Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/b3ba338e-4843-454b-abe5-65f09756225a.roa
File:                     b3ba338e-4843-454b-abe5-65f09756225a.roa (raw, json)
Hash identifier:          pUoNBPSFdCe+1aWUGnlW+1KghseHX3svKu+bNdrfRjQ=
Subject key identifier:   5A:30:D4:6A:59:25:79:DA:7C:31:CF:53:C6:47:74:66:CE:C5:CE:C3
Certificate issuer:       /CN=A91509EC0000/serialNumber=16F524F8E0EC7CAE0769C42E50FFB3A2B564A6AC
Certificate serial:       3E1A099AB742AC8FD96952FC9E7ED8BA55DBFB72
Authority key identifier: 16:F5:24:F8:E0:EC:7C:AE:07:69:C4:2E:50:FF:B3:A2:B5:64:A6:AC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FvUk-ODsfK4HacQuUP-zorVkpqw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/b3ba338e-4843-454b-abe5-65f09756225a.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        175.41.192.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:1a:09:9a:b7:42:ac:8f:d9:69:52:fc:9e:7e:d8:ba:55:db:fb:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91509EC0000/serialNumber=16F524F8E0EC7CAE0769C42E50FFB3A2B564A6AC
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=05b31af1f57d000a6b05b48e6620aec449d31c1579d94d6c8fb7ae9a41cac56f, CN=58810403-9ba0-403a-809b-c78252ab7f5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:d9:d1:2b:23:0e:5f:1e:e0:b8:11:cd:5d:c6:
                    6d:36:a6:5a:6b:9d:bf:33:d5:13:ba:b6:64:60:53:
                    f0:ec:a7:0b:f8:0c:cb:59:b2:6d:01:87:ff:d8:6d:
                    fb:88:70:42:0f:63:55:4f:b4:c1:62:57:6a:f6:56:
                    5c:41:22:bf:42:a0:d6:3a:56:d0:ad:19:5b:15:4c:
                    48:ca:e9:e2:66:46:a4:5f:09:5d:f6:46:ea:69:fd:
                    df:58:11:ed:54:b1:22:fe:29:36:46:21:e8:40:7a:
                    f6:18:87:14:10:f0:64:d0:e7:c8:a5:69:ff:a6:7a:
                    40:18:77:c1:30:d2:4b:1d:e5:6e:3a:43:be:6f:79:
                    ab:4b:95:90:f4:50:ed:5e:f6:68:dd:b0:62:ad:33:
                    19:ab:cd:65:5b:be:07:25:6b:7a:b8:ec:df:30:18:
                    a5:8a:57:19:0e:ae:dc:a4:1f:99:0c:56:74:dc:61:
                    33:27:ff:fd:18:e1:f3:fc:5b:31:f1:12:61:6f:e5:
                    56:11:77:06:a4:22:01:11:f0:4c:45:69:c8:f4:e6:
                    4b:36:04:01:f2:61:ef:af:e6:2c:c5:1d:da:e1:b8:
                    e9:a7:48:86:a0:a6:a9:58:de:e4:4a:ef:11:6c:35:
                    00:8e:6c:59:17:2d:02:60:44:5f:fc:b5:63:4c:c6:
                    db:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:30:D4:6A:59:25:79:DA:7C:31:CF:53:C6:47:74:66:CE:C5:CE:C3
            X509v3 Authority Key Identifier:
                keyid:16:F5:24:F8:E0:EC:7C:AE:07:69:C4:2E:50:FF:B3:A2:B5:64:A6:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FvUk-ODsfK4HacQuUP-zorVkpqw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/b3ba338e-4843-454b-abe5-65f09756225a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/6ecb3cca-488d-43b9-a50b-d37c0c55a9e1.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  175.41.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:d4:2f:ed:c2:2d:7e:95:ca:d3:85:41:c7:a8:84:6f:d2:2e:
