a:e2:aa:30:
         76:48:5a:55:47:83:45:a5:68:02:2d:46:ad:38:ab:a0:ea:f3:
         45:02:d5:a2:71:b8:18:e4:23:53:8c:ea:3c:63:b3:99:df:5a:
         d5:38:a1:4a:6a:d6:f1:fb:bf:c2:5c:c8:22:cb:78:e1:24:98:
         48:0a:83:81:4f:79:da:63:85:8f:ad:91:08:1c:8d:82:a7:c1:
         9e:09:03:f8:1e:2f:37:dc:12:83:1e:21:3e:cc:17:7c:f0:83:
         b6:7e:bc:64:ae:d4:be:a4:f0:5a:f6:10:36:04:63:c4:5e:6f:
         48:13:ac:86:cc:0f:7e:e9:1e:c4:a2:19:e3:01:b5:34:75:b7:
         04:8b:a6:41:f8:98:fa:c0:c1:5f:46:5a:ad:20:0c:cb:cd:a5:
         df:3b:a5:5c
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUJBlbFxJ8i+RKTLfZ+IxJUmHOFeAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQ0QyOEEwMDAwMTEwLwYDVQQFEyg5N0VCRjM0OEYz
NzZCODY3RkM3NkIyQjJCOTEwNzhDM0RENDk0ODgzMB4XDTI1MDExNDAwMDAwMFoX
DTI1MDIxODIzNTk1OVowejFJMEcGA1UEBRNAYjE0YjlmNmI1ZjIzZDY3ZjM5ZTQx
ZWQ2ZDhjZWRlMjgyMTM3MDgzZTM3YTdkZGRlOGQxOWY5N2RiMzM5NWI1YzEtMCsG
A1UEAxMkNDI1N2U5MjUtNzE1Zi00N2EyLTg5M2UtMGUzZjk3ZWM3ZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt1L6RwAQ7auVmjwnOv12eigDt3aG
a+y9/QJ+/aBaeWDHOmDqciNdp+djHxHNKhrrqC1Kvy/HDOEEZnYVpFMS/smaQ5cc
5cEF8YeqBzkd8TpsWH8JK7PL/oKjg4iMvHjpyjeVAZrR0yUHhM6BEMrKYZvrEj32
sHHoElN8rMiY8OnBL6irA/Z3/Z5cJQp3BLKoeV+2iLoSekvp9DdCwyLqDhkr4OFT
23UkCAoC068NctQFsmunfXaCa3s6Go1mOMIqiV4e8JFSRy2f+pSgl3T6bFxMT4US
52LsmenYUvFqXisKAAN+1V9x1jpdFXL3ojEaDZJVHlDN8MdIN2lUBkK/BQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFIuWVHhKyWvQTYHUdcxKjS+ifneQMB8GA1UdIwQY
MBaAFJfr80jzdrhn/HaysrkQeMPdSUiDMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9sLXZ6U1BO
MnVHZjhkckt5dVJCNHc5MUpTSU0uY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYzNjZDdjMjQtMTJjYi00YWJjLThmZDItNWUyYmNiYjg1YWU2
LzhiZjMxMWU5LWQyN2YtNDZmYS04ZjA1LTJlZDZiMTc2YjViOS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9jM2NkN2MyNC0xMmNiLTRhYmMtOGZkMi01ZTJi
Y2JiODVhZTYvOTBjYTkwYTktYTEwYS00NGU3LTgyYjktMTM2NTc0NmJhNTVlLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYCJA+AFAQwDQYJKoZIhvcNAQELBQADggEBABKrjlEnXmVASNjfyADw
xs63a4EGkny4etIMuly+TwebWpl13oKaVFBcb4Ab/9d/vOj4j//+aLUx5e/kbz+z
1N0kww8EC+pM+iPbSv9yC8ZWW69wuugWk4UOXvu/664WYyBoVW9LjrC1WuKqMHZI
WlVHg0WlaAItRq04q6Dq80UC1aJxuBjkI1OM6jxjs5nfWtU4oUpq1vH7v8JcyCLL
eOEkmEgKg4FPedpjhY+tkQgcjYKnwZ4JA/geLzfcEoMeIT7MF3zwg7Z+vGSu1L6k
8Fr2EDYEY8Reb0gTrIbMD37pHsSiGeMBtTR1twSLpkH4mPrAwV9GWq0gDMvNpd87
pVw=
-----END CERTIFICATE-----