Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0c131403-c0db-4229-b10c-238da60a9c57.roa
File:                     0c131403-c0db-4229-b10c-238da60a9c57.roa (raw, json)
Hash identifier:          Z12jKrFwsZXNyudQTAxUh6Ixh+t/TVSqkagcRtD1eLI=
Subject key identifier:   68:AB:30:A6:F8:BA:EE:F3:70:E0:DD:BE:F1:8D:48:28:D4:88:79:F6
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       2D0170CABDD332C014C44E32102973B9E4945263
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0c131403-c0db-4229-b10c-238da60a9c57.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da61:c880::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:01:70:ca:bd:d3:32:c0:14:c4:4e:32:10:29:73:b9:e4:94:52:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=2969060dafae482c4b1565914e40fb38fb46dca9d354c0046a0b2a8f3fc970a7, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:45:cb:98:6f:82:2a:ad:b3:0f:00:f0:c5:e3:
                    20:ce:40:9d:75:80:ea:07:18:11:23:20:b6:e2:10:
                    57:d7:13:50:cb:6a:f0:fe:20:1f:a0:6d:44:27:1f:
                    f9:fe:47:d7:14:87:40:bd:15:7c:62:82:40:1c:3b:
                    ec:33:c6:e2:3d:07:17:25:73:88:23:c3:d5:a6:29:
                    5c:70:82:12:33:54:e9:e0:d4:7c:9b:23:94:21:5b:
                    74:5c:21:21:f7:0a:21:07:37:44:9a:46:f2:23:3f:
                    b2:f9:8a:8d:af:4d:5f:63:1a:3a:df:00:f3:59:b8:
                    a1:84:36:9f:5a:eb:9e:b5:ae:fe:7b:49:ec:12:54:
                    6f:f3:6e:07:83:04:79:2d:39:2f:62:3b:bb:53:0b:
                    15:f3:18:d4:55:58:c9:13:b0:74:e2:4b:0d:8a:90:
                    7e:cb:71:93:5e:68:1d:14:1d:b1:22:f8:48:bc:7f:
                    e2:83:b2:9f:9d:a8:8c:52:85:ac:b2:e3:4e:64:38:
                    09:1f:9c:8e:ae:87:90:42:0d:e9:67:37:ea:ab:1c:
                    21:04:87:ed:de:3a:39:5e:db:c1:82:18:7f:fa:1a:
                    46:ca:b3:c8:5e:9f:de:a2:7d:4a:5b:96:36:e4:48:
                    0b:d4:c7:03:53:dd:02:8a:9d:40:00:03:a1:c8:a6:
                    8c:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:AB:30:A6:F8:BA:EE:F3:70:E0:DD:BE:F1:8D:48:28:D4:88:79:F6
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0c131403-c0db-4229-b10c-238da60a9c57.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da61:c880::/48

    Signature Algorithm: sha256WithRSAEncryption
         60:cd:3b:00:bd:5a:60:bd:83:9d:29:48:3f:50:2d:cd:3d:e4:
         0f:92:43:1f:bc:a4:3d:14:fb:cd:96:a6:7e:6c:c8:14:1b:5a:
         eb:79:1a:6c:9f:78:57:37:92:3d:b6:38:82:27:24:17:42:10:
         a1:a2:7e:82:df:d1:22:41:ad:73:79:54:da:6e:9b:f0:a7:93:
         af:af:09:72:d3:75:de:76:08:74:5c:3f:2d:63:b9:36:a1:8f:
         91:72:70:83:f4:7a:a0:c2:55:57:5a:83:06:c1:f3:52:74:70:
         19:92:c6:0c:24:a5:1e:87:0f:59:90:3f:7c:89:c0:75:8a:0c:
         71:6f:4c:30:1d:88:9e:d1:27:bb:0d:6c:40:28:80:72:c6:04:
         11:10:9c:1e:30:7f:3a:b8:1f:e0:72:b9:0c:22:1f:f5:de:64:
         9b:97:4a:c9:1d:da:a9:85:ce:f3:8e:2a:f6:59:05:ae:58:d9:
         f9:52:fc:4d:34:64:da:95:56:69:5c:02:08:5c:6d:c3:3b:2b:
         c4:d0:d2:c9:bb:e0:d1:5d:25:8c:d5:ef:d5:1d:90:f0:8b:a4:
         5f:67:4e:70:d7:79:96:a2:83:5d:3d:17:2a:ca:95:df:81:3f:
         69:20:9b:20:aa:c3:32:b0:a4:21:d0:75:13:a2:a6:bd:f8:c1:
         36:cf:48:43
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIULQFwyr3TMsAUxE4yEClzueSUUmMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNAMjk2OTA2MGRhZmFlNDgyYzRiMTU2
NTkxNGU0MGZiMzhmYjQ2ZGNhOWQzNTRjMDA0NmEwYjJhOGYzZmM5NzBhNzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvUXLmG+CKq2zDwDwxeMgzkCddYDq
BxgRIyC24hBX1xNQy2rw/iAfoG1EJx/5/kfXFIdAvRV8YoJAHDvsM8biPQcXJXOI
I8PVpilccIISM1Tp4NR8myOUIVt0XCEh9wohBzdEmkbyIz+y+YqNr01fYxo63wDz
WbihhDafWuueta7+e0nsElRv824HgwR5LTkvYju7UwsV8xjUVVjJE7B04ksNipB+
y3GTXmgdFB2xIvhIvH/ig7KfnaiMUoWssuNOZDgJH5yOroeQQg3pZzfqqxwhBIft
3jo5XtvBghh/+hpGyrPIXp/eon1KW5Y25EgL1McDU90Cip1AAAOhyKaMmwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFGirMKb4uu7zcODdvvGNSCjUiHn2MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzBjMTMxNDAzLWMwZGItNDIyOS1iMTBjLTIzOGRhNjBhOWM1Ny5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAbaYciAMA0GCSqGSIb3DQEBCwUAA4IBAQBgzTsAvVpgvYOdKUg/
UC3NPeQPkkMfvKQ9FPvNlqZ+bMgUG1rreRpsn3hXN5I9tjiCJyQXQhChon6C39Ei
Qa1zeVTabpvwp5Ovrwly03Xedgh0XD8tY7k2oY+RcnCD9HqgwlVXWoMGwfNSdHAZ
ksYMJKUehw9ZkD98icB1igxxb0wwHYie0Se7DWxAKIByxgQREJweMH86uB/gcrkM
Ih/13mSbl0rJHdqphc7zjir2WQWuWNn5UvxNNGTalVZpXAIIXG3DOyvE0NLJu+DR
XSWM1e/VHZDwi6RfZ05w13mWooNdPRcqypXfgT9pIJsgqsMysKQh0HUToqa9+ME2
z0hD
-----END CERTIFICATE-----