Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/977f90e2-d257-4dde-9740-b0391458d8ed.roa
File:                     977f90e2-d257-4dde-9740-b0391458d8ed.roa (raw, json)
Hash identifier:          hd0yQUnDdyxEqsQpWl3dYzcfmeAfgounRxgbqpn+O8s=
Subject key identifier:   23:52:03:3D:0C:63:55:CD:9A:A5:B8:55:A6:BE:63:2F:71:7F:A7:6D
Certificate issuer:       /CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
Certificate serial:       202B51FE093A33B3E59CAA5B21B9CCCDD925A126
Authority key identifier: 97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/977f90e2-d257-4dde-9740-b0391458d8ed.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        240f:8000::/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:2b:51:fe:09:3a:33:b3:e5:9c:aa:5b:21:b9:cc:cd:d9:25:a1:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: serialNumber=68b9f30d576317960199e0a0ccb7b1f36d1a9a570950aabd5ce828f873ba421c, CN=4257e925-715f-47a2-893e-0e3f97ec7e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:4d:b8:26:78:4d:7a:59:c5:53:9b:ba:59:6e:
                    e5:ea:d1:a6:4e:1c:71:27:2c:d5:79:75:dd:d2:df:
                    49:a4:ce:3e:9a:1a:e9:35:36:a2:a0:ab:2d:90:84:
                    c5:02:54:b7:46:2a:ce:8a:a9:f7:37:d5:47:9c:f7:
                    2e:72:8d:a1:be:78:1f:dd:17:55:63:f2:d1:44:4b:
                    86:c7:8b:a3:2d:31:27:0e:3b:c9:8a:e2:4d:53:1f:
                    76:cb:e4:0d:c5:d7:b4:0c:1f:59:24:97:cd:bb:0d:
                    3b:cf:2c:a5:5f:ca:83:03:ea:00:64:28:ea:27:df:
                    55:ae:e6:e8:0b:08:5b:de:5b:6f:98:d8:4c:86:1c:
                    fd:2a:94:c7:10:cb:09:9e:bd:bb:8f:ae:cb:66:3c:
                    63:e3:51:16:a0:82:84:da:93:32:c6:c6:f3:46:a7:
                    7f:c7:f2:33:33:f3:09:9b:c4:6e:e5:bf:3e:29:0a:
                    1c:af:75:a2:56:c0:4a:c9:85:a5:ae:f5:de:c3:df:
                    b0:25:80:2e:45:00:f3:6f:e4:e5:f2:5c:7d:f5:d9:
                    a1:19:27:31:a8:fb:c0:ea:29:31:f2:e1:76:9c:80:
                    ce:25:dc:1b:1c:84:ad:76:79:c7:20:a6:e4:67:e6:
                    f0:92:5c:4d:84:5e:dc:b8:ec:4c:68:02:9c:61:81:
                    c6:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:52:03:3D:0C:63:55:CD:9A:A5:B8:55:A6:BE:63:2F:71:7F:A7:6D
            X509v3 Authority Key Identifier:
                keyid:97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/977f90e2-d257-4dde-9740-b0391458d8ed.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240f:8000::/24

    Signature Algorithm: sha256WithRSAEncryption
         68:ad:79:a2:d6:25:a3:9b:5d:70:e3:9b:e9:2c:f5:42:04:e5:
         42:79:1e:6b:0d:d0:7e:d0:f8:75:45:ed:b5:12:84:36:a8:f8:
