Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/ab4ad185-2bfb-4281-9e23-00a2ab4b6e8f.roa
File:                     ab4ad185-2bfb-4281-9e23-00a2ab4b6e8f.roa (raw, json)
Hash identifier:          BPwnWHv7HjS9iHsPQCFbLpHRYwoGTATjGCv9WV6DKnM=
Subject key identifier:   28:EF:78:82:E1:6D:EF:57:18:33:44:DD:C8:A7:12:1B:EF:A3:A1:19
Certificate issuer:       /CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
Certificate serial:       698671931FC6CC87F2BC7773C423E1F1C46E5E11
Authority key identifier: 97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/ab4ad185-2bfb-4281-9e23-00a2ab4b6e8f.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        240f:80ff:8020::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:86:71:93:1f:c6:cc:87:f2:bc:77:73:c4:23:e1:f1:c4:6e:5e:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: serialNumber=be191e7c7cbc098fedb87f4387d7d0c755efb5c4af21f481a2dbb12b609f1729, CN=4257e925-715f-47a2-893e-0e3f97ec7e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:f3:f1:ce:6f:ab:ef:00:e3:a2:a4:d2:2b:f8:
                    1f:30:45:15:3a:09:48:88:17:4a:48:a0:12:3f:2e:
                    25:b3:c4:ab:85:95:c3:36:83:eb:d8:6d:e0:19:c2:
                    35:d7:a4:da:fa:2f:b5:0b:47:8d:0b:46:0e:40:6b:
                    44:5d:39:d1:80:5f:c9:ea:30:0b:59:b6:8d:59:b3:
                    a6:26:0c:c7:1b:67:8d:aa:b8:47:d7:44:6b:50:82:
                    86:62:89:75:6f:e8:3b:38:45:fd:30:57:1d:4e:04:
                    67:53:49:36:a1:de:ad:23:0d:1b:c4:58:62:f2:68:
                    c2:76:28:5b:02:f2:59:d7:6a:60:35:3c:55:94:d4:
                    fb:02:51:ba:1a:f1:31:91:0a:e8:fc:7d:d1:d7:84:
                    6a:24:dc:bb:35:a1:5e:87:12:95:4a:aa:67:d2:97:
                    3f:12:e3:cd:bf:f2:d9:79:ff:dc:aa:3c:f1:97:cf:
                    51:af:2d:54:df:a6:ad:9f:9a:34:89:f1:18:34:44:
                    7f:d6:a8:96:25:81:34:a5:14:ec:37:be:f2:7f:a1:
                    1b:4a:7e:94:95:7c:bc:ec:c5:e3:33:74:b4:d2:7b:
                    1b:ce:41:b0:2f:08:39:ef:44:b0:fd:dc:87:63:6b:
                    3c:d5:e4:0e:ee:9f:d3:f9:68:06:49:44:5d:76:f2:
                    2a:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:EF:78:82:E1:6D:EF:57:18:33:44:DD:C8:A7:12:1B:EF:A3:A1:19
            X509v3 Authority Key Identifier:
                keyid:97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/ab4ad185-2bfb-4281-9e23-00a2ab4b6e8f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240f:80ff:8020::/48

    Signature Algorithm: sha256WithRSAEncryption
         35:69:8a:aa:b2:a9:c1:f1:4a:50:9d:d7:40:87:64:be:11:d1:
         90:01:e6:ae:a2:69:d0:c2:27:8e:4d:f3:a7:74:2a:af:53:4f:
