Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/a78b90df-233b-4ec6-89d2-de27ac2dc044.roa
File:                     a78b90df-233b-4ec6-89d2-de27ac2dc044.roa (raw, json)
Hash identifier:          juRTTseAOc6TvnREsDYW//JNzd88awWy/7hvYLg0bzE=
Subject key identifier:   FF:C0:98:CC:0B:7F:9F:A2:9F:44:5F:38:40:82:C6:C8:7F:E1:A2:00
Certificate issuer:       /CN=A91509EC0000/serialNumber=16F524F8E0EC7CAE0769C42E50FFB3A2B564A6AC
Certificate serial:       6D363FBFECA94845CEA8ADDD8D75EFB6CD6FC39F
Authority key identifier: 16:F5:24:F8:E0:EC:7C:AE:07:69:C4:2E:50:FF:B3:A2:B5:64:A6:AC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FvUk-ODsfK4HacQuUP-zorVkpqw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/a78b90df-233b-4ec6-89d2-de27ac2dc044.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        175.41.236.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:36:3f:bf:ec:a9:48:45:ce:a8:ad:dd:8d:75:ef:b6:cd:6f:c3:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91509EC0000/serialNumber=16F524F8E0EC7CAE0769C42E50FFB3A2B564A6AC
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=85476518b24c7b33c25522137237cbba330d1d51e545864b8d041d268647ae55, CN=58810403-9ba0-403a-809b-c78252ab7f5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:f2:7b:63:20:26:0b:63:b9:47:d8:57:64:97:
                    7e:0e:c6:cc:70:83:72:91:a6:9f:71:2e:a1:48:78:
                    a4:8a:b2:9d:bc:2a:17:e4:9c:1b:2d:43:e4:af:7a:
                    12:c3:b1:78:98:95:c0:5c:fb:a5:a3:a6:4b:fe:83:
                    01:48:f9:ec:99:ec:1d:47:48:de:e1:ca:cb:ec:72:
                    69:32:59:9e:83:6e:ed:0f:11:99:cc:77:da:c9:dd:
                    38:2e:31:d6:b8:5b:bc:99:97:45:4e:30:29:bb:4e:
                    c8:59:49:34:9a:66:71:11:f0:3e:4f:b2:eb:37:a7:
                    39:84:79:e3:8e:8c:59:c9:34:1f:6c:89:e9:6e:9d:
                    bc:46:88:68:27:34:89:38:11:95:86:c9:91:20:13:
                    95:64:cd:e7:f3:ba:89:0b:61:4e:f9:b4:de:a4:c9:
                    70:fd:f6:85:f0:f3:ec:7f:4c:28:a3:13:fe:18:55:
                    ae:3d:fb:4c:cd:35:e7:61:4c:6d:a1:aa:5b:e7:1a:
                    c4:41:cc:e0:66:0f:94:08:cf:53:83:0e:82:02:24:
                    51:5a:1a:bd:1f:f6:f6:ce:2e:9a:b7:99:2f:79:6a:
                    fa:db:26:ac:04:2f:c6:43:32:4f:d0:79:90:88:c5:
                    00:e6:73:15:c0:30:fc:f7:9e:dc:01:29:32:ff:8e:
                    02:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:C0:98:CC:0B:7F:9F:A2:9F:44:5F:38:40:82:C6:C8:7F:E1:A2:00
            X509v3 Authority Key Identifier:
                keyid:16:F5:24:F8:E0:EC:7C:AE:07:69:C4:2E:50:FF:B3:A2:B5:64:A6:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FvUk-ODsfK4HacQuUP-zorVkpqw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/a78b90df-233b-4ec6-89d2-de27ac2dc044.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/6ecb3cca-488d-43b9-a50b-d37c0c55a9e1.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  175.41.236.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5a:86:a4:fc:7b:d3:8d:b7:b5:6d:82:1d:60:7e:ee:28:5f:f9:
         3f:aa:7b:f6:be:bd:73:c3:56:b5:25:b6:72:6d:04:49:a6:2a:
         3f:b8:ec:b6:01:bc:5e:42:9c:5a:62:2a:b7:17:29:c5:6a:5c:
         af:c5:dc:25:ba:dd:f4:aa:92:d7:65:ec:53:f0:70:cd:c0:32:
         a6:4d:9e:bf:9d:4c:94:9a:1e:a0:67:78:26:49:97:1e:3f:b7:
         0e:16:20:25:14:81:96:1a:ff:ea:6a:df:68:2e:dc:43:37:98:
         be:56:ee:6b:03:d4:53:55:26:53:9d:3a:fe:14:94:c5:6f:09:
         3a:d2:a3:92:86:24:55:de:d0:72:a0:52:29:6c:bd:f7:d6:ff:
         46:8c:67:cb:5b:99:82:78:07:74:70:4f:9f:ce:2e:0b:a1:9e:
         23:7e:b2:43:e1:d5:0a:38:0b:c3:8a:ac:62:ed:6e:18:45:1d:
         43:b0:0c:08:66:5e:23:bb:5c:af:8b:39:1e:0b:67:bb:88:0a:
         14:9c:97:f2:ed:03:72:75:42:04:73:1d:a0:1a:3c:d2:63:fd:
         08:65:c7:06:63:74:cb:c0:8c:aa:df:1c:c1:9c:e9:e1:b9:91:
         7a:a3:73:03:35:ef:ca:31:61:b0:e1:50:6d:d3:df:af:6e:34:
         69:5b:0d:f9
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUbTY/v+ypSEXOqK3djXXvts1vw58wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxNTA5RUMwMDAwMTEwLwYDVQQFEygxNkY1MjRGOEUw
RUM3Q0FFMDc2OUM0MkU1MEZGQjNBMkI1NjRBNkFDMB4XDTI1MDExMzAwMDAwMFoX
DTI1MDIxNzIzNTk1OVowejFJMEcGA1UEBRNAODU0NzY1MThiMjRjN2IzM2MyNTUy
MjEzNzIzN2NiYmEzMzBkMWQ1MWU1NDU4NjRiOGQwNDFkMjY4NjQ3YWU1NTEtMCsG
A1UEAxMkNTg4MTA0MDMtOWJhMC00MDNhLTgwOWItYzc4MjUyYWI3ZjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApvJ7YyAmC2O5R9hXZJd+DsbMcINy
kaafcS6hSHikirKdvCoX5JwbLUPkr3oSw7F4mJXAXPulo6ZL/oMBSPnsmewdR0je
4crL7HJpMlmeg27tDxGZzHfayd04LjHWuFu8mZdFTjApu07IWUk0mmZxEfA+T7Lr
N6c5hHnjjoxZyTQfbInpbp28RohoJzSJOBGVhsmRIBOVZM3n87qJC2FO+bTepMlw
/faF8PPsf0wooxP+GFWuPftMzTXnYUxtoapb5xrEQczgZg+UCM9Tgw6CAiRRWhq9
H/b2zi6at5kveWr62yasBC/GQzJP0HmQiMUA5nMVwDD8957cASky/44CrwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFP/AmMwLf5+in0RfOECCxsh/4aIAMB8GA1UdIwQY
MBaAFBb1JPjg7HyuB2nELlD/s6K1ZKasMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9GdlVrLU9E
c2ZLNEhhY1F1VVAtem9yVmtwcXcuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvZGI5YTM3MmEtMDliYy00YTMyLWJmZTQtOGM0OGU1ZGJkMjE5
L2E3OGI5MGRmLTIzM2ItNGVjNi04OWQyLWRlMjdhYzJkYzA0NC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9kYjlhMzcyYS0wOWJjLTRhMzItYmZlNC04YzQ4
ZTVkYmQyMTkvNmVjYjNjY2EtNDg4ZC00M2I5LWE1MGItZDM3YzBjNTVhOWUxLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQBrynsMA0GCSqGSIb3DQEBCwUAA4IBAQBahqT8e9ONt7Vtgh1gfu4o
X/k/qnv2vr1zw1a1JbZybQRJpio/uOy2AbxeQpxaYiq3FynFalyvxdwlut30qpLX
ZexT8HDNwDKmTZ6/nUyUmh6gZ3gmSZceP7cOFiAlFIGWGv/qat9oLtxDN5i+Vu5r
A9RTVSZTnTr+FJTFbwk60qOShiRV3tByoFIpbL331v9GjGfLW5mCeAd0cE+fzi4L
oZ4jfrJD4dUKOAvDiqxi7W4YRR1DsAwIZl4ju1yvizkeC2e7iAoUnJfy7QNydUIE
cx2gGjzSY/0IZccGY3TLwIyq3xzBnOnhuZF6o3MDNe/KMWGw4VBt09+vbjRpWw35
-----END CERTIFICATE-----