Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/02d4e2a1-b855-4dc9-b76f-9f661a0dff14.roa
File:                     02d4e2a1-b855-4dc9-b76f-9f661a0dff14.roa (raw, json)
Hash identifier:          z0EGY7NLfYrT0enlaS6id+Y8tvWdRWwFTGn1kTDhGHo=
Subject key identifier:   EE:80:5E:1F:0D:33:54:A5:77:C4:8B:9D:94:98:20:80:33:F6:1B:6E
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       1D711B9308937D07872D885DDA537BD954537093
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/02d4e2a1-b855-4dc9-b76f-9f661a0dff14.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da61:9000::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:71:1b:93:08:93:7d:07:87:2d:88:5d:da:53:7b:d9:54:53:70:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=9747da7f5840c12668b1b1528027d06adf4343a5e9e7f4d3fe741e0c7b0813ad, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:0f:28:4b:c9:be:79:59:7f:41:a2:31:65:50:
                    b7:19:29:7d:59:37:38:2c:a0:08:a1:f3:64:40:27:
                    d4:02:ef:d7:ce:a4:45:7b:9c:63:8c:fa:49:42:cd:
                    87:a0:13:ea:e4:a2:88:48:aa:df:41:1d:d4:e4:b5:
                    53:cb:46:1a:98:73:01:b4:a6:90:7b:91:fa:2f:1e:
                    ed:73:0a:3a:7b:ed:48:a8:70:35:67:2e:64:2d:c1:
                    00:d6:69:78:7a:f6:da:83:88:62:2e:33:d8:0b:89:
                    0b:c8:ef:6f:10:b1:5d:aa:84:1f:f3:c4:97:be:e0:
                    2d:0d:d7:38:bb:30:c9:28:d0:a1:d2:01:f7:2c:6d:
                    8f:f4:b9:19:73:8b:b6:7a:4c:bb:a5:22:5b:1a:4e:
                    d9:d8:27:76:43:6e:31:73:8a:a1:7b:68:a6:0b:4b:
                    02:31:12:43:56:b4:1d:82:48:92:51:12:98:88:48:
                    5f:aa:4d:21:7a:17:96:7c:89:84:1f:b5:8a:ff:7c:
                    96:e2:05:89:7b:5b:f5:24:bb:ee:d6:72:fe:e7:57:
                    23:e2:07:f2:27:7a:d4:0c:54:d1:19:ee:15:9b:a2:
                    6d:b5:8a:e2:f6:3b:40:2a:0f:e1:ad:6f:0e:26:ef:
                    ab:cb:4b:b2:ce:86:48:fe:2e:c3:e8:68:44:8c:0d:
                    21:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:80:5E:1F:0D:33:54:A5:77:C4:8B:9D:94:98:20:80:33:F6:1B:6E
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/02d4e2a1-b855-4dc9-b76f-9f661a0dff14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da61:9000::/40

    Signature Algorithm: sha256WithRSAEncryption
         88:b0:b5:d9:6f:f1:4d:98:3b:a6:9c:19:21:59:44:2c:ea:8f:
         15:66:df:c2:1d:7b:91:a9:82:90:39:5c:1a:60:3b:6a:07:a8:
         1d:78:77:04:01:aa:ae:86:33:c4:69:e7:d9:0b:8a:04:92:bc:
         33:cd:77:ea:48:d3:1b:fd:25:a1:89:4c:39:18:e7:30:36:62:
         90:d2:cc:12:0d:62:45:00:b8:92:3b:bb:36:27:63:44:be:77:
         f2:87:13:06:02:ea:05:f2:79:25:72:40:f1:c0:ad:dd:7e:92:
         79:26:91:2f:c5:ab:b0:63:67:db:0f:8e:b1:4d:45:2a:5e:96:
         99:6e:2d:3b:5c:a5:d5:e1:47:b0:f4:57:df:40:a8:ed:c0:e1:
         65:e4:ba:99:6b:88:4a:b7:48:dc:b7:8a:84:ee:44:b4:31:f4:
         44:23:9d:11:c8:2a:d6:d4:48:ea:76:1a:25:3e:27:77:4f:4f:
         ae:63:32:49:31:90:0b:55:10:b8:4f:fa:f3:10:ea:7b:97:1e:
         d6:00:fb:dd:a7:30:70:15:d7:86:18:7d:7b:4c:1c:ee:9c:57:
         77:6a:a0:95:d2:e3:e8:8d:e5:4b:81:19:78:68:00:28:6e:ab:
         04:57:67:42:b0:eb:58:5a:77:bb:bc:f0:87:9f:e7:b9:ac:83:
         16:f8:ee:fb
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUHXEbkwiTfQeHLYhd2lN72VRTcJMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNAOTc0N2RhN2Y1ODQwYzEyNjY4YjFi
MTUyODAyN2QwNmFkZjQzNDNhNWU5ZTdmNGQzZmU3NDFlMGM3YjA4MTNhZDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvw8oS8m+eVl/QaIxZVC3GSl9WTc4
LKAIofNkQCfUAu/XzqRFe5xjjPpJQs2HoBPq5KKISKrfQR3U5LVTy0YamHMBtKaQ
e5H6Lx7tcwo6e+1IqHA1Zy5kLcEA1ml4evbag4hiLjPYC4kLyO9vELFdqoQf88SX
vuAtDdc4uzDJKNCh0gH3LG2P9LkZc4u2eky7pSJbGk7Z2Cd2Q24xc4qhe2imC0sC
MRJDVrQdgkiSURKYiEhfqk0heheWfImEH7WK/3yW4gWJe1v1JLvu1nL+51cj4gfy
J3rUDFTRGe4Vm6JttYri9jtAKg/hrW8OJu+ry0uyzoZI/i7D6GhEjA0h8QIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFO6AXh8NM1Sld8SLnZSYIIAz9htuMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzAyZDRlMmExLWI4NTUtNGRjOS1iNzZmLTlmNjYxYTBkZmYxNC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaYZAwDQYJKoZIhvcNAQELBQADggEBAIiwtdlv8U2YO6acGSFZ
RCzqjxVm38Ide5GpgpA5XBpgO2oHqB14dwQBqq6GM8Rp59kLigSSvDPNd+pI0xv9
JaGJTDkY5zA2YpDSzBINYkUAuJI7uzYnY0S+d/KHEwYC6gXyeSVyQPHArd1+knkm
kS/Fq7BjZ9sPjrFNRSpelpluLTtcpdXhR7D0V99AqO3A4WXkuplriEq3SNy3ioTu
RLQx9EQjnRHIKtbUSOp2GiU+J3dPT65jMkkxkAtVELhP+vMQ6nuXHtYA+92nMHAV
14YYfXtMHO6cV3dqoJXS4+iN5UuBGXhoAChuqwRXZ0Kw61had7u88Ief57msgxb4
7vs=
-----END CERTIFICATE-----