         a3:59:b2:f6:71:3c:e3:f7:e0:b2:86:5e:e1:73:c0:58:ac:73:
         e3:b5:b0:2e:dc:7c:24:5d:6b:d3:2f:d3:55:e5:e1:b1:25:88:
         0b:d4:9b:33:22:57:18:23:9e:f7:6b:c6:2c:80:f0:40:0a:6f:
         09:a4:23:f7:c9:89:2c:2b:2d:3b:c5:16:80:07:00:b8:73:4d:
         8a:94:fc:f7:4a:c8:0c:4f:c7:92:28:54:93:86:fa:ce:98:62:
         df:e0:92:bc:3f:02:79:8e:64:d2:3b:96:1b:0d:4c:92:4c:93:
         39:86:05:1d:2d:08:4f:79:e5:e7:cb:1d:41:a2:38:10:20:1b:
         67:cb:f7:c4:39:ab:2a:41:6d:df:21:31:30:cc:65:fc:ab:8e:
         e2:ec:3a:fb:c7:03:28:f7:d3:83:8c:60:85:c1:8e:46:e2:4b:
         c5:14:b7:cb:6e:90:f2:5f:46:9e:3a:cf:e2:86:32:82:af:c1:
         2e:bc:76:a2:d1:5e:94:e5:21:e4:ed:02:91:01:4d:e3:15:4f:
         aa:c0:6a:43:40:bd:b3:87:de:d4:42:56:c1:24:04:f7:e2:f5:
         67:17:8e:67
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUaYZxkx/GzIfyvHdzxCPh8cRuXhEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQ0QyOEEwMDAwMTEwLwYDVQQFEyg5N0VCRjM0OEYz
NzZCODY3RkM3NkIyQjJCOTEwNzhDM0RENDk0ODgzMB4XDTI1MDExNDAwMDAwMFoX
DTI1MDIxODIzNTk1OVowejFJMEcGA1UEBRNAYmUxOTFlN2M3Y2JjMDk4ZmVkYjg3
ZjQzODdkN2QwYzc1NWVmYjVjNGFmMjFmNDgxYTJkYmIxMmI2MDlmMTcyOTEtMCsG
A1UEAxMkNDI1N2U5MjUtNzE1Zi00N2EyLTg5M2UtMGUzZjk3ZWM3ZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtvPxzm+r7wDjoqTSK/gfMEUVOglI
iBdKSKASPy4ls8SrhZXDNoPr2G3gGcI116Ta+i+1C0eNC0YOQGtEXTnRgF/J6jAL
WbaNWbOmJgzHG2eNqrhH10RrUIKGYol1b+g7OEX9MFcdTgRnU0k2od6tIw0bxFhi
8mjCdihbAvJZ12pgNTxVlNT7AlG6GvExkQro/H3R14RqJNy7NaFehxKVSqpn0pc/
EuPNv/LZef/cqjzxl89Rry1U36atn5o0ifEYNER/1qiWJYE0pRTsN77yf6EbSn6U
lXy87MXjM3S00nsbzkGwLwg570Sw/dyHY2s81eQO7p/T+WgGSURddvIqpQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFCjveILhbe9XGDNE3cinEhvvo6EZMB8GA1UdIwQY
MBaAFJfr80jzdrhn/HaysrkQeMPdSUiDMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9sLXZ6U1BO
MnVHZjhkckt5dVJCNHc5MUpTSU0uY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYzNjZDdjMjQtMTJjYi00YWJjLThmZDItNWUyYmNiYjg1YWU2
L2FiNGFkMTg1LTJiZmItNDI4MS05ZTIzLTAwYTJhYjRiNmU4Zi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9jM2NkN2MyNC0xMmNiLTRhYmMtOGZkMi01ZTJi
Y2JiODVhZTYvOTBjYTkwYTktYTEwYS00NGU3LTgyYjktMTM2NTc0NmJhNTVlLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJA+A/4AgMA0GCSqGSIb3DQEBCwUAA4IBAQA1aYqqsqnB8UpQnddA
h2S+EdGQAeauomnQwieOTfOndCqvU0+jWbL2cTzj9+Cyhl7hc8BYrHPjtbAu3Hwk
XWvTL9NV5eGxJYgL1JszIlcYI573a8YsgPBACm8JpCP3yYksKy07xRaABwC4c02K
lPz3SsgMT8eSKFSThvrOmGLf4JK8PwJ5jmTSO5YbDUySTJM5hgUdLQhPeeXnyx1B
ojgQIBtny/fEOasqQW3fITEwzGX8q47i7Dr7xwMo99ODjGCFwY5G4kvFFLfLbpDy
X0aeOs/ihjKCr8EuvHai0V6U5SHk7QKRAU3jFU+qwGpDQL2zh97UQlbBJAT34vVn
F45n
-----END CERTIFICATE-----