Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/14e739f6-8650-4583-96ca-2f090de0cc47.roa
File:                     14e739f6-8650-4583-96ca-2f090de0cc47.roa (raw, json)
Hash identifier:          MhOY+ssvKWdkCcac3qR3FfzNL9jZcQFCvdGfvUlJSPs=
Subject key identifier:   DC:B1:1B:D6:A6:90:13:E4:55:7E:E2:76:1A:49:73:FC:83:98:CD:CF
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       7C3E46F2D89A40A449C51AFF305004A24FE2A4B3
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/14e739f6-8650-4583-96ca-2f090de0cc47.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf7:f000::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:3e:46:f2:d8:9a:40:a4:49:c5:1a:ff:30:50:04:a2:4f:e2:a4:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=64c0924af75dbaff2de5f91b5eba9b62a2cf89f544315db8f50f8a192c10dcfa, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:19:82:99:7f:7d:02:86:c5:d4:f0:67:fe:d6:
                    b3:77:22:60:20:80:26:3b:3c:4a:80:3c:c9:77:2a:
                    36:bf:3c:05:2c:84:82:07:5d:b1:33:72:97:0f:22:
                    d9:9d:97:80:4c:74:4c:5a:fe:06:b7:bc:92:a5:0e:
                    55:c8:2b:c4:ef:93:77:bc:a9:d6:ba:a0:76:cb:38:
                    ad:18:3c:95:91:fc:4f:7d:bf:a6:d4:f9:3e:50:f4:
                    51:1f:7b:6d:51:92:e6:6e:9b:b5:1c:c3:d3:3d:79:
                    6c:77:5e:77:0d:aa:e8:9f:4a:39:3f:7a:07:88:1a:
                    0a:f7:03:68:a6:0e:2f:d7:b2:d1:ca:ac:fc:02:ad:
                    12:ba:5c:1b:e9:79:d1:af:40:03:02:8f:cc:5f:bc:
                    e0:a4:ea:36:35:39:15:d1:b6:ee:54:66:09:90:ae:
                    e9:78:b2:ee:93:fc:0b:d5:1e:dc:67:46:a7:d1:f4:
                    e3:8f:c6:87:d3:30:ac:5c:a6:25:c6:f1:7b:9c:38:
                    d6:96:59:4d:51:58:68:12:53:5c:28:68:54:c8:d2:
                    cd:53:87:92:fa:40:7e:06:91:e7:e4:8b:61:86:93:
                    e9:b7:cc:2e:3e:c9:e7:36:bd:99:17:25:9f:43:82:
                    74:fa:07:4a:1b:d2:3b:4d:66:d5:71:f1:49:c1:2a:
                    88:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:B1:1B:D6:A6:90:13:E4:55:7E:E2:76:1A:49:73:FC:83:98:CD:CF
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/14e739f6-8650-4583-96ca-2f090de0cc47.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf7:f000::/40

    Signature Algorithm: sha256WithRSAEncryption
         a7:51:7c:dd:3f:c4:7e:f3:45:44:4a:52:8a:72:cc:f6:03:27:
         63:b8:27:9c:f7:42:e3:29:41:f8:ea:88:bd:ab:4c:38:ec:49:
         c4:92:ed:2f:96:0e:ad:a4:04:39:6c:13:9f:20:53:62:2a:66:
         e6:a3:96:69:b2:b0:ef:72:d2:ff:68:5a:0e:ab:fb:74:f7:8b:
         45:97:6e:03:64:b2:21:18:9f:e5:80:d8:e2:99:81:fe:99:79:
         bf:aa:72:3b:86:70:d3:e2:f4:f9:c8:88:42:19:e2:00:66:9e:
         e1:eb:57:c0:aa:bc:ae:38:7f:ce:3f:09:7e:ef:a9:1c:67:94:
         57:57:c2:f4:3c:2a:ed:8d:98:4b:45:61:db:80:2e:03:d8:1f:
         25:80:3a:45:14:4b:23:c2:11:a8:75:24:09:84:47:ed:e9:b4:
         ef:80:20:ad:32:48:02:c3:f4:1e:f6:8c:a6:05:a4:b4:2a:c3:
         41:32:61:d9:3f:72:73:ff:30:5e:15:6b:da:d8:9c:06:d2:93:
         b9:03:ad:db:eb:6d:39:f4:10:f9:eb:d7:ca:e0:56:ec:7c:98:
         7c:84:95:35:eb:11:c8:e1:b7:64:89:c9:99:7c:29:e7:0f:e4:
         4e:ac:a7:f6:36:ea:b9:51:67:db:7a:d5:47:92:c0:39:34:0c:
         ef:6b:6d:31
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUfD5G8tiaQKRJxRr/MFAEok/ipLMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNANjRjMDkyNGFmNzVkYmFmZjJkZTVm
OTFiNWViYTliNjJhMmNmODlmNTQ0MzE1ZGI4ZjUwZjhhMTkyYzEwZGNmYTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvRmCmX99AobF1PBn/tazdyJgIIAm
OzxKgDzJdyo2vzwFLISCB12xM3KXDyLZnZeATHRMWv4Gt7ySpQ5VyCvE75N3vKnW
uqB2yzitGDyVkfxPfb+m1Pk+UPRRH3ttUZLmbpu1HMPTPXlsd153Daron0o5P3oH
iBoK9wNopg4v17LRyqz8Aq0Sulwb6XnRr0ADAo/MX7zgpOo2NTkV0bbuVGYJkK7p
eLLuk/wL1R7cZ0an0fTjj8aH0zCsXKYlxvF7nDjWlllNUVhoElNcKGhUyNLNU4eS
+kB+BpHn5IthhpPpt8wuPsnnNr2ZFyWfQ4J0+gdKG9I7TWbVcfFJwSqIGQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFNyxG9amkBPkVX7idhpJc/yDmM3PMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzE0ZTczOWY2LTg2NTAtNDU4My05NmNhLTJmMDkwZGUwY2M0Ny5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba9/AwDQYJKoZIhvcNAQELBQADggEBAKdRfN0/xH7zRURKUopy
zPYDJ2O4J5z3QuMpQfjqiL2rTDjsScSS7S+WDq2kBDlsE58gU2IqZuajlmmysO9y
0v9oWg6r+3T3i0WXbgNksiEYn+WA2OKZgf6Zeb+qcjuGcNPi9PnIiEIZ4gBmnuHr
V8CqvK44f84/CX7vqRxnlFdXwvQ8Ku2NmEtFYduALgPYHyWAOkUUSyPCEah1JAmE
R+3ptO+AIK0ySALD9B72jKYFpLQqw0EyYdk/cnP/MF4Va9rYnAbSk7kDrdvrbTn0
EPnr18rgVux8mHyElTXrEcjht2SJyZl8KecP5E6sp/Y26rlRZ9t61UeSwDk0DO9r
bTE=
-----END CERTIFICATE-----