Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/a3f80673-8b1b-4af1-ae60-e74663f3df69.roa
File:                     a3f80673-8b1b-4af1-ae60-e74663f3df69.roa (raw, json)
Hash identifier:          q2hyae67pE9955YfA5+RmhebfWt3rOr9hjM3UYGtdhs=
Subject key identifier:   4C:A0:FD:2D:01:99:C7:0A:2E:32:64:29:14:59:36:4A:41:F5:7F:95
Certificate issuer:       /CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
Certificate serial:       6C3A06A10DB3237A25331C46202612516212B9E0
Authority key identifier: 97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/a3f80673-8b1b-4af1-ae60-e74663f3df69.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        240f:8000:4000::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:3a:06:a1:0d:b3:23:7a:25:33:1c:46:20:26:12:51:62:12:b9:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: serialNumber=e952dd462bbdd9d00d4b20762fed5c9e52300e49264e85fd8ec6dd984f137450, CN=4257e925-715f-47a2-893e-0e3f97ec7e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:18:b4:71:87:28:92:55:7e:b8:55:ee:28:c0:
                    11:a7:4d:a3:35:b9:5a:04:3b:1e:89:53:6c:60:6d:
                    64:72:b1:a4:f3:28:33:3e:1a:50:6f:86:7f:7e:d7:
                    9e:e2:54:2b:39:84:e6:23:56:d7:be:d7:42:57:c8:
                    b8:fe:40:af:f0:17:5b:3c:a7:55:02:d4:b2:e9:b7:
                    3e:84:79:e0:7b:1b:0b:e3:70:0c:0a:43:41:05:db:
                    95:a8:24:67:fd:f4:fe:4b:9b:5c:0e:9f:59:1d:10:
                    80:ab:27:1a:70:52:6b:52:48:a4:bb:30:d5:c2:55:
                    25:1f:7c:3d:22:eb:f2:cf:79:9d:62:f1:e1:75:8c:
                    97:f8:d8:63:44:7f:be:8f:46:88:02:3e:10:fc:da:
                    6a:ae:69:80:c9:4e:0f:d5:aa:a9:ed:77:1b:e9:8f:
                    cb:90:67:07:92:bb:76:fb:e6:b0:79:29:1d:0f:74:
                    b6:00:cb:2d:f3:20:6a:9d:cf:b7:d5:30:32:2b:71:
                    ae:9e:49:72:a2:61:b1:00:98:9a:bf:ec:22:41:3f:
                    dd:76:15:97:fb:2d:72:e3:f7:2e:ef:24:8f:5f:89:
                    9c:93:eb:e3:6e:b2:21:10:9f:bc:3c:a0:71:fc:77:
                    3a:7b:e9:e0:8a:5c:27:bf:be:03:0a:fa:69:c9:57:
                    ff:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:A0:FD:2D:01:99:C7:0A:2E:32:64:29:14:59:36:4A:41:F5:7F:95
            X509v3 Authority Key Identifier:
                keyid:97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/a3f80673-8b1b-4af1-ae60-e74663f3df69.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240f:8000:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         26:d5:50:7a:e2:4b:d6:b7:96:c2:bc:fb:a1:72:9e:e4:53:c0:
         af:ec:2b:be:52:a5:68:6d:51:02:4c:34:57:22:40:26:a3:36:
