Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/9b8e963e-7fa2-4ba1-a78a-4d1fd7989b32.roa
File:                     9b8e963e-7fa2-4ba1-a78a-4d1fd7989b32.roa (raw, json)
Hash identifier:          vmrA/DUYrObSGo9oVA04DkLOu2BYUJMZevg8JB0s4dw=
Subject key identifier:   FB:93:3F:A4:D4:3D:B8:D6:77:B1:BE:90:EC:1D:6F:8B:00:6C:BA:23
Certificate issuer:       /CN=A91509EC0000/serialNumber=16F524F8E0EC7CAE0769C42E50FFB3A2B564A6AC
Certificate serial:       695BCA69DEC4E8D970AF0D1B311B7797B72D896C
Authority key identifier: 16:F5:24:F8:E0:EC:7C:AE:07:69:C4:2E:50:FF:B3:A2:B5:64:A6:AC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FvUk-ODsfK4HacQuUP-zorVkpqw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/9b8e963e-7fa2-4ba1-a78a-4d1fd7989b32.roa
Signing time:             Mon 20 Jan 2025 00:00:00 +0000
ROA not before:           Mon 20 Jan 2025 00:00:00 +0000
ROA not after:            Mon 24 Feb 2025 23:59:59 +0000
asID:                     7224
IP address blocks:        43.250.196.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:5b:ca:69:de:c4:e8:d9:70:af:0d:1b:31:1b:77:97:b7:2d:89:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91509EC0000/serialNumber=16F524F8E0EC7CAE0769C42E50FFB3A2B564A6AC
        Validity
            Not Before: Jan 20 00:00:00 2025 GMT
            Not After : Feb 24 23:59:59 2025 GMT
        Subject: serialNumber=5b1fe5f9036dbb8cbaa3d58e98935a1283bff19e4d5086a9b15324953e1f7cd0, CN=58810403-9ba0-403a-809b-c78252ab7f5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:2c:24:b7:a7:6f:9f:1d:93:58:13:0e:af:7d:
                    cb:b7:e1:40:77:0b:9f:5b:e7:aa:19:ec:12:05:01:
                    46:60:88:f4:7d:6c:dc:54:89:ae:f3:13:17:b2:41:
                    0c:0c:16:42:18:53:f9:68:ed:00:d3:3b:84:ea:96:
                    91:d7:ca:87:9d:82:fa:01:f7:8a:57:ca:54:38:da:
                    63:83:cd:ba:2c:84:4a:58:1e:04:d6:13:3f:bd:a9:
                    f3:e4:15:a7:4f:24:7b:5d:79:54:3f:3d:cb:ce:ce:
                    f1:8d:38:47:5c:73:e4:5b:3f:03:f1:fc:9d:89:07:
                    ff:cd:d5:61:fa:ca:ae:e4:6e:93:89:5e:43:13:6b:
                    34:a3:29:f8:ce:6b:1e:6d:1c:1f:fe:06:bb:e9:2d:
                    60:64:2e:20:c4:62:18:8d:5b:d2:09:01:12:c2:e2:
                    47:88:65:f2:18:c0:57:9c:2a:82:66:bc:d4:eb:51:
                    ad:52:a8:a2:59:32:fe:b6:96:fc:04:8e:9f:55:fe:
                    44:cc:8f:2e:ab:7e:81:d0:4e:cf:6d:78:2f:18:d2:
                    45:62:dd:49:30:80:ba:2d:12:0c:d9:4a:1e:1c:1e:
                    b2:87:5b:a6:d1:13:38:8f:d0:32:24:98:53:ed:a6:
                    a7:11:b7:bf:47:ae:ff:f5:2a:37:3a:bc:39:7c:ec:
                    49:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:93:3F:A4:D4:3D:B8:D6:77:B1:BE:90:EC:1D:6F:8B:00:6C:BA:23
            X509v3 Authority Key Identifier:
                keyid:16:F5:24:F8:E0:EC:7C:AE:07:69:C4:2E:50:FF:B3:A2:B5:64:A6:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FvUk-ODsfK4HacQuUP-zorVkpqw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/9b8e963e-7fa2-4ba1-a78a-4d1fd7989b32.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/6ecb3cca-488d-43b9-a50b-d37c0c55a9e1.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.250.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3e:ff:a4:a9:de:27:11:b2:a9:cd:09:11:41:78:7e:de:d6:30:
         d1:a4:2b:5c:3f:ca:fd:21:72:eb:b8:2a:33:06:04:85:aa:a0:
         db:31:2d:f3:e7:71:45:56:9b:e0:c8:2e:c7:d3:8d:b4:3c:80:
         25:5f:ff:44:8e:39:a2:11:af:73:23:7d:09:78:41:8c:9c:c9:
         a8:20:18:a1:be:62:8b:be:07:35:2b:77:94:c8:6d:5a:ee:2b:
         1b:b0:9e:b7:5c:5a:26:1e:2b:be:42:49:11:9f:56:76:fb:7d:
         53:9a:0e:ea:c8:3d:27:c4:9b:d9:fb:84:39:ff:f3:de:35:75:
         2e:56:7a:29:ab:3c:fb:ea:91:70:0f:56:71:ea:3e:03:df:0a:
         69:b2:2e:d6:9e:26:3f:18:20:63:6d:a1:92:36:a8:16:0e:ec:
         8a:38:a5:e8:fe:8c:25:86:9d:05:b5:64:12:29:4b:07:cd:ca:
         6c:9d:b1:75:b1:f6:ed:5e:79:fd:b2:87:82:4a:b8:31:8c:12:
         41:d4:d8:8f:e1:89:de:4d:a3:2e:0d:f7:02:30:e9:54:8b:6a:
         88:49:7e:cb:79:d4:14:e2:61:2e:3e:78:7a:e2:b8:9e:7e:9e:
         0c:fd:44:c7:ca:aa:53:72:a7:55:a9:db:53:b1:82:d5:40:68:
         ed:00:41:ef
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUaVvKad7E6Nlwrw0bMRt3l7ctiWwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxNTA5RUMwMDAwMTEwLwYDVQQFEygxNkY1MjRGOEUw
RUM3Q0FFMDc2OUM0MkU1MEZGQjNBMkI1NjRBNkFDMB4XDTI1MDEyMDAwMDAwMFoX
DTI1MDIyNDIzNTk1OVowejFJMEcGA1UEBRNANWIxZmU1ZjkwMzZkYmI4Y2JhYTNk
NThlOTg5MzVhMTI4M2JmZjE5ZTRkNTA4NmE5YjE1MzI0OTUzZTFmN2NkMDEtMCsG
A1UEAxMkNTg4MTA0MDMtOWJhMC00MDNhLTgwOWItYzc4MjUyYWI3ZjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtywkt6dvnx2TWBMOr33Lt+FAdwuf
W+eqGewSBQFGYIj0fWzcVImu8xMXskEMDBZCGFP5aO0A0zuE6paR18qHnYL6AfeK
V8pUONpjg826LIRKWB4E1hM/vanz5BWnTyR7XXlUPz3Lzs7xjThHXHPkWz8D8fyd
iQf/zdVh+squ5G6TiV5DE2s0oyn4zmsebRwf/ga76S1gZC4gxGIYjVvSCQESwuJH
iGXyGMBXnCqCZrzU61GtUqiiWTL+tpb8BI6fVf5EzI8uq36B0E7PbXgvGNJFYt1J
MIC6LRIM2UoeHB6yh1um0RM4j9AyJJhT7aanEbe/R67/9So3Orw5fOxJcQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFPuTP6TUPbjWd7G+kOwdb4sAbLojMB8GA1UdIwQY
MBaAFBb1JPjg7HyuB2nELlD/s6K1ZKasMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9GdlVrLU9E
c2ZLNEhhY1F1VVAtem9yVmtwcXcuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvZGI5YTM3MmEtMDliYy00YTMyLWJmZTQtOGM0OGU1ZGJkMjE5
LzliOGU5NjNlLTdmYTItNGJhMS1hNzhhLTRkMWZkNzk4OWIzMi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9kYjlhMzcyYS0wOWJjLTRhMzItYmZlNC04YzQ4
ZTVkYmQyMTkvNmVjYjNjY2EtNDg4ZC00M2I5LWE1MGItZDM3YzBjNTVhOWUxLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQCK/rEMA0GCSqGSIb3DQEBCwUAA4IBAQA+/6Sp3icRsqnNCRFBeH7e
1jDRpCtcP8r9IXLruCozBgSFqqDbMS3z53FFVpvgyC7H0420PIAlX/9EjjmiEa9z
I30JeEGMnMmoIBihvmKLvgc1K3eUyG1a7isbsJ63XFomHiu+QkkRn1Z2+31Tmg7q
yD0nxJvZ+4Q5//PeNXUuVnopqzz76pFwD1Zx6j4D3wppsi7WniY/GCBjbaGSNqgW
DuyKOKXo/owlhp0FtWQSKUsHzcpsnbF1sfbtXnn9soeCSrgxjBJB1NiP4YneTaMu
DfcCMOlUi2qISX7LedQU4mEuPnh64riefp4M/UTHyqpTcqdVqdtTsYLVQGjtAEHv
-----END CERTIFICATE-----