Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/05bc8dbb-c70a-48da-b45b-4448364614ff.roa
File:                     05bc8dbb-c70a-48da-b45b-4448364614ff.roa (raw, json)
Hash identifier:          ZRbYdhpDS1/7wVzPAWaFWRHaBbg/s8/jkUHou1EbooU=
Subject key identifier:   9E:94:E0:69:24:CD:BA:BB:CE:2B:43:B0:99:47:A1:28:CA:8F:38:CF
Certificate issuer:       /CN=A91509EC0000/serialNumber=16F524F8E0EC7CAE0769C42E50FFB3A2B564A6AC
Certificate serial:       5157E82E2F069ACB0D65C48D3716D21458D420BD
Authority key identifier: 16:F5:24:F8:E0:EC:7C:AE:07:69:C4:2E:50:FF:B3:A2:B5:64:A6:AC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FvUk-ODsfK4HacQuUP-zorVkpqw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/05bc8dbb-c70a-48da-b45b-4448364614ff.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        175.41.208.0/20 maxlen: 20
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:57:e8:2e:2f:06:9a:cb:0d:65:c4:8d:37:16:d2:14:58:d4:20:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91509EC0000/serialNumber=16F524F8E0EC7CAE0769C42E50FFB3A2B564A6AC
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=9005f9b9466ab07af91a3558dffe625170a8a4f8e4e177eda61f5f39cdedfac9, CN=58810403-9ba0-403a-809b-c78252ab7f5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:80:52:97:b6:77:26:d5:38:ed:73:c2:2f:bd:
                    95:57:c2:9e:fa:8d:4b:c0:05:81:f2:38:1c:df:b1:
                    00:0d:11:10:39:a0:59:d7:45:6c:b5:44:0c:16:86:
                    05:d6:78:9c:3b:b2:4a:f5:27:c7:8c:c6:16:ce:2b:
                    ca:a4:9a:91:8a:b1:d3:21:77:05:e3:1e:38:2c:fd:
                    88:f7:64:6e:f1:99:93:f4:de:54:5d:47:65:a5:6c:
                    ba:39:f6:a8:82:3e:7c:12:e0:01:cb:8b:47:52:27:
                    a9:12:46:d8:67:03:4e:31:76:bf:66:75:5f:7c:b6:
                    71:5a:8e:c4:09:46:ee:a6:b9:d0:9c:29:35:65:25:
                    b4:d9:6a:39:52:b8:94:c2:3a:bb:50:38:e7:f9:a0:
                    30:5a:cd:de:8e:07:20:0f:34:5c:2c:0f:36:ca:da:
                    dc:7c:26:9c:c4:19:e5:3d:19:43:ba:13:85:43:22:
                    9a:9b:de:d1:87:11:f7:c8:d9:2a:67:6d:78:11:4d:
                    c7:4b:4b:cb:fe:9f:48:6b:70:79:1e:42:48:34:80:
                    92:24:c6:c8:41:0b:b6:bc:0c:be:30:4c:15:17:a0:
                    26:96:46:ba:fa:57:54:b5:ba:b1:6f:43:67:7c:f1:
                    77:9b:95:44:66:82:c4:de:3d:d8:15:db:2f:9a:93:
                    01:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:94:E0:69:24:CD:BA:BB:CE:2B:43:B0:99:47:A1:28:CA:8F:38:CF
            X509v3 Authority Key Identifier:
                keyid:16:F5:24:F8:E0:EC:7C:AE:07:69:C4:2E:50:FF:B3:A2:B5:64:A6:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FvUk-ODsfK4HacQuUP-zorVkpqw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/05bc8dbb-c70a-48da-b45b-4448364614ff.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/6ecb3cca-488d-43b9-a50b-d37c0c55a9e1.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  175.41.208.0/20

