Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/2f47dcdd-c384-4eb2-aefd-f4ad64f26cce.roa
File:                     2f47dcdd-c384-4eb2-aefd-f4ad64f26cce.roa (raw, json)
Hash identifier:          95bBqB6H3e9LzDWlavgKY+mcWprDIBuLO/Fafr6Bazw=
Subject key identifier:   C3:88:80:98:F4:8B:6E:4A:9B:12:3C:CA:35:D4:62:0F:DE:D1:B4:85
Certificate issuer:       /CN=A91509EC0000/serialNumber=16F524F8E0EC7CAE0769C42E50FFB3A2B564A6AC
Certificate serial:       6AA8592DC340ABC492D8956831F2D35DE410EB5C
Authority key identifier: 16:F5:24:F8:E0:EC:7C:AE:07:69:C4:2E:50:FF:B3:A2:B5:64:A6:AC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FvUk-ODsfK4HacQuUP-zorVkpqw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/2f47dcdd-c384-4eb2-aefd-f4ad64f26cce.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        175.41.193.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:a8:59:2d:c3:40:ab:c4:92:d8:95:68:31:f2:d3:5d:e4:10:eb:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91509EC0000/serialNumber=16F524F8E0EC7CAE0769C42E50FFB3A2B564A6AC
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=b92b5b39e2e7af3f9de42bac56579c73c391c23f6f8cb8b2f8855e74023fd414, CN=58810403-9ba0-403a-809b-c78252ab7f5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:c3:90:56:14:fb:49:ab:27:d5:43:b8:bb:f7:
                    73:df:df:b6:bf:29:43:c9:7b:05:a5:1f:53:21:80:
                    74:2e:e5:4a:71:71:1e:d1:9b:5f:52:2b:01:9c:5f:
                    3c:d8:27:17:1f:0d:08:4d:21:b9:77:11:37:2d:c4:
                    84:b9:62:39:57:1b:2e:78:cb:10:e5:99:b5:fa:2e:
                    73:95:c7:7e:4e:54:0a:8b:bd:c3:af:bd:77:de:fd:
                    cb:31:6a:ca:20:0b:24:2a:b2:c0:f1:f6:87:53:b2:
                    9f:6a:b1:a4:6e:5c:b6:36:19:ac:31:06:ad:7e:be:
                    a4:75:93:0e:97:d7:4b:61:8c:ce:98:a7:50:06:6c:
                    27:75:f8:08:76:56:73:1d:58:1b:48:4b:86:33:c9:
                    47:22:7b:44:d1:5e:6a:ff:15:0d:a3:e3:b6:54:d8:
                    50:c3:e7:54:85:d5:4f:b6:91:85:9b:29:cf:2b:99:
                    47:0e:35:29:2f:70:ca:07:55:93:76:ba:54:41:46:
                    69:63:a9:35:b3:ae:b5:26:65:38:10:c0:1f:66:42:
                    c0:c3:d6:c1:ef:00:9f:41:45:bf:44:44:17:86:5f:
                    c7:26:dd:3b:c6:9c:7f:c1:e9:b4:94:cd:be:bc:3f:
                    ca:2f:49:0e:04:dd:39:cd:31:5a:05:11:d1:1a:60:
                    4d:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:88:80:98:F4:8B:6E:4A:9B:12:3C:CA:35:D4:62:0F:DE:D1:B4:85
            X509v3 Authority Key Identifier:
                keyid:16:F5:24:F8:E0:EC:7C:AE:07:69:C4:2E:50:FF:B3:A2:B5:64:A6:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FvUk-ODsfK4HacQuUP-zorVkpqw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/2f47dcdd-c384-4eb2-aefd-f4ad64f26cce.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/6ecb3cca-488d-43b9-a50b-d37c0c55a9e1.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  175.41.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:aa:07:b1:70:57:01:f9:69:43:5c:2c:9f:71:a3:b6:7e:92:
