Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/f54cd21d-ebef-4509-8295-1f7547d0d717.roa
File:                     f54cd21d-ebef-4509-8295-1f7547d0d717.roa (raw, json)
Hash identifier:          f9aQgycc3EbpkJxLsXgEsz5ijhKWMxGLBRSQM9rXFRE=
Subject key identifier:   00:04:62:B7:A4:3B:31:DD:D8:F0:21:D4:BE:B5:9F:00:43:A9:66:9C
Certificate issuer:       /CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
Certificate serial:       4D530FC6B424F7D01FA83256D3CAEFE618EEA49B
Authority key identifier: 97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/f54cd21d-ebef-4509-8295-1f7547d0d717.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        240f:8018:400::/38 maxlen: 38
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:53:0f:c6:b4:24:f7:d0:1f:a8:32:56:d3:ca:ef:e6:18:ee:a4:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: serialNumber=649db93d5b6b93794c55d64f06511feb4bbe292ccc682d7878845b7c4dd22138, CN=4257e925-715f-47a2-893e-0e3f97ec7e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:17:45:17:a0:b2:7b:52:ba:3b:4a:19:57:21:
                    91:a1:3c:ea:cc:06:55:a3:fc:fb:09:3e:76:6e:83:
                    0a:80:88:84:f2:78:db:a0:fb:1b:12:b9:23:84:41:
                    01:d0:02:06:2e:83:7a:f4:aa:e7:a0:35:b2:5e:98:
                    36:4e:79:c0:e1:30:5b:44:e9:d8:b0:04:5d:ff:d4:
                    d0:95:2a:f5:78:a6:34:02:9f:f9:9b:f6:9b:b5:51:
                    6a:dd:67:d1:50:82:56:d6:aa:08:b6:c4:ed:d7:3b:
                    79:52:a1:3a:d1:0a:92:f9:27:04:5c:98:e2:13:17:
                    ec:08:bf:4d:0d:bf:3e:21:bc:d5:78:6d:19:eb:ff:
                    b3:5f:2d:55:7a:9b:ea:bc:42:1d:f7:6c:d4:d7:4c:
                    9d:9b:8b:93:2d:07:1a:16:dd:4b:05:71:cc:9a:30:
                    46:9a:f3:62:0b:32:0a:2c:c9:b4:79:75:a9:62:0a:
                    66:f9:61:1c:c9:f0:f4:bf:ad:99:97:c9:23:35:c1:
                    40:b4:b7:3e:2c:17:99:f3:d5:83:04:da:51:b9:40:
                    c7:83:2a:3a:ef:69:34:10:b1:c3:36:88:41:52:2b:
                    eb:c8:46:c5:29:7b:8e:34:15:10:a4:6a:f2:2c:9e:
                    55:12:92:f5:09:61:02:3a:03:ed:cf:2a:66:f9:7d:
                    91:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:04:62:B7:A4:3B:31:DD:D8:F0:21:D4:BE:B5:9F:00:43:A9:66:9C
            X509v3 Authority Key Identifier:
                keyid:97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/f54cd21d-ebef-4509-8295-1f7547d0d717.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240f:8018:400::/38

    Signature Algorithm: sha256WithRSAEncryption
         b9:f0:dc:fa:59:55:76:b2:93:bb:9c:05:16:87:6c:05:e4:52:
         79:9d:98:5e:ec:fa:d4:31:a6:ed:06:d0:40:20:f8:83:33:a3:
