Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/206f10d0-0840-46e9-be47-09127e97b837.roa
File:                     206f10d0-0840-46e9-be47-09127e97b837.roa (raw, json)
Hash identifier:          4OcrDKa7DMyxejhh1xq+vFs1pc3lluxlQiO0Z8BEma0=
Subject key identifier:   41:A7:02:4D:E1:B3:33:0F:AE:0B:D0:AA:D8:69:FC:34:31:83:B6:91
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       02667F825341361D88478A766AC0AD6B0F6638D1
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/206f10d0-0840-46e9-be47-09127e97b837.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf2:70c0::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:66:7f:82:53:41:36:1d:88:47:8a:76:6a:c0:ad:6b:0f:66:38:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=a0da8aa9d431b416d793b75737dc862ab6e744946e0f5e0561d5baf3f5983b46, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:97:22:d1:95:47:3b:5b:c0:c7:46:11:fb:94:
                    fd:4f:29:54:0f:12:41:55:d0:09:3d:f1:93:88:4d:
                    df:02:9b:a1:b7:8c:d3:3e:ab:54:2e:97:77:66:13:
                    16:71:06:37:53:cc:07:69:aa:9c:1d:c9:31:0b:5a:
                    ea:0a:ff:36:67:34:6c:e4:2f:e1:13:fa:8e:64:4e:
                    07:63:ad:f1:05:31:8d:85:c6:8c:e6:a4:1e:0b:a1:
                    19:09:8b:5c:7d:b8:50:64:65:9c:25:37:dd:ad:48:
                    91:39:d0:b7:6d:d5:3f:bc:72:25:5e:cd:1a:9e:f2:
                    38:88:a2:31:50:9c:9e:bd:45:ab:c1:52:22:f8:7c:
                    0e:5c:f6:c9:91:f2:ac:9b:e2:ae:a7:66:78:e3:c9:
                    f0:00:e0:b4:78:ea:69:5d:82:54:1d:cf:3e:0d:33:
                    07:f8:6e:9e:d8:3b:d7:a4:d3:ab:65:68:dc:f1:38:
                    1f:93:ff:fa:1e:fc:e0:aa:dc:67:ab:97:bc:9d:f8:
                    47:84:16:7f:a8:b7:77:d1:d3:15:06:e6:a8:52:c7:
                    0d:50:14:7b:4a:3c:2f:10:44:00:13:cf:b2:e5:33:
                    26:e3:2a:19:3c:37:0c:e5:28:b8:2c:ad:c6:ed:b5:
                    cb:77:25:9a:08:5e:3e:3b:ea:ad:2a:0e:29:2e:02:
                    81:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:A7:02:4D:E1:B3:33:0F:AE:0B:D0:AA:D8:69:FC:34:31:83:B6:91
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/206f10d0-0840-46e9-be47-09127e97b837.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf2:70c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         3b:b5:46:4a:60:94:95:21:93:1c:8d:91:aa:6d:29:bc:ae:7a:
         f5:1d:ba:b6:11:fa:3d:4e:cf:71:c6:1f:a1:99:13:ed:08:67:
         2a:42:7f:7a:75:e5:8b:b7:fa:71:4f:81:57:7c:23:63:c2:3d:
         77:5f:6c:a6:bf:fb:18:1f:6c:fd:d2:65:f4:6a:aa:91:aa:5e:
         34:e7:df:0f:ad:e4:44:c9:18:9b:fe:93:ae:06:3a:d9:c4:10:
         15:ff:8d:2d:59:ab:90:3d:01:3f:b8:4f:d3:14:7c:2a:b7:d9:
         fd:c4:1f:3d:a9:92:5b:ba:12:bd:27:c5:73:a1:fc:7d:8a:94:
         60:73:fe:3f:b5:53:d2:d4:1b:05:90:7e:d0:c5:9e:49:2f:eb:
         ff:de:31:ed:10:9d:7c:4c:4c:fd:96:fb:6a:05:28:d8:cd:5e:
         a5:f7:ad:7e:c4:15:f3:73:f9:14:a0:36:33:5c:92:18:82:35:
         03:87:13:3e:76:a7:2c:17:53:9a:f3:4f:e8:94:66:d9:ba:a0:
         29:48:e1:f2:06:89:35:1d:9e:7e:66:0c:07:40:0e:88:c2:95:
         20:95:d3:f3:a4:90:cb:13:09:48:7f:34:c6:21:d1:6b:52:fd:
         95:12:dd:00:e7:46:a6:78:38:a8:35:ad:ac:f2:91:1f:43:07:
         2b:a2:98:a0
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUAmZ/glNBNh2IR4p2asCtaw9mONEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNAYTBkYThhYTlkNDMxYjQxNmQ3OTNi
NzU3MzdkYzg2MmFiNmU3NDQ5NDZlMGY1ZTA1NjFkNWJhZjNmNTk4M2I0NjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkJci0ZVHO1vAx0YR+5T9TylUDxJB
VdAJPfGTiE3fApuht4zTPqtULpd3ZhMWcQY3U8wHaaqcHckxC1rqCv82ZzRs5C/h
E/qOZE4HY63xBTGNhcaM5qQeC6EZCYtcfbhQZGWcJTfdrUiROdC3bdU/vHIlXs0a
nvI4iKIxUJyevUWrwVIi+HwOXPbJkfKsm+Kup2Z448nwAOC0eOppXYJUHc8+DTMH
+G6e2DvXpNOrZWjc8Tgfk//6Hvzgqtxnq5e8nfhHhBZ/qLd30dMVBuaoUscNUBR7
SjwvEEQAE8+y5TMm4yoZPDcM5Si4LK3G7bXLdyWaCF4+O+qtKg4pLgKBQQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFEGnAk3hszMPrgvQqthp/DQxg7aRMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzIwNmYxMGQwLTA4NDAtNDZlOS1iZTQ3LTA5MTI3ZTk3YjgzNy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAba8nDAMA0GCSqGSIb3DQEBCwUAA4IBAQA7tUZKYJSVIZMcjZGq
bSm8rnr1Hbq2Efo9Ts9xxh+hmRPtCGcqQn96deWLt/pxT4FXfCNjwj13X2ymv/sY
H2z90mX0aqqRql40598PreREyRib/pOuBjrZxBAV/40tWauQPQE/uE/TFHwqt9n9
xB89qZJbuhK9J8Vzofx9ipRgc/4/tVPS1BsFkH7QxZ5JL+v/3jHtEJ18TEz9lvtq
BSjYzV6l961+xBXzc/kUoDYzXJIYgjUDhxM+dqcsF1Oa80/olGbZuqApSOHyBok1
HZ5+ZgwHQA6IwpUgldPzpJDLEwlIfzTGIdFrUv2VEt0A50ameDioNa2s8pEfQwcr
opig
-----END CERTIFICATE-----