         f8:7f:fb:02:b1:5d:68:9e:67:b9:3b:7f:cc:97:f6:b7:ef:7d:
         c6:cc:5e:d9:57:a9:32:3f:81:01:39:f5:a9:b5:fd:67:02:20:
         17:27:b5:05:49:97:fc:ba:6d:e1:1d:05:5d:a9:4c:dc:58:46:
         bf:d9:77:3f:ca:aa:68:4d:1e:5b:08:3d:af:d1:ab:0a:f2:ec:
         52:88:f0:26:bd:f9:c7:85:ad:d5:6b:d3:dd:bb:41:5f:5d:77:
         25:83:13:21:52:df:ac:f7:6d:ff:d9:35:f0:82:86:5b:1b:7c:
         14:16:5a:76:09:2c:28:41:41:2e:b4:65:a7:16:f3:21:5e:29:
         f1:43:56:7d:f5:05:d1:17:6e:e9:54:47:a3:6b:aa:58:25:c7:
         e7:f2:d4:0e:59:87:46:d0:24:ce:fc:9c:ec:bd:e0:8d:55:6d:
         fa:f8:43:8c:42:20:b5:7a:e5:7f:28:d6:c0:10:33:7a:d9:c6:
         29:25:79:9d:b2:53:27:09:7f:a2:96:31:7f:65:79:83:39:46:
         06:6b:1a:7b:d4:d2:80:99:5c:f7:75:1c:10:27:fd:03:54:f9:
         66:b6:ec:df
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUbDoGoQ2zI3olMxxGICYSUWISueAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQ0QyOEEwMDAwMTEwLwYDVQQFEyg5N0VCRjM0OEYz
NzZCODY3RkM3NkIyQjJCOTEwNzhDM0RENDk0ODgzMB4XDTI1MDExNDAwMDAwMFoX
DTI1MDIxODIzNTk1OVowejFJMEcGA1UEBRNAZTk1MmRkNDYyYmJkZDlkMDBkNGIy
MDc2MmZlZDVjOWU1MjMwMGU0OTI2NGU4NWZkOGVjNmRkOTg0ZjEzNzQ1MDEtMCsG
A1UEAxMkNDI1N2U5MjUtNzE1Zi00N2EyLTg5M2UtMGUzZjk3ZWM3ZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvxi0cYcoklV+uFXuKMARp02jNbla
BDseiVNsYG1kcrGk8ygzPhpQb4Z/ftee4lQrOYTmI1bXvtdCV8i4/kCv8BdbPKdV
AtSy6bc+hHngexsL43AMCkNBBduVqCRn/fT+S5tcDp9ZHRCAqycacFJrUkikuzDV
wlUlH3w9Iuvyz3mdYvHhdYyX+NhjRH++j0aIAj4Q/NpqrmmAyU4P1aqp7Xcb6Y/L
kGcHkrt2++aweSkdD3S2AMst8yBqnc+31TAyK3GunklyomGxAJiav+wiQT/ddhWX
+y1y4/cu7ySPX4mck+vjbrIhEJ+8PKBx/Hc6e+ngilwnv74DCvppyVf/jwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFEyg/S0BmccKLjJkKRRZNkpB9X+VMB8GA1UdIwQY
MBaAFJfr80jzdrhn/HaysrkQeMPdSUiDMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9sLXZ6U1BO
MnVHZjhkckt5dVJCNHc5MUpTSU0uY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYzNjZDdjMjQtMTJjYi00YWJjLThmZDItNWUyYmNiYjg1YWU2
L2EzZjgwNjczLThiMWItNGFmMS1hZTYwLWU3NDY2M2YzZGY2OS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9jM2NkN2MyNC0xMmNiLTRhYmMtOGZkMi01ZTJi
Y2JiODVhZTYvOTBjYTkwYTktYTEwYS00NGU3LTgyYjktMTM2NTc0NmJhNTVlLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJA+AAEAwDQYJKoZIhvcNAQELBQADggEBACbVUHriS9a3lsK8+6Fy
nuRTwK/sK75SpWhtUQJMNFciQCajNvh/+wKxXWieZ7k7f8yX9rfvfcbMXtlXqTI/
gQE59am1/WcCIBcntQVJl/y6beEdBV2pTNxYRr/Zdz/KqmhNHlsIPa/Rqwry7FKI
8Ca9+ceFrdVr0927QV9ddyWDEyFS36z3bf/ZNfCChlsbfBQWWnYJLChBQS60ZacW
8yFeKfFDVn31BdEXbulUR6Nrqlglx+fy1A5Zh0bQJM78nOy94I1Vbfr4Q4xCILV6
5X8o1sAQM3rZxikleZ2yUycJf6KWMX9leYM5RgZrGnvU0oCZXPd1HBAn/QNU+Wa2
7N8=
-----END CERTIFICATE-----