         cb:29:b9:1a:73:e5:f3:7b:a3:64:94:e6:dc:31:c3:05:3b:22:
         f4:ea:65:e7:ad:3b:58:59:b9:fd:e1:4d:de:74:e9:f7:1f:4e:
         65:84:a8:4d:76:88:4f:9e:44:2d:c5:df:3d:41:d7:55:be:e9:
         dc:cf:9d:ca:f7:00:df:dc:20:61:37:48:2e:0b:cf:00:7a:4f:
         2c:3e:f3:9e:3b:16:57:f4:bc:77:22:77:f9:43:24:cc:a7:38:
         83:db:20:45:88:83:ab:6d:5f:f5:ab:a2:9f:84:89:84:ff:a8:
         09:4a:5a:26:74:27:c2:a0:bc:b5:05:5c:ac:66:c2:70:0f:f7:
         13:35:65:c3:c9:30:b4:47:bb:ce:3c:60:3b:4a:31:1e:49:25:
         c8:d6:1c:1f:bb:45:90:dc:fb:c3:2d:57:c9:29:91:ee:92:f8:
         2b:5b:17:6b:3e:16:b9:5c:84:af:4f:90:d0:75:c4:82:d4:54:
         55:5b:b8:52:64:e7:9c:31:50:f9:74:4c:9e:7e:bc:3d:6b:0c:
         d4:ae:c2:7e:26:3f:f0:41:8f:59:6e:b0:10:d6:9c:5a:95:4f:
         ac:7e:d3:e7:dd:73:d4:d3:aa:98:c2:7f:7c:36:36:94:07:9b:
         f9:b9:87:c4
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUaqhZLcNAq8SS2JVoMfLTXeQQ61wwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxNTA5RUMwMDAwMTEwLwYDVQQFEygxNkY1MjRGOEUw
RUM3Q0FFMDc2OUM0MkU1MEZGQjNBMkI1NjRBNkFDMB4XDTI1MDExMzAwMDAwMFoX
DTI1MDIxNzIzNTk1OVowejFJMEcGA1UEBRNAYjkyYjViMzllMmU3YWYzZjlkZTQy
YmFjNTY1NzljNzNjMzkxYzIzZjZmOGNiOGIyZjg4NTVlNzQwMjNmZDQxNDEtMCsG
A1UEAxMkNTg4MTA0MDMtOWJhMC00MDNhLTgwOWItYzc4MjUyYWI3ZjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8OQVhT7Sasn1UO4u/dz39+2vylD
yXsFpR9TIYB0LuVKcXEe0ZtfUisBnF882CcXHw0ITSG5dxE3LcSEuWI5VxsueMsQ
5Zm1+i5zlcd+TlQKi73Dr7133v3LMWrKIAskKrLA8faHU7KfarGkbly2NhmsMQat
fr6kdZMOl9dLYYzOmKdQBmwndfgIdlZzHVgbSEuGM8lHIntE0V5q/xUNo+O2VNhQ
w+dUhdVPtpGFmynPK5lHDjUpL3DKB1WTdrpUQUZpY6k1s661JmU4EMAfZkLAw9bB
7wCfQUW/REQXhl/HJt07xpx/wem0lM2+vD/KL0kOBN05zTFaBRHRGmBNqwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFMOIgJj0i25KmxI8yjXUYg/e0bSFMB8GA1UdIwQY
MBaAFBb1JPjg7HyuB2nELlD/s6K1ZKasMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9GdlVrLU9E
c2ZLNEhhY1F1VVAtem9yVmtwcXcuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvZGI5YTM3MmEtMDliYy00YTMyLWJmZTQtOGM0OGU1ZGJkMjE5
LzJmNDdkY2RkLWMzODQtNGViMi1hZWZkLWY0YWQ2NGYyNmNjZS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9kYjlhMzcyYS0wOWJjLTRhMzItYmZlNC04YzQ4
ZTVkYmQyMTkvNmVjYjNjY2EtNDg4ZC00M2I5LWE1MGItZDM3YzBjNTVhOWUxLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQArynBMA0GCSqGSIb3DQEBCwUAA4IBAQB/qgexcFcB+WlDXCyfcaO2
fpLLKbkac+Xze6NklObcMcMFOyL06mXnrTtYWbn94U3edOn3H05lhKhNdohPnkQt
xd89QddVvuncz53K9wDf3CBhN0guC88Aek8sPvOeOxZX9Lx3Inf5QyTMpziD2yBF
iIOrbV/1q6KfhImE/6gJSlomdCfCoLy1BVysZsJwD/cTNWXDyTC0R7vOPGA7SjEe
SSXI1hwfu0WQ3PvDLVfJKZHukvgrWxdrPha5XISvT5DQdcSC1FRVW7hSZOecMVD5
dEyefrw9awzUrsJ+Jj/wQY9ZbrAQ1pxalU+sftPn3XPU06qYwn98NjaUB5v5uYfE
-----END CERTIFICATE-----