Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/095aabaa-12a1-42c0-aeb7-99712365104e.roa
File:                     095aabaa-12a1-42c0-aeb7-99712365104e.roa (raw, json)
Hash identifier:          2GVlcfTFwKD1A7tDGtBQtcmXFI9vHOjNn1flYp2NubY=
Subject key identifier:   2D:0E:F2:48:8C:64:32:7D:D7:68:86:D3:49:75:5F:15:36:B0:1F:0B
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       0CEBD5CF0BB002C0A0B8D68BE76EF38F665286C8
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/095aabaa-12a1-42c0-aeb7-99712365104e.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf4:2800::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:eb:d5:cf:0b:b0:02:c0:a0:b8:d6:8b:e7:6e:f3:8f:66:52:86:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=2538fbe299084f5500034b3556a0750e4c7423a12a550cefe557fae5fddded11, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:00:96:99:42:05:df:6b:5c:67:52:cc:b2:53:
                    29:ed:fe:24:7e:52:37:fc:c2:bf:e3:47:5c:44:9f:
                    72:e4:1a:ef:62:c0:99:b1:25:d2:22:61:89:c3:8f:
                    2c:6a:e3:ea:8c:64:c4:ea:bd:23:01:7b:17:66:be:
                    65:a0:fa:ba:44:85:bb:9a:5b:56:69:04:0f:45:8c:
                    16:db:0e:7f:0f:0c:8d:f9:09:99:91:ab:a4:05:64:
                    b8:cf:b3:ce:2b:61:bc:61:1f:2e:2c:35:07:f4:b9:
                    f2:9b:4a:9b:92:c4:b5:ec:44:08:c8:61:79:46:6c:
                    b7:17:ac:1b:ef:6e:6c:2b:2e:ac:c1:ab:ff:31:24:
                    ba:07:4d:46:b9:d5:a6:b2:b8:17:e2:ee:c0:52:15:
                    56:53:8f:90:e2:07:e4:ce:87:aa:d3:9f:70:97:c3:
                    07:9f:68:5c:df:7d:c0:d1:f9:5f:a2:c8:36:80:5a:
                    17:d3:c0:97:28:6b:02:f0:2f:e8:6f:d7:81:6b:b3:
                    9e:35:9b:a8:76:bd:a4:a7:25:3f:d2:3f:55:bd:72:
                    05:ae:a7:32:12:57:c6:2f:39:88:d4:a3:8a:56:bf:
                    0a:25:62:0e:33:ad:2c:12:90:bc:f4:5d:28:be:13:
                    ea:f3:5b:26:92:9f:e7:c7:95:be:e0:60:75:65:85:
                    96:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:0E:F2:48:8C:64:32:7D:D7:68:86:D3:49:75:5F:15:36:B0:1F:0B
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/095aabaa-12a1-42c0-aeb7-99712365104e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf4:2800::/40

    Signature Algorithm: sha256WithRSAEncryption
         30:84:74:1a:47:3f:75:35:35:20:c8:f9:76:bf:55:3d:17:29:
         bf:9c:d8:69:e0:5e:67:a5:7d:d7:fa:d9:96:95:b2:4e:99:34:
         2b:ea:e5:ea:62:0a:31:95:81:87:d0:1a:9d:67:37:20:fd:7b:
         0d:f9:e3:47:21:72:09:ee:75:1f:d1:52:bd:72:72:59:3d:ed:
         b7:85:da:31:d0:6b:b7:f0:4b:4c:6b:49:94:d5:b0:eb:5b:91:
         a1:bb:e2:08:2b:50:e6:03:c7:0d:30:c3:de:0b:7d:11:72:a6:
         91:43:ba:b9:9c:fb:d0:07:85:42:0f:59:b0:96:c7:a5:17:63:
         1a:33:4c:cd:68:84:d0:36:18:85:45:7f:75:0b:2d:0b:02:b9:
         83:8f:2c:60:84:39:7f:a6:89:63:1d:4c:cb:9f:60:ea:14:35:
         0a:aa:c1:be:eb:9f:0e:76:91:6a:e0:d8:80:a7:3e:49:05:6e:
         61:63:db:4a:fc:de:71:ae:53:45:45:5c:93:84:7c:8f:8f:8d:
         7c:ed:ac:03:91:6a:03:16:01:5f:9a:1b:a4:d6:f5:5b:e3:c4:
         0f:d7:bb:e7:48:d9:c4:1f:57:65:72:f6:27:37:0d:d4:ba:8a:
         1e:d7:e0:41:89:bc:b7:ea:0a:af:83:4d:0d:10:12:56:aa:6f:
         fd:b6:a9:60
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUDOvVzwuwAsCguNaL527zj2ZShsgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNAMjUzOGZiZTI5OTA4NGY1NTAwMDM0
YjM1NTZhMDc1MGU0Yzc0MjNhMTJhNTUwY2VmZTU1N2ZhZTVmZGRkZWQxMTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQCWmUIF32tcZ1LMslMp7f4kflI3
/MK/40dcRJ9y5BrvYsCZsSXSImGJw48sauPqjGTE6r0jAXsXZr5loPq6RIW7mltW
aQQPRYwW2w5/DwyN+QmZkaukBWS4z7POK2G8YR8uLDUH9Lnym0qbksS17EQIyGF5
Rmy3F6wb725sKy6swav/MSS6B01GudWmsrgX4u7AUhVWU4+Q4gfkzoeq059wl8MH
n2hc333A0flfosg2gFoX08CXKGsC8C/ob9eBa7OeNZuodr2kpyU/0j9VvXIFrqcy
ElfGLzmI1KOKVr8KJWIOM60sEpC89F0ovhPq81smkp/nx5W+4GB1ZYWW1QIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFC0O8kiMZDJ912iG00l1XxU2sB8LMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzA5NWFhYmFhLTEyYTEtNDJjMC1hZWI3LTk5NzEyMzY1MTA0ZS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba9CgwDQYJKoZIhvcNAQELBQADggEBADCEdBpHP3U1NSDI+Xa/
VT0XKb+c2GngXmelfdf62ZaVsk6ZNCvq5epiCjGVgYfQGp1nNyD9ew3540chcgnu
dR/RUr1yclk97beF2jHQa7fwS0xrSZTVsOtbkaG74ggrUOYDxw0ww94LfRFyppFD
urmc+9AHhUIPWbCWx6UXYxozTM1ohNA2GIVFf3ULLQsCuYOPLGCEOX+miWMdTMuf
YOoUNQqqwb7rnw52kWrg2ICnPkkFbmFj20r83nGuU0VFXJOEfI+PjXztrAORagMW
AV+aG6TW9VvjxA/Xu+dI2cQfV2Vy9ic3DdS6ih7X4EGJvLfqCq+DTQ0QElaqb/22
qWA=
-----END CERTIFICATE-----