         ac:78:ce:0d:0c:70:77:37:3d:6e:18:44:9e:f6:8b:e0:d0:25:
         df:13:5a:48:25:9a:f0:bd:91:5b:24:4b:9b:71:d8:ff:b0:4b:
         dd:66:9b:c9:a8:b2:86:1c:e9:91:fe:25:df:35:cb:10:fc:33:
         3e:69:83:fe:f1:19:c0:00:eb:37:ae:b3:31:55:ed:ab:ff:80:
         71:9f:7a:f3:88:e8:4c:0e:07:40:dd:d5:8f:72:e7:eb:93:bd:
         52:89:09:20:41:b4:b4:5f:cb:36:e9:87:17:3e:0f:a5:00:8e:
         65:88:f7:b3:14:64:f0:ec:ff:91:3b:6a:01:fb:09:e9:7a:c6:
         10:8d:11:38:34:1f:51:2b:da:a4:a3:86:e9:f3:07:bd:07:fc:
         14:df:51:12:ab:fc:db:a5:b4:d7:ce:33:6c:24:b5:f9:dd:57:
         aa:8b:c5:52:af:3d:f4:e3:3a:74:bf:3a:df:7b:a3:da:57:4c:
         0c:8d:6e:5b:3f:05:b0:93:4b:47:99:e5:1b:b7:14:73:cf:4b:
         18:55:db:2c:b3:34:5e:47:a5:5e:93:c8:c0:b7:3e:f6:1f:af:
         5b:ab:40:f4
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUICtR/gk6M7PlnKpbIbnMzdkloSYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQ0QyOEEwMDAwMTEwLwYDVQQFEyg5N0VCRjM0OEYz
NzZCODY3RkM3NkIyQjJCOTEwNzhDM0RENDk0ODgzMB4XDTI1MDExNDAwMDAwMFoX
DTI1MDIxODIzNTk1OVowejFJMEcGA1UEBRNANjhiOWYzMGQ1NzYzMTc5NjAxOTll
MGEwY2NiN2IxZjM2ZDFhOWE1NzA5NTBhYWJkNWNlODI4Zjg3M2JhNDIxYzEtMCsG
A1UEAxMkNDI1N2U5MjUtNzE1Zi00N2EyLTg5M2UtMGUzZjk3ZWM3ZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApU24JnhNelnFU5u6WW7l6tGmThxx
JyzVeXXd0t9JpM4+mhrpNTaioKstkITFAlS3RirOiqn3N9VHnPcuco2hvngf3RdV
Y/LRREuGx4ujLTEnDjvJiuJNUx92y+QNxde0DB9ZJJfNuw07zyylX8qDA+oAZCjq
J99VruboCwhb3ltvmNhMhhz9KpTHEMsJnr27j67LZjxj41EWoIKE2pMyxsbzRqd/
x/IzM/MJm8Ru5b8+KQocr3WiVsBKyYWlrvXew9+wJYAuRQDzb+Tl8lx99dmhGScx
qPvA6ikx8uF2nIDOJdwbHIStdnnHIKbkZ+bwklxNhF7cuOxMaAKcYYHGWQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFCNSAz0MY1XNmqW4Vaa+Yy9xf6dtMB8GA1UdIwQY
MBaAFJfr80jzdrhn/HaysrkQeMPdSUiDMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9sLXZ6U1BO
MnVHZjhkckt5dVJCNHc5MUpTSU0uY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYzNjZDdjMjQtMTJjYi00YWJjLThmZDItNWUyYmNiYjg1YWU2
Lzk3N2Y5MGUyLWQyNTctNGRkZS05NzQwLWIwMzkxNDU4ZDhlZC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9jM2NkN2MyNC0xMmNiLTRhYmMtOGZkMi01ZTJi
Y2JiODVhZTYvOTBjYTkwYTktYTEwYS00NGU3LTgyYjktMTM2NTc0NmJhNTVlLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAAjAGAwQAJA+AMA0GCSqGSIb3DQEBCwUAA4IBAQBorXmi1iWjm11w45vpLPVC
BOVCeR5rDdB+0Ph1Re21EoQ2qPiseM4NDHB3Nz1uGESe9ovg0CXfE1pIJZrwvZFb
JEubcdj/sEvdZpvJqLKGHOmR/iXfNcsQ/DM+aYP+8RnAAOs3rrMxVe2r/4Bxn3rz
iOhMDgdA3dWPcufrk71SiQkgQbS0X8s26YcXPg+lAI5liPezFGTw7P+RO2oB+wnp
esYQjRE4NB9RK9qko4bp8we9B/wU31ESq/zbpbTXzjNsJLX53Veqi8VSrz304zp0
vzrfe6PaV0wMjW5bPwWwk0tHmeUbtxRzz0sYVdssszReR6Vek8jAtz72H69bq0D0
-----END CERTIFICATE-----