Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/82456ff2-f8c4-4c5a-9458-82d909f83f7d.roa
File:                     82456ff2-f8c4-4c5a-9458-82d909f83f7d.roa (raw, json)
Hash identifier:          +sYUB6rQtz92wWdfO0LCxP0k2h9o6kglTzqwadnSXII=
Subject key identifier:   4F:A3:47:06:AD:C5:9B:4C:51:51:53:F8:28:A3:26:7C:05:C5:E4:31
Certificate issuer:       /CN=A91509EC0000/serialNumber=16F524F8E0EC7CAE0769C42E50FFB3A2B564A6AC
Certificate serial:       0907EDEED245C457FD5973F1C0897A35E584DC38
Authority key identifier: 16:F5:24:F8:E0:EC:7C:AE:07:69:C4:2E:50:FF:B3:A2:B5:64:A6:AC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FvUk-ODsfK4HacQuUP-zorVkpqw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/82456ff2-f8c4-4c5a-9458-82d909f83f7d.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        175.41.196.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:07:ed:ee:d2:45:c4:57:fd:59:73:f1:c0:89:7a:35:e5:84:dc:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91509EC0000/serialNumber=16F524F8E0EC7CAE0769C42E50FFB3A2B564A6AC
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=4689d13b41804579a239f6e6e0801ffb8e70c74946c571e0ed39c6eb41e8654a, CN=58810403-9ba0-403a-809b-c78252ab7f5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:5b:c0:6a:16:df:63:4a:f5:dd:b7:12:cd:f7:
                    d6:94:96:10:f5:77:89:77:f9:38:4d:69:c4:50:da:
                    fa:d8:39:87:24:07:8a:1d:6f:99:1a:f1:b3:51:73:
                    c2:e2:97:d4:f6:3b:1a:23:c0:45:65:84:e0:70:34:
                    cb:a9:b1:96:f5:11:9d:f0:f3:8d:ca:ad:df:44:f3:
                    1d:b7:df:3b:6f:eb:56:2c:54:8b:c5:cb:c7:51:53:
                    0b:dd:82:c1:de:df:74:d5:a9:b1:ec:d0:bc:8b:91:
                    2c:b4:b0:e8:77:7b:bf:05:0f:57:15:c6:e5:fa:f1:
                    f3:80:e7:01:6d:46:ce:ee:23:b2:98:93:80:d6:e6:
                    3b:02:62:22:77:f0:c0:e2:b0:b3:71:cf:c0:f6:3e:
                    c2:54:a1:20:93:02:c3:f7:d7:8a:93:38:b1:86:b8:
                    ed:2b:a4:09:0e:8d:b1:50:25:42:9c:b1:15:09:19:
                    97:6e:c9:0f:ce:8b:36:00:82:06:7a:d8:be:4a:55:
                    6e:d9:2f:be:ed:5f:f8:6d:88:5e:31:32:1d:8f:1c:
                    ef:37:77:54:ad:75:a8:aa:ff:dc:93:da:0a:01:f7:
                    e9:31:10:a2:cf:78:bb:02:2f:38:c8:60:43:03:36:
                    9e:25:03:b6:92:33:b7:0c:1d:cb:0d:9f:67:e8:ef:
                    f0:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:A3:47:06:AD:C5:9B:4C:51:51:53:F8:28:A3:26:7C:05:C5:E4:31
            X509v3 Authority Key Identifier:
                keyid:16:F5:24:F8:E0:EC:7C:AE:07:69:C4:2E:50:FF:B3:A2:B5:64:A6:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FvUk-ODsfK4HacQuUP-zorVkpqw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/82456ff2-f8c4-4c5a-9458-82d909f83f7d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/6ecb3cca-488d-43b9-a50b-d37c0c55a9e1.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  175.41.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1a:ce:0b:ee:2d:3e:77:dd:af:2d:d8:07:f2:05:e9:b8:7d:a0:
         6c:b0:bd:69:3e:49:72:0c:8f:84:4c:4d:93:d7:a3:4a:3b:69:
         f3:84:e8:11:07:3a:1c:37:2b:4d:af:f5:64:65:d5:c0:bc:d9:
         8f:c6:96:4d:a9:89:97:28:6d:a7:fc:06:34:8d:4e:38:a8:ad:
         49:92:59:c6:02:93:32:46:ac:85:ae:5e:1a:68:77:39:fe:9f:
         87:29:a3:55:f6:a6:67:73:04:04:4a:ff:7d:6e:55:f2:ff:9f:
         5e:e2:ad:99:36:97:b2:e8:9c:c5:d6:3c:ad:87:fc:13:78:e1:
         a1:53:c9:6c:ea:80:a6:93:cd:82:65:fe:fc:ba:b9:a5:54:78:
         7d:bb:ec:da:b3:98:20:47:f7:d6:69:8a:bf:b5:b8:99:3b:69:
         b7:29:bf:4a:2f:12:70:19:2f:5e:1d:af:32:f0:43:46:51:8d:
         9b:d5:45:ca:5b:7d:af:4a:dd:99:79:ba:18:2f:6c:7e:e2:40:
         8d:b3:52:c7:59:83:be:8f:dd:5a:d6:60:7a:96:4c:2a:ee:2e:
         67:62:ee:74:74:f2:6b:68:20:32:f1:08:66:01:9f:8d:41:f5:
         34:80:ee:46:b4:70:6c:af:7b:9e:18:c2:4e:00:e9:46:f8:2b:
         b1:44:63:8e
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUCQft7tJFxFf9WXPxwIl6NeWE3DgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxNTA5RUMwMDAwMTEwLwYDVQQFEygxNkY1MjRGOEUw
RUM3Q0FFMDc2OUM0MkU1MEZGQjNBMkI1NjRBNkFDMB4XDTI1MDExMzAwMDAwMFoX
DTI1MDIxNzIzNTk1OVowejFJMEcGA1UEBRNANDY4OWQxM2I0MTgwNDU3OWEyMzlm
NmU2ZTA4MDFmZmI4ZTcwYzc0OTQ2YzU3MWUwZWQzOWM2ZWI0MWU4NjU0YTEtMCsG
A1UEAxMkNTg4MTA0MDMtOWJhMC00MDNhLTgwOWItYzc4MjUyYWI3ZjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAylvAahbfY0r13bcSzffWlJYQ9XeJ
d/k4TWnEUNr62DmHJAeKHW+ZGvGzUXPC4pfU9jsaI8BFZYTgcDTLqbGW9RGd8PON
yq3fRPMdt987b+tWLFSLxcvHUVML3YLB3t901amx7NC8i5EstLDod3u/BQ9XFcbl
+vHzgOcBbUbO7iOymJOA1uY7AmIid/DA4rCzcc/A9j7CVKEgkwLD99eKkzixhrjt
K6QJDo2xUCVCnLEVCRmXbskPzos2AIIGeti+SlVu2S++7V/4bYheMTIdjxzvN3dU
rXWoqv/ck9oKAffpMRCiz3i7Ai84yGBDAzaeJQO2kjO3DB3LDZ9n6O/wZwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFE+jRwatxZtMUVFT+CijJnwFxeQxMB8GA1UdIwQY
MBaAFBb1JPjg7HyuB2nELlD/s6K1ZKasMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9GdlVrLU9E
c2ZLNEhhY1F1VVAtem9yVmtwcXcuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvZGI5YTM3MmEtMDliYy00YTMyLWJmZTQtOGM0OGU1ZGJkMjE5
LzgyNDU2ZmYyLWY4YzQtNGM1YS05NDU4LTgyZDkwOWY4M2Y3ZC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9kYjlhMzcyYS0wOWJjLTRhMzItYmZlNC04YzQ4
ZTVkYmQyMTkvNmVjYjNjY2EtNDg4ZC00M2I5LWE1MGItZDM3YzBjNTVhOWUxLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQCrynEMA0GCSqGSIb3DQEBCwUAA4IBAQAazgvuLT533a8t2AfyBem4
faBssL1pPklyDI+ETE2T16NKO2nzhOgRBzocNytNr/VkZdXAvNmPxpZNqYmXKG2n
/AY0jU44qK1JklnGApMyRqyFrl4aaHc5/p+HKaNV9qZncwQESv99blXy/59e4q2Z
Npey6JzF1jyth/wTeOGhU8ls6oCmk82CZf78urmlVHh9u+zas5ggR/fWaYq/tbiZ
O2m3Kb9KLxJwGS9eHa8y8ENGUY2b1UXKW32vSt2ZeboYL2x+4kCNs1LHWYO+j91a
1mB6lkwq7i5nYu50dPJraCAy8QhmAZ+NQfU0gO5GtHBsr3ueGMJOAOlG+CuxRGOO
-----END CERTIFICATE-----