Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/155b9460-f900-4dba-b530-f76a8a3fab89.roa
File:                     155b9460-f900-4dba-b530-f76a8a3fab89.roa (raw, json)
Hash identifier:          EPpauFSrimoAfuLU9kicOO/aT9y8woUcZ0zGA6oNQ+I=
Subject key identifier:   47:84:4C:62:F4:E3:A3:3A:E8:D3:10:FA:D5:00:12:44:4D:9F:E4:48
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       2533D0166BDB1B177AC2BA03CE594DBFE6D35ACC
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/155b9460-f900-4dba-b530-f76a8a3fab89.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da17:800::/38 maxlen: 38
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:33:d0:16:6b:db:1b:17:7a:c2:ba:03:ce:59:4d:bf:e6:d3:5a:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=dcc086b4246e47cdb1ebdc9096912f7a23a3c91b93208300139a7ddf04a6965a, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:52:cc:eb:87:2e:af:18:e0:fc:99:99:9e:81:
                    9b:87:a7:43:48:08:29:a3:7a:35:ae:70:bb:c1:87:
                    de:fd:2c:b2:d7:5b:40:a2:3f:7c:de:8a:0e:70:3a:
                    91:18:6f:f2:b8:d6:c9:73:79:8f:3c:34:6f:4a:20:
                    5c:7d:ca:4f:f0:5f:dc:94:00:28:77:83:83:a0:6d:
                    be:6c:a8:a0:0d:f6:e2:2c:1d:2f:93:2a:d4:03:e6:
                    02:41:86:f8:3a:77:a5:5d:fe:bf:8e:f0:81:4b:fc:
                    60:86:51:24:af:23:a7:05:3e:0c:c7:e1:e3:1c:fa:
                    60:9d:3a:2d:c7:3a:e4:f3:02:30:55:2c:fe:69:6b:
                    2d:6a:cc:2f:3e:b8:d7:e7:bc:d5:5c:0f:ef:83:ec:
                    47:da:9e:d8:b2:80:9c:fd:29:e1:3f:71:79:15:58:
                    5c:1b:15:e8:c0:96:cd:d5:62:6c:72:1f:b7:10:76:
                    4e:cc:84:6f:9c:62:4e:d8:68:fe:ab:b4:ba:81:d2:
                    3a:df:fb:47:bf:bc:f7:8e:8c:f8:58:82:69:73:1f:
                    96:f9:c1:8c:8e:71:6b:60:6e:36:22:f6:b0:00:52:
                    11:dd:05:64:97:db:a5:9b:e0:ca:00:01:57:7d:5e:
                    27:74:7d:ff:ae:b1:61:8f:14:4e:81:3a:03:bf:51:
                    0a:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:84:4C:62:F4:E3:A3:3A:E8:D3:10:FA:D5:00:12:44:4D:9F:E4:48
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/155b9460-f900-4dba-b530-f76a8a3fab89.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da17:800::/38

    Signature Algorithm: sha256WithRSAEncryption
         3d:6e:8b:c7:ee:a7:8f:ec:2a:fb:9a:cd:fa:58:3f:3f:b9:f6:
         83:42:db:76:ae:c5:02:39:cf:cf:aa:6f:5d:b7:34:4c:c7:d8:
         9a:44:19:3e:a4:c2:e1:ac:92:ec:9a:63:9c:1d:4c:fc:f3:a8:
         e2:22:f7:13:71:6f:19:28:fa:85:36:1f:b0:7f:07:e0:71:f5:
         c7:44:0c:5c:93:22:75:62:89:80:21:b5:69:59:a8:cb:33:74:
         a4:64:70:43:90:5f:0e:99:ab:f7:4e:78:4a:59:ab:b6:67:20:
         6f:0a:4f:2c:04:b4:0e:da:0e:c6:20:0f:08:b2:82:37:e8:da:
         3b:97:74:e5:c2:d7:58:21:21:46:e7:75:8e:08:db:76:26:0b:
         00:d9:9c:d5:f0:fa:bc:80:37:6f:15:42:78:19:d8:77:f2:bb:
         10:89:fe:3a:67:5a:dc:d0:9b:d4:db:3d:77:3f:91:5b:fe:b2:
         40:d3:47:63:b6:12:36:be:fe:2a:ee:cd:a9:0c:69:74:41:90:
         3b:6a:5a:ab:80:4a:8d:76:75:8b:1f:4c:04:8c:1b:fe:1d:06:
         76:c1:11:bf:e4:1c:fa:d1:53:2a:7f:59:b2:61:b6:99:08:c8:
         68:38:99:81:59:ff:13:24:bc:87:01:01:6c:aa:de:80:3a:77:
         f1:2e:5d:f9
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUJTPQFmvbGxd6wroDzllNv+bTWswwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNAZGNjMDg2YjQyNDZlNDdjZGIxZWJk
YzkwOTY5MTJmN2EyM2EzYzkxYjkzMjA4MzAwMTM5YTdkZGYwNGE2OTY1YTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz1LM64curxjg/JmZnoGbh6dDSAgp
o3o1rnC7wYfe/Syy11tAoj983ooOcDqRGG/yuNbJc3mPPDRvSiBcfcpP8F/clAAo
d4ODoG2+bKigDfbiLB0vkyrUA+YCQYb4OnelXf6/jvCBS/xghlEkryOnBT4Mx+Hj
HPpgnTotxzrk8wIwVSz+aWstaswvPrjX57zVXA/vg+xH2p7YsoCc/SnhP3F5FVhc
GxXowJbN1WJsch+3EHZOzIRvnGJO2Gj+q7S6gdI63/tHv7z3joz4WIJpcx+W+cGM
jnFrYG42IvawAFIR3QVkl9ulm+DKAAFXfV4ndH3/rrFhjxROgToDv1EKEQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFEeETGL046M66NMQ+tUAEkRNn+RIMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzE1NWI5NDYwLWY5MDAtNGRiYS1iNTMwLWY3NmE4YTNmYWI4OS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYCJAbaFwgwDQYJKoZIhvcNAQELBQADggEBAD1ui8fup4/sKvuazfpY
Pz+59oNC23auxQI5z8+qb123NEzH2JpEGT6kwuGskuyaY5wdTPzzqOIi9xNxbxko
+oU2H7B/B+Bx9cdEDFyTInViiYAhtWlZqMszdKRkcEOQXw6Zq/dOeEpZq7ZnIG8K
TywEtA7aDsYgDwiygjfo2juXdOXC11ghIUbndY4I23YmCwDZnNXw+ryAN28VQngZ
2HfyuxCJ/jpnWtzQm9TbPXc/kVv+skDTR2O2Eja+/iruzakMaXRBkDtqWquASo12
dYsfTASMG/4dBnbBEb/kHPrRUyp/WbJhtpkIyGg4mYFZ/xMkvIcBAWyq3oA6d/Eu
Xfk=
-----END CERTIFICATE-----