         46:81:36:5a:79:11:42:25:99:8e:a0:36:c2:90:c7:a0:11:8e:
         60:73:d9:d0:28:44:93:fd:3e:a0:4a:43:d4:c4:9a:30:02:7e:
         41:8c:f9:8f:95:87:fb:16:4c:84:4c:90:f9:e4:09:2b:1d:ce:
         07:ea:8f:e2:5e:67:77:55:90:da:ca:bc:af:ac:c0:d3:91:ec:
         36:66:eb:76:91:2a:92:58:c5:91:c2:06:60:ef:2c:6b:eb:27:
         52:61:eb:19:46:12:7c:2e:35:16:ae:9c:39:58:a1:43:82:8b:
         2c:c1:76:c6:30:24:7a:50:1a:17:ce:2d:fd:0f:6e:b1:d9:69:
         1d:2c:5b:6e:40:78:0e:03:aa:82:15:20:6c:73:90:d4:3c:c9:
         92:b5:ca:88:fc:c9:b1:9a:5d:f4:22:d4:b0:af:6e:47:b0:5d:
         53:23:94:71:34:50:77:7f:01:aa:c6:d8:d7:ff:9a:dd:16:7c:
         59:ad:e3:54:6a:51:71:25:2d:0e:35:16:6d:2e:d7:ff:e6:58:
         bc:6e:87:a9:b4:46:46:3a:80:57:f0:61:5d:64:5b:f7:49:e1:
         95:8e:9f:a7
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUTVMPxrQk99AfqDJW08rv5hjupJswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQ0QyOEEwMDAwMTEwLwYDVQQFEyg5N0VCRjM0OEYz
NzZCODY3RkM3NkIyQjJCOTEwNzhDM0RENDk0ODgzMB4XDTI1MDExNDAwMDAwMFoX
DTI1MDIxODIzNTk1OVowejFJMEcGA1UEBRNANjQ5ZGI5M2Q1YjZiOTM3OTRjNTVk
NjRmMDY1MTFmZWI0YmJlMjkyY2NjNjgyZDc4Nzg4NDViN2M0ZGQyMjEzODEtMCsG
A1UEAxMkNDI1N2U5MjUtNzE1Zi00N2EyLTg5M2UtMGUzZjk3ZWM3ZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6hdFF6Cye1K6O0oZVyGRoTzqzAZV
o/z7CT52boMKgIiE8njboPsbErkjhEEB0AIGLoN69KrnoDWyXpg2TnnA4TBbROnY
sARd/9TQlSr1eKY0Ap/5m/abtVFq3WfRUIJW1qoItsTt1zt5UqE60QqS+ScEXJji
ExfsCL9NDb8+IbzVeG0Z6/+zXy1VepvqvEId92zU10ydm4uTLQcaFt1LBXHMmjBG
mvNiCzIKLMm0eXWpYgpm+WEcyfD0v62Zl8kjNcFAtLc+LBeZ89WDBNpRuUDHgyo6
72k0ELHDNohBUivryEbFKXuONBUQpGryLJ5VEpL1CWECOgPtzypm+X2RUQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFAAEYrekOzHd2PAh1L61nwBDqWacMB8GA1UdIwQY
MBaAFJfr80jzdrhn/HaysrkQeMPdSUiDMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9sLXZ6U1BO
MnVHZjhkckt5dVJCNHc5MUpTSU0uY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYzNjZDdjMjQtMTJjYi00YWJjLThmZDItNWUyYmNiYjg1YWU2
L2Y1NGNkMjFkLWViZWYtNDUwOS04Mjk1LTFmNzU0N2QwZDcxNy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9jM2NkN2MyNC0xMmNiLTRhYmMtOGZkMi01ZTJi
Y2JiODVhZTYvOTBjYTkwYTktYTEwYS00NGU3LTgyYjktMTM2NTc0NmJhNTVlLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYCJA+AGAQwDQYJKoZIhvcNAQELBQADggEBALnw3PpZVXayk7ucBRaH
bAXkUnmdmF7s+tQxpu0G0EAg+IMzo0aBNlp5EUIlmY6gNsKQx6ARjmBz2dAoRJP9
PqBKQ9TEmjACfkGM+Y+Vh/sWTIRMkPnkCSsdzgfqj+JeZ3dVkNrKvK+swNOR7DZm
63aRKpJYxZHCBmDvLGvrJ1Jh6xlGEnwuNRaunDlYoUOCiyzBdsYwJHpQGhfOLf0P
brHZaR0sW25AeA4DqoIVIGxzkNQ8yZK1yoj8ybGaXfQi1LCvbkewXVMjlHE0UHd/
AarG2Nf/mt0WfFmt41RqUXElLQ41Fm0u1//mWLxuh6m0RkY6gFfwYV1kW/dJ4ZWO
n6c=
-----END CERTIFICATE-----