Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/0bf15d3f-c546-4bb6-a764-82165c384d37.roa
File:                     0bf15d3f-c546-4bb6-a764-82165c384d37.roa (raw, json)
Hash identifier:          jK/yzeZaSS8VRnKh8F6sphqM7gSTjUVHqFeHWRhDz7E=
Subject key identifier:   2A:B5:F0:CE:F8:9F:A5:4E:5B:25:41:3D:29:42:00:6B:DF:39:C9:B0
Certificate issuer:       /CN=A91509EC0000/serialNumber=16F524F8E0EC7CAE0769C42E50FFB3A2B564A6AC
Certificate serial:       09B3A6B5A2FABECF364C23613F3BAEBAEF6CEC70
Authority key identifier: 16:F5:24:F8:E0:EC:7C:AE:07:69:C4:2E:50:FF:B3:A2:B5:64:A6:AC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FvUk-ODsfK4HacQuUP-zorVkpqw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/0bf15d3f-c546-4bb6-a764-82165c384d37.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        175.41.200.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:b3:a6:b5:a2:fa:be:cf:36:4c:23:61:3f:3b:ae:ba:ef:6c:ec:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91509EC0000/serialNumber=16F524F8E0EC7CAE0769C42E50FFB3A2B564A6AC
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=041ac6a1f254619f173b158dba722754df78d2fc36f331cb865d6eb520b9f3e2, CN=58810403-9ba0-403a-809b-c78252ab7f5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:45:d3:21:a2:bb:8a:8d:44:35:ec:0c:f7:b9:
                    72:41:16:0b:08:93:cd:c8:98:53:cb:18:21:83:d1:
                    2f:7b:6d:76:6c:88:56:5c:e5:2f:4d:94:78:59:4b:
                    cf:26:a2:d8:91:80:b3:27:a7:d4:62:97:6b:7b:c5:
                    58:e6:f2:27:62:0b:4b:b6:d8:15:fc:1c:c5:eb:40:
                    3e:2e:ce:17:10:17:64:2c:58:31:83:df:5d:1d:17:
                    86:3a:e2:38:a3:25:8d:dc:27:7e:04:02:70:ad:37:
                    19:9a:75:c2:01:4d:3d:82:82:99:de:5a:16:3d:af:
                    3b:46:40:4f:fc:f5:66:f0:54:68:46:4f:52:db:c8:
                    af:03:8b:87:24:de:d3:53:99:cd:3b:6e:5d:fd:56:
                    c6:02:e7:dc:d7:60:09:0f:e3:66:ba:df:0e:5b:2d:
                    9d:0b:84:6a:21:ac:a1:fc:aa:59:2d:b6:94:6f:56:
                    88:2d:95:bf:05:3c:69:73:04:2f:4b:46:fd:c2:de:
                    c6:87:8f:24:a1:a0:6b:8c:5e:ac:59:64:db:2e:3e:
                    eb:95:4e:df:15:df:0e:4e:c4:36:e4:a9:53:db:1e:
                    46:af:8c:48:8b:f0:13:66:07:5d:09:74:bb:9e:18:
                    b7:58:d8:1c:ee:0b:83:73:99:86:28:63:c9:f8:73:
                    09:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:B5:F0:CE:F8:9F:A5:4E:5B:25:41:3D:29:42:00:6B:DF:39:C9:B0
            X509v3 Authority Key Identifier:
                keyid:16:F5:24:F8:E0:EC:7C:AE:07:69:C4:2E:50:FF:B3:A2:B5:64:A6:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FvUk-ODsfK4HacQuUP-zorVkpqw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/0bf15d3f-c546-4bb6-a764-82165c384d37.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/6ecb3cca-488d-43b9-a50b-d37c0c55a9e1.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  175.41.200.0/21

