Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/74efe8b3-d39c-4a8b-9b7b-5994aa4c8d82.roa
File:                     74efe8b3-d39c-4a8b-9b7b-5994aa4c8d82.roa (raw, json)
Hash identifier:          pndP85UFT4rMvkHv+lU95DaHtEYJ8h4zHtvso38/gBg=
Subject key identifier:   17:74:33:BE:36:B6:E4:A1:5C:BB:C5:C9:AA:BE:3A:20:BF:36:06:27
Certificate issuer:       /CN=A91509EC0000/serialNumber=16F524F8E0EC7CAE0769C42E50FFB3A2B564A6AC
Certificate serial:       7AD2B59B8A9C98200191E75B0F61FF04D5D12F00
Authority key identifier: 16:F5:24:F8:E0:EC:7C:AE:07:69:C4:2E:50:FF:B3:A2:B5:64:A6:AC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FvUk-ODsfK4HacQuUP-zorVkpqw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/74efe8b3-d39c-4a8b-9b7b-5994aa4c8d82.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        175.41.240.0/20 maxlen: 20
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:d2:b5:9b:8a:9c:98:20:01:91:e7:5b:0f:61:ff:04:d5:d1:2f:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91509EC0000/serialNumber=16F524F8E0EC7CAE0769C42E50FFB3A2B564A6AC
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=b15b75f946d4f163de966548428cb9b1f68b0ae8e45848b60e2ea7f6844d82d1, CN=58810403-9ba0-403a-809b-c78252ab7f5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:73:7a:1d:de:b4:64:17:30:b3:2a:ae:2c:56:
                    32:3e:3c:71:55:b9:69:35:23:12:d1:41:c6:94:4b:
                    8d:4c:df:28:09:64:93:90:88:c8:8b:dd:14:bb:d5:
                    b7:c0:19:34:f5:38:bb:cc:a3:e4:4c:50:1e:d9:ab:
                    ca:8c:e1:1b:f4:15:c3:04:8d:3c:4b:20:d8:cc:58:
                    eb:e9:f1:f3:b0:3e:e0:a3:7e:8e:0a:c6:7b:07:28:
                    7b:53:0d:0a:e3:4d:17:6e:86:ee:d9:02:84:0c:27:
                    0a:f8:86:52:08:62:db:82:0f:e4:a3:81:be:b6:12:
                    20:b9:d3:66:68:08:6f:67:cd:09:df:fb:b1:82:b8:
                    4d:bb:a8:eb:81:87:bd:34:39:23:5a:6a:10:62:d0:
                    b7:43:35:09:02:ce:c3:cf:1d:24:f0:04:69:88:22:
                    1e:24:00:cd:47:c6:12:15:a5:83:4e:7f:b8:ff:4d:
                    d8:0f:00:52:86:6e:6a:b8:1f:4e:d4:14:ff:fb:a2:
                    70:3e:3e:e4:1b:e5:1b:4c:d9:9d:83:f5:1b:5d:8c:
                    78:e9:d2:f9:56:b0:1e:36:ea:81:fe:eb:aa:e5:ff:
                    ae:fd:ea:9f:9d:f8:08:1f:04:27:56:27:47:90:b5:
                    49:ee:f2:38:7a:a6:c4:f1:52:4a:bd:a3:3e:cf:46:
                    70:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:74:33:BE:36:B6:E4:A1:5C:BB:C5:C9:AA:BE:3A:20:BF:36:06:27
            X509v3 Authority Key Identifier:
                keyid:16:F5:24:F8:E0:EC:7C:AE:07:69:C4:2E:50:FF:B3:A2:B5:64:A6:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FvUk-ODsfK4HacQuUP-zorVkpqw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/74efe8b3-d39c-4a8b-9b7b-5994aa4c8d82.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/6ecb3cca-488d-43b9-a50b-d37c0c55a9e1.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  175.41.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         8f:9b:8a:d8:f6:cd:4d:a7:44:ea:fa:9a:d6:4d:48:b2:33:f4:
         4b:be:d5:73:73:24:16:98:ac:ae:fe:5d:11:09:f7:0c:b7:8e:
         1a:d3:09:1f:67:fc:05:c4:35:53:8e:00:b2:0d:33:b9:21:4c:
         7b:b4:c3:df:e6:8f:b8:fd:f1:d1:55:c4:69:ba:eb:7f:67:e6:
         a0:1c:8b:f6:04:33:d0:3d:6a:77:d0:13:ef:e9:3a:88:e6:82:
         d7:8b:1a:0c:13:31:2b:2d:f6:2a:2b:7a:99:bf:5b:84:91:3f:
         be:bc:14:da:07:8c:72:12:e6:ea:6d:69:27:da:61:16:eb:77:
         3b:0a:5a:ef:5d:ca:f1:08:2e:94:45:4c:ab:a3:3e:fc:8e:87:
         8b:e7:af:e8:f3:43:ac:5c:9f:a3:e3:d0:ad:90:49:ef:9a:8c:
         c1:84:3c:ba:eb:ef:d4:a2:57:fe:06:71:62:a8:b1:66:10:ed:
         82:9d:e0:3b:88:fc:02:bd:54:01:3d:9a:1b:ef:36:a6:2b:2f:
         49:42:1d:16:87:4d:66:4d:74:d7:64:91:ca:98:3f:bc:85:58:
         42:8f:34:36:d7:9d:85:56:e6:ad:a9:88:dd:d6:a6:01:96:b8:
         32:87:4b:7a:ae:26:71:52:12:3d:fd:a9:35:39:c2:3b:5c:66:
         d0:e0:49:0b
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUetK1m4qcmCABkedbD2H/BNXRLwAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxNTA5RUMwMDAwMTEwLwYDVQQFEygxNkY1MjRGOEUw
RUM3Q0FFMDc2OUM0MkU1MEZGQjNBMkI1NjRBNkFDMB4XDTI1MDExMzAwMDAwMFoX
DTI1MDIxNzIzNTk1OVowejFJMEcGA1UEBRNAYjE1Yjc1Zjk0NmQ0ZjE2M2RlOTY2
NTQ4NDI4Y2I5YjFmNjhiMGFlOGU0NTg0OGI2MGUyZWE3ZjY4NDRkODJkMTEtMCsG
A1UEAxMkNTg4MTA0MDMtOWJhMC00MDNhLTgwOWItYzc4MjUyYWI3ZjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0XN6Hd60ZBcwsyquLFYyPjxxVblp
NSMS0UHGlEuNTN8oCWSTkIjIi90Uu9W3wBk09Ti7zKPkTFAe2avKjOEb9BXDBI08
SyDYzFjr6fHzsD7go36OCsZ7Byh7Uw0K400Xbobu2QKEDCcK+IZSCGLbgg/ko4G+
thIgudNmaAhvZ80J3/uxgrhNu6jrgYe9NDkjWmoQYtC3QzUJAs7Dzx0k8ARpiCIe
JADNR8YSFaWDTn+4/03YDwBShm5quB9O1BT/+6JwPj7kG+UbTNmdg/UbXYx46dL5
VrAeNuqB/uuq5f+u/eqfnfgIHwQnVidHkLVJ7vI4eqbE8VJKvaM+z0ZwKQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFBd0M742tuShXLvFyaq+OiC/NgYnMB8GA1UdIwQY
MBaAFBb1JPjg7HyuB2nELlD/s6K1ZKasMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9GdlVrLU9E
c2ZLNEhhY1F1VVAtem9yVmtwcXcuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvZGI5YTM3MmEtMDliYy00YTMyLWJmZTQtOGM0OGU1ZGJkMjE5
Lzc0ZWZlOGIzLWQzOWMtNGE4Yi05YjdiLTU5OTRhYTRjOGQ4Mi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9kYjlhMzcyYS0wOWJjLTRhMzItYmZlNC04YzQ4
ZTVkYmQyMTkvNmVjYjNjY2EtNDg4ZC00M2I5LWE1MGItZDM3YzBjNTVhOWUxLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQErynwMA0GCSqGSIb3DQEBCwUAA4IBAQCPm4rY9s1Np0Tq+prWTUiy
M/RLvtVzcyQWmKyu/l0RCfcMt44a0wkfZ/wFxDVTjgCyDTO5IUx7tMPf5o+4/fHR
VcRpuut/Z+agHIv2BDPQPWp30BPv6TqI5oLXixoMEzErLfYqK3qZv1uEkT++vBTa
B4xyEubqbWkn2mEW63c7ClrvXcrxCC6URUyroz78joeL56/o80OsXJ+j49CtkEnv
mozBhDy66+/Uolf+BnFiqLFmEO2CneA7iPwCvVQBPZob7zamKy9JQh0Wh01mTXTX
ZJHKmD+8hVhCjzQ2152FVuatqYjd1qYBlrgyh0t6riZxUhI9/ak1OcI7XGbQ4EkL
-----END CERTIFICATE-----