    Signature Algorithm: sha256WithRSAEncryption
         8a:c3:b4:cc:d3:40:32:bc:82:40:af:d1:56:ea:31:f9:3b:e7:
         f1:1b:7a:3d:58:d9:47:b6:7e:98:ce:d9:63:1a:4c:dc:42:e5:
         f9:79:11:6d:ea:92:b1:4a:06:04:41:ae:2e:76:d4:33:6b:6d:
         1d:09:3e:01:c5:57:cd:db:34:e6:2d:47:96:b8:de:d9:c2:45:
         99:71:b3:af:aa:a8:f3:ca:7a:45:89:ca:f2:33:6c:b6:aa:23:
         e7:c6:1b:e9:16:53:f3:14:e0:da:5a:b1:de:40:ee:08:e8:d7:
         0a:e9:16:72:97:e7:ce:89:3b:31:72:02:b7:7c:d1:e3:7d:ed:
         e2:21:fc:21:f7:e9:f6:c9:27:04:cf:1a:59:45:d5:e3:2d:6e:
         4a:44:d3:f0:e3:a3:5a:1d:20:35:b4:00:26:65:7b:2e:72:ac:
         02:74:c7:6b:fd:24:db:c4:60:0e:a6:ad:e1:13:00:d8:77:2d:
         77:9a:fc:e1:75:2f:7c:99:4d:0a:2e:bf:f0:a9:4e:36:f5:e1:
         8c:6d:64:e2:e1:9c:0d:32:99:ce:38:cf:e8:c2:40:65:e8:d9:
         74:fe:a7:f3:4a:14:d9:c6:50:9e:4e:13:94:a1:78:d6:3d:c8:
         8b:e6:72:02:73:a3:24:72:73:7e:39:c8:55:f7:2c:07:af:2f:
         3d:42:3b:ab
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUUVfoLi8GmssNZcSNNxbSFFjUIL0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxNTA5RUMwMDAwMTEwLwYDVQQFEygxNkY1MjRGOEUw
RUM3Q0FFMDc2OUM0MkU1MEZGQjNBMkI1NjRBNkFDMB4XDTI1MDExMzAwMDAwMFoX
DTI1MDIxNzIzNTk1OVowejFJMEcGA1UEBRNAOTAwNWY5Yjk0NjZhYjA3YWY5MWEz
NTU4ZGZmZTYyNTE3MGE4YTRmOGU0ZTE3N2VkYTYxZjVmMzljZGVkZmFjOTEtMCsG
A1UEAxMkNTg4MTA0MDMtOWJhMC00MDNhLTgwOWItYzc4MjUyYWI3ZjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlIBSl7Z3JtU47XPCL72VV8Ke+o1L
wAWB8jgc37EADREQOaBZ10VstUQMFoYF1nicO7JK9SfHjMYWzivKpJqRirHTIXcF
4x44LP2I92Ru8ZmT9N5UXUdlpWy6Ofaogj58EuABy4tHUiepEkbYZwNOMXa/ZnVf
fLZxWo7ECUbuprnQnCk1ZSW02Wo5UriUwjq7UDjn+aAwWs3ejgcgDzRcLA82ytrc
fCacxBnlPRlDuhOFQyKam97RhxH3yNkqZ214EU3HS0vL/p9Ia3B5HkJINICSJMbI
QQu2vAy+MEwVF6Amlka6+ldUtbqxb0NnfPF3m5VEZoLE3j3YFdsvmpMBmwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFJ6U4Gkkzbq7zitDsJlHoSjKjzjPMB8GA1UdIwQY
MBaAFBb1JPjg7HyuB2nELlD/s6K1ZKasMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9GdlVrLU9E
c2ZLNEhhY1F1VVAtem9yVmtwcXcuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvZGI5YTM3MmEtMDliYy00YTMyLWJmZTQtOGM0OGU1ZGJkMjE5
LzA1YmM4ZGJiLWM3MGEtNDhkYS1iNDViLTQ0NDgzNjQ2MTRmZi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9kYjlhMzcyYS0wOWJjLTRhMzItYmZlNC04YzQ4
ZTVkYmQyMTkvNmVjYjNjY2EtNDg4ZC00M2I5LWE1MGItZDM3YzBjNTVhOWUxLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQErynQMA0GCSqGSIb3DQEBCwUAA4IBAQCKw7TM00AyvIJAr9FW6jH5
O+fxG3o9WNlHtn6YztljGkzcQuX5eRFt6pKxSgYEQa4udtQza20dCT4BxVfN2zTm
LUeWuN7ZwkWZcbOvqqjzynpFicryM2y2qiPnxhvpFlPzFODaWrHeQO4I6NcK6RZy
l+fOiTsxcgK3fNHjfe3iIfwh9+n2yScEzxpZRdXjLW5KRNPw46NaHSA1tAAmZXsu
cqwCdMdr/STbxGAOpq3hEwDYdy13mvzhdS98mU0KLr/wqU429eGMbWTi4ZwNMpnO
OM/owkBl6Nl0/qfzShTZxlCeThOUoXjWPciL5nICc6MkcnN+OchV9ywHry89Qjur
-----END CERTIFICATE-----