Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/085f913d-6f5b-47e4-8ad5-5a37d1473a41.roa
File:                     085f913d-6f5b-47e4-8ad5-5a37d1473a41.roa (raw, json)
Hash identifier:          ibm5trClsV66KM7Hxh75yxO/30exsqrKKmO93vuyfDY=
Subject key identifier:   4B:50:84:9E:ED:A5:B0:FC:78:CB:2A:A0:32:8C:45:05:22:41:49:A2
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       07FA06644B1296DCA6DBAE3858D2AB363ECAD1CE
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/085f913d-6f5b-47e4-8ad5-5a37d1473a41.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf2:b000::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:fa:06:64:4b:12:96:dc:a6:db:ae:38:58:d2:ab:36:3e:ca:d1:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=837a61c2d7553077df7f89a87490f87dfa8bf804e634b6acd36cb156314e632e, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:ba:bb:7f:63:ef:80:ca:09:8f:36:20:68:f7:
                    ed:4e:23:ff:d3:67:a8:3f:10:dd:bf:2e:5d:41:00:
                    56:13:d8:a3:a1:bd:5c:43:89:62:c6:1b:ed:c1:3d:
                    bf:e6:9c:33:6f:d9:26:78:97:c6:1b:f1:fc:8e:36:
                    4f:8d:cf:f2:8b:9a:25:7f:1c:bd:a1:a5:c9:95:ee:
                    c8:66:82:7f:d4:8a:81:8f:cd:c5:70:5c:f7:79:b0:
                    ce:31:20:72:8c:78:7c:f5:f0:ea:99:36:58:98:b9:
                    85:dd:5a:82:91:db:c0:b5:bd:32:53:00:a7:8b:ec:
                    2b:a2:84:5c:14:e2:ba:64:03:f6:98:5c:78:b1:30:
                    1c:56:ec:18:12:ec:c0:96:33:6d:1f:31:1b:a1:b5:
                    ab:cf:1b:0f:70:b2:44:d9:ca:f6:21:0b:0e:8f:5b:
                    51:38:f7:6f:46:b7:de:12:99:0c:27:e6:3c:01:78:
                    1f:e5:c3:9f:1b:11:21:2d:fa:37:44:99:c3:19:37:
                    2b:48:95:fc:34:84:e1:0a:8b:77:64:c3:e5:3d:3b:
                    8b:8c:fd:f5:9c:06:1e:69:a9:e4:68:9e:80:d3:a1:
                    1a:80:ff:59:34:22:27:98:0a:ad:93:e5:34:98:0a:
                    f4:61:17:24:63:e1:25:c2:76:41:be:2b:93:47:2d:
                    22:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:50:84:9E:ED:A5:B0:FC:78:CB:2A:A0:32:8C:45:05:22:41:49:A2
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/085f913d-6f5b-47e4-8ad5-5a37d1473a41.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf2:b000::/40

    Signature Algorithm: sha256WithRSAEncryption
         5f:38:ef:50:4d:2b:28:5e:db:00:22:1a:f2:62:e6:51:a0:5c:
         e4:ce:ca:e8:46:6d:85:9b:7d:4d:39:09:ad:cf:46:7d:3c:2a:
         60:69:68:c7:9b:50:61:37:23:4f:ef:ca:25:38:d5:26:ba:fb:
         a6:71:44:45:fa:2c:37:00:3f:fa:3e:04:a3:6b:3f:4f:56:c3:
         da:1c:49:7e:9d:51:ce:88:6d:13:49:0b:57:11:fd:89:33:97:
         c4:f9:26:e7:14:1b:34:9b:c2:b4:ab:34:44:81:ad:42:5a:82:
         d2:61:d7:0c:08:b8:d3:4c:45:1c:25:ca:b1:01:be:fd:e8:f5:
         6d:dd:00:01:db:9a:7c:df:eb:0d:9e:6a:06:3a:31:b3:67:c5:
         86:8d:b0:7b:ad:52:c2:9d:b5:f9:fc:4a:30:1e:85:77:13:a5:
         d2:a3:07:b2:20:48:e9:8b:b5:23:c1:99:75:93:5a:8b:15:6a:
         d7:ce:48:a4:83:f5:59:3b:5a:07:57:14:81:85:ac:69:82:23:
         45:9b:aa:9d:b9:29:17:39:ef:2b:34:29:23:16:46:4c:db:77:
         76:0b:bf:c4:46:db:a2:9a:78:b9:74:c4:eb:b4:09:6b:b8:fe:
         a7:1a:35:14:86:44:f4:8b:58:a3:dc:29:d0:93:1c:ba:48:8f:
         19:1e:1a:ec
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUB/oGZEsSltym2644WNKrNj7K0c4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNAODM3YTYxYzJkNzU1MzA3N2RmN2Y4
OWE4NzQ5MGY4N2RmYThiZjgwNGU2MzRiNmFjZDM2Y2IxNTYzMTRlNjMyZTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLq7f2PvgMoJjzYgaPftTiP/02eo
PxDdvy5dQQBWE9ijob1cQ4lixhvtwT2/5pwzb9kmeJfGG/H8jjZPjc/yi5olfxy9
oaXJle7IZoJ/1IqBj83FcFz3ebDOMSByjHh89fDqmTZYmLmF3VqCkdvAtb0yUwCn
i+wrooRcFOK6ZAP2mFx4sTAcVuwYEuzAljNtHzEbobWrzxsPcLJE2cr2IQsOj1tR
OPdvRrfeEpkMJ+Y8AXgf5cOfGxEhLfo3RJnDGTcrSJX8NIThCot3ZMPlPTuLjP31
nAYeaankaJ6A06EagP9ZNCInmAqtk+U0mAr0YRckY+ElwnZBviuTRy0i8wIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFEtQhJ7tpbD8eMsqoDKMRQUiQUmiMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzA4NWY5MTNkLTZmNWItNDdlNC04YWQ1LTVhMzdkMTQ3M2E0MS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba8rAwDQYJKoZIhvcNAQELBQADggEBAF8471BNKyhe2wAiGvJi
5lGgXOTOyuhGbYWbfU05Ca3PRn08KmBpaMebUGE3I0/vyiU41Sa6+6ZxREX6LDcA
P/o+BKNrP09Ww9ocSX6dUc6IbRNJC1cR/Ykzl8T5JucUGzSbwrSrNESBrUJagtJh
1wwIuNNMRRwlyrEBvv3o9W3dAAHbmnzf6w2eagY6MbNnxYaNsHutUsKdtfn8SjAe
hXcTpdKjB7IgSOmLtSPBmXWTWosVatfOSKSD9Vk7WgdXFIGFrGmCI0Wbqp25KRc5
7ys0KSMWRkzbd3YLv8RG26KaeLl0xOu0CWu4/qcaNRSGRPSLWKPcKdCTHLpIjxke
Guw=
-----END CERTIFICATE-----