Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/05f722d1-1b22-44e3-a4a2-3835d7447d1c.roa
File:                     05f722d1-1b22-44e3-a4a2-3835d7447d1c.roa (raw, json)
Hash identifier:          9GG0RQ2E30Qbzl0TzOcPP0tnxovkVnofRzqm4fVYIiU=
Subject key identifier:   68:06:CF:C0:D8:EB:7D:CE:6D:EC:8E:03:FC:8B:F7:16:BC:EC:6D:C6
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       5D92D7F4EBEA482FA77387DDA08C0D8ED11E89AF
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/05f722d1-1b22-44e3-a4a2-3835d7447d1c.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da70:c800::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:92:d7:f4:eb:ea:48:2f:a7:73:87:dd:a0:8c:0d:8e:d1:1e:89:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=97a3560235e138775d5b90ea0d5485346ed756ac51ba5c321a80fad7f0591776, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:39:45:1c:e1:d5:5f:1b:a5:0e:81:75:75:b4:
                    1f:e4:eb:1e:91:53:f9:91:ef:47:33:3f:22:1d:1d:
                    0e:22:a6:54:1d:59:f1:d9:82:0e:f4:fe:a5:c6:74:
                    f2:8e:78:51:f0:15:f7:0a:64:88:8a:a3:73:e7:09:
                    3e:ae:72:a5:4d:4d:8f:8f:c5:00:27:bc:2a:09:de:
                    38:4f:d5:d5:4f:8d:60:b9:4c:54:a1:f4:40:61:5e:
                    9b:cc:22:9a:a7:ed:d9:f3:5d:61:d7:b4:8a:6c:46:
                    f9:56:36:c0:1b:88:3f:df:3f:bd:c7:d2:12:3b:be:
                    a6:95:e7:db:7d:57:a1:48:02:22:ea:15:20:3a:a9:
                    a2:b0:13:49:80:9d:51:38:99:74:fb:31:51:5c:66:
                    a6:f6:5e:20:84:6b:95:e8:27:83:24:5d:45:0d:c7:
                    82:0a:18:e7:06:4f:38:7f:c5:0f:ef:01:02:a5:e2:
                    cb:5c:2b:1e:c9:a1:3e:8e:44:e0:d6:6c:89:82:77:
                    2d:49:d4:de:30:78:26:bd:ee:0a:8a:60:92:2a:06:
                    6e:fd:1c:db:fc:67:d3:d3:de:6b:1e:73:86:f5:9f:
                    43:fd:93:b3:e5:09:a9:22:3e:b4:e2:08:59:9b:e4:
                    f5:8e:ae:69:dc:b9:54:7d:6e:eb:c5:1f:f6:11:1f:
                    63:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:06:CF:C0:D8:EB:7D:CE:6D:EC:8E:03:FC:8B:F7:16:BC:EC:6D:C6
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/05f722d1-1b22-44e3-a4a2-3835d7447d1c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da70:c800::/40

    Signature Algorithm: sha256WithRSAEncryption
         02:72:cb:72:13:5d:8e:44:a0:70:6f:a8:7e:c2:61:72:4a:c8:
         2a:79:ed:eb:07:2c:11:c4:9f:e6:19:96:5a:0b:96:6e:dc:b6:
         a4:34:0d:3c:87:80:c1:cd:9d:6f:91:e2:dc:20:da:1c:ba:d7:
         c2:13:b9:7a:ec:5a:5c:96:4c:ee:4e:f7:41:4f:95:4d:fd:01:
         8f:10:0b:77:ec:df:fa:7f:b4:0f:e4:69:9a:1f:e5:20:6a:fa:
         a6:e0:81:52:52:bd:da:80:f1:d5:ba:65:9d:e2:47:d4:e6:d2:
         f4:51:48:8b:67:75:b1:6a:1c:dc:0c:47:27:6f:98:dc:aa:61:
         5f:4d:6c:bb:7d:3b:6a:74:16:e1:2b:de:62:9b:41:ba:f0:0a:
         5f:6a:b6:7c:13:8d:b6:95:26:83:d3:70:74:1c:a8:8a:05:e4:
         a4:be:61:70:44:60:1f:b1:9b:09:60:f7:01:10:ba:41:92:88:
         d8:8b:0f:d4:1f:f1:9f:d2:98:8f:16:fc:c4:51:7b:e4:68:10:
         1e:54:17:76:08:02:cb:dc:b0:57:a4:f5:60:7a:b4:00:d9:cc:
         5c:65:69:59:66:13:5f:08:3a:ba:f8:17:e0:27:e9:77:92:11:
         eb:b1:b7:a5:66:35:f2:a4:39:48:0d:56:73:ce:e0:25:18:07:
         fa:a5:8f:46
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUXZLX9OvqSC+nc4fdoIwNjtEeia8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNAOTdhMzU2MDIzNWUxMzg3NzVkNWI5
MGVhMGQ1NDg1MzQ2ZWQ3NTZhYzUxYmE1YzMyMWE4MGZhZDdmMDU5MTc3NjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1zlFHOHVXxulDoF1dbQf5OsekVP5
ke9HMz8iHR0OIqZUHVnx2YIO9P6lxnTyjnhR8BX3CmSIiqNz5wk+rnKlTU2Pj8UA
J7wqCd44T9XVT41guUxUofRAYV6bzCKap+3Z811h17SKbEb5VjbAG4g/3z+9x9IS
O76mlefbfVehSAIi6hUgOqmisBNJgJ1ROJl0+zFRXGam9l4ghGuV6CeDJF1FDceC
ChjnBk84f8UP7wECpeLLXCseyaE+jkTg1myJgnctSdTeMHgmve4KimCSKgZu/Rzb
/GfT095rHnOG9Z9D/ZOz5QmpIj604ghZm+T1jq5p3LlUfW7rxR/2ER9jjwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFGgGz8DY633ObeyOA/yL9xa87G3GMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzA1ZjcyMmQxLTFiMjItNDRlMy1hNGEyLTM4MzVkNzQ0N2QxYy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbacMgwDQYJKoZIhvcNAQELBQADggEBAAJyy3ITXY5EoHBvqH7C
YXJKyCp57esHLBHEn+YZlloLlm7ctqQ0DTyHgMHNnW+R4twg2hy618ITuXrsWlyW
TO5O90FPlU39AY8QC3fs3/p/tA/kaZof5SBq+qbggVJSvdqA8dW6ZZ3iR9Tm0vRR
SItndbFqHNwMRydvmNyqYV9NbLt9O2p0FuEr3mKbQbrwCl9qtnwTjbaVJoPTcHQc
qIoF5KS+YXBEYB+xmwlg9wEQukGSiNiLD9Qf8Z/SmI8W/MRRe+RoEB5UF3YIAsvc
sFek9WB6tADZzFxlaVlmE18IOrr4F+An6XeSEeuxt6VmNfKkOUgNVnPO4CUYB/ql
j0Y=
-----END CERTIFICATE-----