Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/3b940d14-b8c4-4c3d-978f-a1a3b7a0a82c.roa
File:                     3b940d14-b8c4-4c3d-978f-a1a3b7a0a82c.roa (raw, json)
Hash identifier:          3e8htAbZMj2E1/uoUMUuRuc5DMjpSKZD7UE+txSYbWw=
Subject key identifier:   14:3B:37:CF:76:DB:A2:C1:94:49:D1:DB:70:D7:AB:E4:6E:1A:96:7D
Certificate issuer:       /CN=A91509EC0000/serialNumber=16F524F8E0EC7CAE0769C42E50FFB3A2B564A6AC
Certificate serial:       2AF62ED3E3734412C733340A11DCB03274EACA63
Authority key identifier: 16:F5:24:F8:E0:EC:7C:AE:07:69:C4:2E:50:FF:B3:A2:B5:64:A6:AC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FvUk-ODsfK4HacQuUP-zorVkpqw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/3b940d14-b8c4-4c3d-978f-a1a3b7a0a82c.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        175.41.224.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:f6:2e:d3:e3:73:44:12:c7:33:34:0a:11:dc:b0:32:74:ea:ca:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91509EC0000/serialNumber=16F524F8E0EC7CAE0769C42E50FFB3A2B564A6AC
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=5fac97a9ccf6225c90a35d92c4c9f857f17c47bef885bf961f37b1944135c8e2, CN=58810403-9ba0-403a-809b-c78252ab7f5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:72:14:1b:cf:1f:d4:c5:66:a9:ed:9b:75:d7:
                    7a:1f:6f:58:e1:4b:7e:bc:6b:19:b7:cb:25:75:b4:
                    08:ae:d9:77:2d:1a:4d:19:2e:84:7c:d0:51:97:85:
                    c8:f3:c5:9b:84:02:f9:c4:d3:bf:b1:71:41:e3:04:
                    49:e7:e5:32:a1:28:48:d5:c1:0a:db:76:de:af:96:
                    46:de:30:ae:02:4c:56:1c:68:80:68:42:2f:1f:52:
                    68:ee:02:27:5b:d7:a9:1d:c4:12:49:f5:d5:33:79:
                    c4:5a:0e:2d:b9:a3:16:81:3f:3b:49:18:49:f8:e4:
                    50:05:47:bc:53:44:b4:34:1c:07:9a:88:bd:e1:96:
                    f2:c6:1a:d7:12:b9:b7:76:7b:ef:83:f9:56:cc:ec:
                    22:f4:c5:98:87:16:d6:05:f3:ac:16:e7:94:d0:58:
                    32:c0:7c:5e:fc:bf:eb:cb:ac:31:ad:f2:8d:a2:29:
                    77:0e:60:99:77:c2:95:8d:5b:82:75:81:b4:08:25:
                    f9:1e:65:af:51:cf:1f:52:6b:e7:65:2a:40:32:a2:
                    43:9e:ba:55:22:d0:0b:2e:24:7a:c0:b8:95:ef:d9:
                    a4:ea:48:e6:66:e1:82:11:fd:04:b1:1f:49:ec:2d:
                    c3:66:70:d9:04:8d:ba:7e:a0:af:05:1b:58:17:5b:
                    72:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:3B:37:CF:76:DB:A2:C1:94:49:D1:DB:70:D7:AB:E4:6E:1A:96:7D
            X509v3 Authority Key Identifier:
                keyid:16:F5:24:F8:E0:EC:7C:AE:07:69:C4:2E:50:FF:B3:A2:B5:64:A6:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FvUk-ODsfK4HacQuUP-zorVkpqw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/3b940d14-b8c4-4c3d-978f-a1a3b7a0a82c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/6ecb3cca-488d-43b9-a50b-d37c0c55a9e1.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  175.41.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         af:e7:f4:ed:30:49:6f:55:90:8f:34:bc:23:b3:b2:b6:dd:54:
         72:4c:e6:f4:c3:52:7e:1c:e1:47:32:e7:69:14:db:a9:24:f5:
         52:38:2d:54:54:e6:95:3e:0e:b4:b4:43:56:da:2d:0a:a6:ff:
         50:71:8a:be:94:d8:16:ca:cb:62:5d:3a:74:db:28:f8:6b:ac:
         db:be:13:8c:0c:01:83:ed:35:97:85:50:67:df:42:7c:8a:61:
         77:95:d3:c9:87:b2:13:df:c0:fe:0f:f0:0b:d6:30:a6:b9:b1:
         8d:96:68:c1:32:76:5d:4a:1c:ac:5c:8d:1e:6e:9d:35:b2:43:
         42:cd:7c:be:90:d0:dd:2b:2a:5c:26:12:f4:1f:37:4d:ff:e3:
         b1:36:9a:e1:46:6f:5f:3f:b4:fb:60:ba:c3:1d:48:c2:0a:04:
         51:48:ee:5e:db:3e:6a:0d:21:a0:75:ed:a8:ae:c4:c0:13:64:
         b1:ea:ff:86:9a:25:a8:11:71:2b:2e:ed:86:35:5b:7c:8c:50:
         2f:b7:d4:be:6b:c6:00:a3:4e:f1:61:ac:0d:c5:e3:e0:bd:e7:
         72:a2:bb:77:64:23:a4:b1:f2:ee:53:0e:64:f1:51:72:d5:41:
         a6:e8:45:92:e3:dd:e3:a3:4a:b6:c4:37:7c:af:a0:a8:b8:35:
         31:46:c9:2f
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUKvYu0+NzRBLHMzQKEdywMnTqymMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxNTA5RUMwMDAwMTEwLwYDVQQFEygxNkY1MjRGOEUw
RUM3Q0FFMDc2OUM0MkU1MEZGQjNBMkI1NjRBNkFDMB4XDTI1MDExMzAwMDAwMFoX
DTI1MDIxNzIzNTk1OVowejFJMEcGA1UEBRNANWZhYzk3YTljY2Y2MjI1YzkwYTM1
ZDkyYzRjOWY4NTdmMTdjNDdiZWY4ODViZjk2MWYzN2IxOTQ0MTM1YzhlMjEtMCsG
A1UEAxMkNTg4MTA0MDMtOWJhMC00MDNhLTgwOWItYzc4MjUyYWI3ZjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqXIUG88f1MVmqe2bddd6H29Y4Ut+
vGsZt8sldbQIrtl3LRpNGS6EfNBRl4XI88WbhAL5xNO/sXFB4wRJ5+UyoShI1cEK
23ber5ZG3jCuAkxWHGiAaEIvH1Jo7gInW9epHcQSSfXVM3nEWg4tuaMWgT87SRhJ
+ORQBUe8U0S0NBwHmoi94ZbyxhrXErm3dnvvg/lWzOwi9MWYhxbWBfOsFueU0Fgy
wHxe/L/ry6wxrfKNoil3DmCZd8KVjVuCdYG0CCX5HmWvUc8fUmvnZSpAMqJDnrpV
ItALLiR6wLiV79mk6kjmZuGCEf0EsR9J7C3DZnDZBI26fqCvBRtYF1tyaQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFBQ7N89226LBlEnR23DXq+RuGpZ9MB8GA1UdIwQY
MBaAFBb1JPjg7HyuB2nELlD/s6K1ZKasMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9GdlVrLU9E
c2ZLNEhhY1F1VVAtem9yVmtwcXcuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvZGI5YTM3MmEtMDliYy00YTMyLWJmZTQtOGM0OGU1ZGJkMjE5
LzNiOTQwZDE0LWI4YzQtNGMzZC05NzhmLWExYTNiN2EwYTgyYy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9kYjlhMzcyYS0wOWJjLTRhMzItYmZlNC04YzQ4
ZTVkYmQyMTkvNmVjYjNjY2EtNDg4ZC00M2I5LWE1MGItZDM3YzBjNTVhOWUxLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQDryngMA0GCSqGSIb3DQEBCwUAA4IBAQCv5/TtMElvVZCPNLwjs7K2
3VRyTOb0w1J+HOFHMudpFNupJPVSOC1UVOaVPg60tENW2i0Kpv9QcYq+lNgWysti
XTp02yj4a6zbvhOMDAGD7TWXhVBn30J8imF3ldPJh7IT38D+D/AL1jCmubGNlmjB
MnZdShysXI0ebp01skNCzXy+kNDdKypcJhL0HzdN/+OxNprhRm9fP7T7YLrDHUjC
CgRRSO5e2z5qDSGgde2orsTAE2Sx6v+GmiWoEXErLu2GNVt8jFAvt9S+a8YAo07x
YawNxePgvedyort3ZCOksfLuUw5k8VFy1UGm6EWS493jo0q2xDd8r6CouDUxRskv
-----END CERTIFICATE-----