         40:69:4b:c4:72:21:6c:22:e7:ed:9c:19:f0:b7:0a:de:e3:87:
         41:23:74:8d:de:ce:9b:71:1b:5e:ed:91:6e:44:4c:78:9a:c5:
         8d:e8:e1:82:52:41:49:6e:51:98:9f:50:9d:f6:81:64:ce:87:
         1b:c5:5f:ff:ba:4d:67:38:78:72:10:ff:16:cd:bd:20:72:1d:
         f0:2e:37:43:36:bb:e8:de:29:fd:37:b2:6d:5c:87:80:b9:59:
         0f:96:f4:d8:36:ab:1b:7b:06:4d:df:23:05:be:c4:2f:29:7b:
         d0:ef:bb:64:96:74:76:c4:7a:23:3d:90:38:7b:60:89:13:00:
         36:07:00:9e:30:2e:30:2e:fb:a9:55:54:e4:7c:f2:0c:0d:69:
         43:44:b8:de:2d:47:5c:6c:03:4d:15:a9:4f:75:04:9a:6d:3f:
         c8:c9:ed:d0:31:e8:54:6c:08:67:d3:05:c8:ad:7f:83:74:60:
         5c:99:7f:d8:4c:8f:bb:71:36:c3:62:c1:40:4f:bf:1b:98:85:
         3d:72:ad:8d:1d:dd:75:62:34:85:b9:76:ee:15:41:e6:61:35:
         46:e0:aa:f9:ee:08:9a:46:ee:39:d9:5c:d4:a4:64:e3:bf:57:
         92:46:df:b4
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUPhoJmrdCrI/ZaVL8nn7YulXb+3IwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxNTA5RUMwMDAwMTEwLwYDVQQFEygxNkY1MjRGOEUw
RUM3Q0FFMDc2OUM0MkU1MEZGQjNBMkI1NjRBNkFDMB4XDTI1MDExMzAwMDAwMFoX
DTI1MDIxNzIzNTk1OVowejFJMEcGA1UEBRNAMDViMzFhZjFmNTdkMDAwYTZiMDVi
NDhlNjYyMGFlYzQ0OWQzMWMxNTc5ZDk0ZDZjOGZiN2FlOWE0MWNhYzU2ZjEtMCsG
A1UEAxMkNTg4MTA0MDMtOWJhMC00MDNhLTgwOWItYzc4MjUyYWI3ZjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzdnRKyMOXx7guBHNXcZtNqZaa52/
M9UTurZkYFPw7KcL+AzLWbJtAYf/2G37iHBCD2NVT7TBYldq9lZcQSK/QqDWOlbQ
rRlbFUxIyuniZkakXwld9kbqaf3fWBHtVLEi/ik2RiHoQHr2GIcUEPBk0OfIpWn/
pnpAGHfBMNJLHeVuOkO+b3mrS5WQ9FDtXvZo3bBirTMZq81lW74HJWt6uOzfMBil
ilcZDq7cpB+ZDFZ03GEzJ//9GOHz/Fsx8RJhb+VWEXcGpCIBEfBMRWnI9OZLNgQB
8mHvr+YsxR3a4bjpp0iGoKapWN7kSu8RbDUAjmxZFy0CYERf/LVjTMbbUwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFFow1GpZJXnafDHPU8ZHdGbOxc7DMB8GA1UdIwQY
MBaAFBb1JPjg7HyuB2nELlD/s6K1ZKasMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9GdlVrLU9E
c2ZLNEhhY1F1VVAtem9yVmtwcXcuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvZGI5YTM3MmEtMDliYy00YTMyLWJmZTQtOGM0OGU1ZGJkMjE5
L2IzYmEzMzhlLTQ4NDMtNDU0Yi1hYmU1LTY1ZjA5NzU2MjI1YS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9kYjlhMzcyYS0wOWJjLTRhMzItYmZlNC04YzQ4
ZTVkYmQyMTkvNmVjYjNjY2EtNDg4ZC00M2I5LWE1MGItZDM3YzBjNTVhOWUxLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQArynAMA0GCSqGSIb3DQEBCwUAA4IBAQBa1C/twi1+lcrThUHHqIRv
0i5AaUvEciFsIuftnBnwtwre44dBI3SN3s6bcRte7ZFuREx4msWN6OGCUkFJblGY
n1Cd9oFkzocbxV//uk1nOHhyEP8Wzb0gch3wLjdDNrvo3in9N7JtXIeAuVkPlvTY
NqsbewZN3yMFvsQvKXvQ77tklnR2xHojPZA4e2CJEwA2BwCeMC4wLvupVVTkfPIM
DWlDRLjeLUdcbANNFalPdQSabT/Iye3QMehUbAhn0wXIrX+DdGBcmX/YTI+7cTbD
YsFAT78bmIU9cq2NHd11YjSFuXbuFUHmYTVG4Kr57giaRu452VzUpGTjv1eSRt+0
-----END CERTIFICATE-----