    Signature Algorithm: sha256WithRSAEncryption
         7b:af:c3:73:ed:40:ec:b5:f6:0b:7d:8f:ff:29:61:66:63:a0:
         5c:97:22:11:7a:6c:fe:13:de:0c:ae:5a:c8:f0:ac:15:a2:29:
         22:de:33:8d:6a:c6:db:ee:42:9a:b5:92:92:9c:39:42:65:27:
         2c:d8:64:ff:7a:38:7d:20:25:59:b5:c7:ba:d9:20:e9:08:64:
         b1:56:d1:49:17:06:72:ed:cc:f8:c8:dc:c1:ca:8f:64:23:fc:
         4e:1a:70:2a:05:98:e5:c7:31:99:1f:34:dc:73:fb:c5:6c:c7:
         39:e3:cf:f7:8b:2c:59:55:f6:06:cf:25:9a:14:9d:e8:ce:6a:
         16:6f:d7:c3:3c:78:6f:51:11:94:22:0d:6d:ef:c7:ab:a4:9f:
         a2:4b:35:6b:65:96:7f:a4:20:18:0e:a9:ec:df:48:bf:f3:b4:
         02:42:03:0b:a3:2f:c2:0f:27:ab:44:0c:4e:b5:54:cb:f2:d5:
         da:33:50:35:bf:74:11:9a:0e:54:5e:32:d6:6f:74:42:f0:00:
         d3:c8:41:be:9f:42:18:f7:b1:68:d3:cf:e5:28:0a:44:e9:89:
         d3:c2:00:b7:51:79:e3:14:d7:08:44:c7:91:ae:aa:3c:a6:e9:
         46:db:92:94:8c:5c:4e:45:83:06:23:15:db:fb:92:8a:a0:69:
         09:31:3a:56
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUCbOmtaL6vs82TCNhPzuuuu9s7HAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxNTA5RUMwMDAwMTEwLwYDVQQFEygxNkY1MjRGOEUw
RUM3Q0FFMDc2OUM0MkU1MEZGQjNBMkI1NjRBNkFDMB4XDTI1MDExMzAwMDAwMFoX
DTI1MDIxNzIzNTk1OVowejFJMEcGA1UEBRNAMDQxYWM2YTFmMjU0NjE5ZjE3M2Ix
NThkYmE3MjI3NTRkZjc4ZDJmYzM2ZjMzMWNiODY1ZDZlYjUyMGI5ZjNlMjEtMCsG
A1UEAxMkNTg4MTA0MDMtOWJhMC00MDNhLTgwOWItYzc4MjUyYWI3ZjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2kXTIaK7io1ENewM97lyQRYLCJPN
yJhTyxghg9Eve212bIhWXOUvTZR4WUvPJqLYkYCzJ6fUYpdre8VY5vInYgtLttgV
/BzF60A+Ls4XEBdkLFgxg99dHReGOuI4oyWN3Cd+BAJwrTcZmnXCAU09goKZ3loW
Pa87RkBP/PVm8FRoRk9S28ivA4uHJN7TU5nNO25d/VbGAufc12AJD+Nmut8OWy2d
C4RqIayh/KpZLbaUb1aILZW/BTxpcwQvS0b9wt7Gh48koaBrjF6sWWTbLj7rlU7f
Fd8OTsQ25KlT2x5Gr4xIi/ATZgddCXS7nhi3WNgc7guDc5mGKGPJ+HMJ6QIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFCq18M74n6VOWyVBPSlCAGvfOcmwMB8GA1UdIwQY
MBaAFBb1JPjg7HyuB2nELlD/s6K1ZKasMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9GdlVrLU9E
c2ZLNEhhY1F1VVAtem9yVmtwcXcuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvZGI5YTM3MmEtMDliYy00YTMyLWJmZTQtOGM0OGU1ZGJkMjE5
LzBiZjE1ZDNmLWM1NDYtNGJiNi1hNzY0LTgyMTY1YzM4NGQzNy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9kYjlhMzcyYS0wOWJjLTRhMzItYmZlNC04YzQ4
ZTVkYmQyMTkvNmVjYjNjY2EtNDg4ZC00M2I5LWE1MGItZDM3YzBjNTVhOWUxLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQDrynIMA0GCSqGSIb3DQEBCwUAA4IBAQB7r8Nz7UDstfYLfY//KWFm
Y6BclyIRemz+E94MrlrI8KwVoiki3jONasbb7kKatZKSnDlCZScs2GT/ejh9ICVZ
tce62SDpCGSxVtFJFwZy7cz4yNzByo9kI/xOGnAqBZjlxzGZHzTcc/vFbMc548/3
iyxZVfYGzyWaFJ3ozmoWb9fDPHhvURGUIg1t78erpJ+iSzVrZZZ/pCAYDqns30i/
87QCQgMLoy/CDyerRAxOtVTL8tXaM1A1v3QRmg5UXjLWb3RC8ADTyEG+n0IY97Fo
08/lKApE6YnTwgC3UXnjFNcIRMeRrqo8pulG25KUjFxORYMGIxXb+5KKoGkJMTpW
-----END CERTIFICATE-----