Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/14ac5884-e669-47d5-bcbf-8694e4dc20a6.roa
File:                     14ac5884-e669-47d5-bcbf-8694e4dc20a6.roa (raw, json)
Hash identifier:          vxzoheFjz4IcpkcFe1TrcX9hgWULGApwe2rWCEl9OGc=
Subject key identifier:   5D:51:F6:DB:51:A7:D0:D2:E2:B9:C3:C6:6D:64:70:B3:4D:66:D6:A7
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       3DD0AF47AEFEE0D9FCE6E45AFAC5C8BD21F95259
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/14ac5884-e669-47d5-bcbf-8694e4dc20a6.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da61:a040::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:d0:af:47:ae:fe:e0:d9:fc:e6:e4:5a:fa:c5:c8:bd:21:f9:52:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=775f257fedd42c37e8554648bc3dda65a79bd23a4f945465a927b031c8c8a3b1, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:7c:e5:81:ea:30:a4:ad:7d:27:20:b6:90:fd:
                    22:ca:9a:88:2b:80:d6:ca:ad:8a:3f:ff:13:5f:e2:
                    92:b8:dd:80:7c:56:79:23:ab:96:81:f2:1c:3d:47:
                    6b:05:3a:54:3c:ad:53:f6:17:6e:24:3c:54:28:a0:
                    28:69:ad:0c:6e:b0:b9:82:a7:13:c4:31:9c:ca:97:
                    14:6c:96:be:c7:91:bb:b0:f7:b7:49:61:e5:c6:d7:
                    c5:18:ac:40:48:be:fa:f4:aa:23:dc:48:08:98:5a:
                    70:f5:24:93:43:7a:74:c0:54:b1:e7:0f:18:b5:ca:
                    53:63:27:af:33:17:f5:3d:a4:fa:ae:6c:00:bd:7f:
                    0c:e7:82:d3:8b:1b:19:24:fb:81:7b:66:e7:c6:b8:
                    0b:31:99:35:62:e0:f9:22:d4:9c:75:d1:3c:cd:2e:
                    77:48:9a:ca:5c:e0:9f:fd:05:06:00:06:36:0b:23:
                    9b:97:ac:81:2b:2d:43:02:95:43:48:66:08:b3:71:
                    59:4c:cc:a7:96:da:d7:18:f4:9e:1a:2d:aa:6d:1a:
                    5d:34:d6:07:b7:1f:b1:5f:45:56:f4:a0:b0:6c:03:
                    b8:14:f9:d4:d2:99:95:e4:45:a3:d8:47:48:2a:0c:
                    d8:97:28:ed:76:65:d2:35:dd:22:5d:2e:d4:c1:3c:
                    97:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:51:F6:DB:51:A7:D0:D2:E2:B9:C3:C6:6D:64:70:B3:4D:66:D6:A7
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/14ac5884-e669-47d5-bcbf-8694e4dc20a6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da61:a040::/48

    Signature Algorithm: sha256WithRSAEncryption
         92:c8:23:77:c6:08:d9:8d:94:79:40:2e:44:41:a0:98:8b:bb:
         c3:44:0c:87:2e:e7:f6:41:5a:38:4a:6b:32:d6:62:ac:3b:4a:
         b7:ee:d5:f8:8f:90:07:c1:00:a4:db:31:7c:e1:68:08:bc:54:
         d7:e9:e0:98:8a:03:78:2a:b7:11:5c:3a:40:a2:3a:79:3a:c3:
         65:2f:68:b2:e8:53:13:e1:7b:7f:06:a4:01:e2:98:a0:0f:d6:
         df:f5:0b:8f:f3:4d:74:e1:27:dd:d1:4f:3a:60:a4:9f:61:ee:
         b8:cf:14:9a:fe:5a:04:5f:df:03:93:7b:55:e2:14:b1:22:46:
         b2:4b:01:5f:43:8f:12:59:03:e3:0b:81:92:b3:d2:6e:d3:f2:
         71:fb:d9:a7:7f:80:58:5c:3c:41:6a:b3:bd:13:42:f9:31:6d:
         79:d3:d7:1c:a3:3c:42:22:86:4a:09:ee:c6:64:65:31:04:94:
         77:72:d1:45:5d:b4:a1:7a:33:ef:70:5e:e8:29:6d:73:1d:00:
         1a:c8:97:4d:1a:97:b6:62:b9:fa:a1:2e:f8:1f:c0:39:ba:e3:
         3d:55:d1:66:0b:c8:ba:9b:86:93:fc:49:0b:e6:cb:50:ff:f1:
         7d:5d:8e:05:44:ce:d6:3f:f9:2f:ce:92:83:27:0f:7d:37:a2:
         42:30:cc:f7
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUPdCvR67+4Nn85uRa+sXIvSH5UlkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNANzc1ZjI1N2ZlZGQ0MmMzN2U4NTU0
NjQ4YmMzZGRhNjVhNzliZDIzYTRmOTQ1NDY1YTkyN2IwMzFjOGM4YTNiMTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArXzlgeowpK19JyC2kP0iypqIK4DW
yq2KP/8TX+KSuN2AfFZ5I6uWgfIcPUdrBTpUPK1T9hduJDxUKKAoaa0MbrC5gqcT
xDGcypcUbJa+x5G7sPe3SWHlxtfFGKxASL769Koj3EgImFpw9SSTQ3p0wFSx5w8Y
tcpTYyevMxf1PaT6rmwAvX8M54LTixsZJPuBe2bnxrgLMZk1YuD5ItScddE8zS53
SJrKXOCf/QUGAAY2CyObl6yBKy1DApVDSGYIs3FZTMynltrXGPSeGi2qbRpdNNYH
tx+xX0VW9KCwbAO4FPnU0pmV5EWj2EdIKgzYlyjtdmXSNd0iXS7UwTyXYQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFF1R9ttRp9DS4rnDxm1kcLNNZtanMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzE0YWM1ODg0LWU2NjktNDdkNS1iY2JmLTg2OTRlNGRjMjBhNi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAbaYaBAMA0GCSqGSIb3DQEBCwUAA4IBAQCSyCN3xgjZjZR5QC5E
QaCYi7vDRAyHLuf2QVo4Smsy1mKsO0q37tX4j5AHwQCk2zF84WgIvFTX6eCYigN4
KrcRXDpAojp5OsNlL2iy6FMT4Xt/BqQB4pigD9bf9QuP80104Sfd0U86YKSfYe64
zxSa/loEX98Dk3tV4hSxIkaySwFfQ48SWQPjC4GSs9Ju0/Jx+9mnf4BYXDxBarO9
E0L5MW1509ccozxCIoZKCe7GZGUxBJR3ctFFXbShejPvcF7oKW1zHQAayJdNGpe2
Yrn6oS74H8A5uuM9VdFmC8i6m4aT/EkL5stQ//F9XY4FRM7WP/kvzpKDJw99N6JC
MMz3
-----END CERTIFICATE-----