Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/28cdc7bf-56f0-4c40-a789-3c91448fb955.roa
File:                     28cdc7bf-56f0-4c40-a789-3c91448fb955.roa (raw, json)
Hash identifier:          Vb66yozZz42KnXu0Pja8zDnW+/W/A4u0jza+hoUlvM0=
Subject key identifier:   0D:1E:8F:D3:DC:E3:13:B9:B2:75:4C:6B:40:A7:CE:C9:A4:D3:7E:EF
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       0D0F0184B7BC6C8CD7EEB8098FCD5C4060E86E8C
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/28cdc7bf-56f0-4c40-a789-3c91448fb955.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da38:4040::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:0f:01:84:b7:bc:6c:8c:d7:ee:b8:09:8f:cd:5c:40:60:e8:6e:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=3fb078183c5e58dec4b102d931f3bcd5b65d08a8ce7fdd9c7f4673d8c340de27, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:cf:72:e2:cc:14:5c:8c:0d:fd:5b:19:43:49:
                    de:19:42:fd:3a:8b:ce:5a:86:43:63:9f:68:ea:8e:
                    cb:47:94:1d:20:5a:53:74:81:f3:f9:9d:25:ae:0d:
                    e1:b6:b0:6c:97:a5:46:7b:18:ae:b7:43:a0:7d:51:
                    bd:61:da:b3:4d:1d:c7:e0:b0:dc:6d:f7:a4:49:eb:
                    62:5f:b3:00:6d:1d:44:a4:07:c9:95:9a:2c:8a:c4:
                    3f:cb:29:b8:96:70:e3:e9:8d:9b:a1:f1:e3:fd:7f:
                    8e:53:e2:fe:1c:f6:f3:b5:73:41:71:47:5f:12:0c:
                    59:a3:15:b7:d4:44:87:21:e4:22:10:e2:b0:aa:44:
                    df:a1:76:96:c8:f4:bb:6c:2d:ef:4f:36:b1:37:23:
                    0d:eb:67:71:62:c7:ea:05:62:48:7f:97:50:ee:6b:
                    fa:ad:11:a8:2f:4d:03:fd:f8:fe:6f:bd:28:94:6c:
                    31:1c:3e:3b:fc:7a:3c:ab:d7:a5:e5:4e:50:8b:c4:
                    d8:8b:98:9c:4a:42:c0:0a:a3:7d:af:68:04:87:1b:
                    1e:a5:28:5c:15:68:58:06:5b:c3:a6:be:e3:0f:95:
                    d8:af:21:d6:ed:a3:34:30:6b:86:6b:d2:6c:48:73:
                    f9:63:f9:05:48:81:64:dd:f2:8b:6f:91:81:99:18:
                    c6:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:1E:8F:D3:DC:E3:13:B9:B2:75:4C:6B:40:A7:CE:C9:A4:D3:7E:EF
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/28cdc7bf-56f0-4c40-a789-3c91448fb955.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da38:4040::/48

    Signature Algorithm: sha256WithRSAEncryption
         9c:58:43:d8:99:e4:e2:6b:cb:08:b8:bb:6b:ae:e6:ea:d0:16:
         07:87:a5:45:fe:18:3a:89:61:10:2d:a1:6e:66:d9:24:00:bb:
         ba:5f:19:f4:d2:04:d2:21:0b:82:a3:0a:50:fc:45:7a:e7:b4:
         b8:c4:12:b6:c2:e9:f4:dd:09:d8:f4:d3:80:c2:50:b8:73:35:
         e8:16:0d:aa:08:95:95:c6:5f:15:95:36:c2:cb:a4:2f:44:d3:
         f5:6c:e5:68:5c:02:0d:8e:33:06:ea:15:74:f1:35:e3:6e:9d:
         6d:26:47:e5:fb:78:a8:e6:77:40:f0:b8:a2:ad:dd:b8:bc:ad:
         f7:49:3b:5c:73:80:53:9c:c8:b0:3f:ce:69:0b:2c:15:da:7f:
         a0:3b:97:94:6d:02:6f:a1:83:0e:50:f0:03:72:64:ba:a5:11:
         96:7a:eb:bd:e1:da:b0:35:5b:a0:a9:ac:72:8c:d3:c5:1c:d4:
         b4:1c:ea:63:7f:9d:eb:37:9a:50:86:20:d5:2e:eb:fd:ca:3c:
         7f:25:95:4f:f5:af:8f:1d:e9:4e:80:2a:00:c9:eb:94:a0:1e:
         cf:84:91:45:fa:9d:53:0c:4b:d2:2e:dc:26:cc:65:ae:a5:1a:
         2d:cd:eb:a3:e3:69:f1:ad:8d:35:35:7d:09:f5:e9:12:74:6f:
         f5:da:0a:dc
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUDQ8BhLe8bIzX7rgJj81cQGDobowwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNAM2ZiMDc4MTgzYzVlNThkZWM0YjEw
MmQ5MzFmM2JjZDViNjVkMDhhOGNlN2ZkZDljN2Y0NjczZDhjMzQwZGUyNzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArc9y4swUXIwN/VsZQ0neGUL9OovO
WoZDY59o6o7LR5QdIFpTdIHz+Z0lrg3htrBsl6VGexiut0OgfVG9YdqzTR3H4LDc
bfekSetiX7MAbR1EpAfJlZosisQ/yym4lnDj6Y2bofHj/X+OU+L+HPbztXNBcUdf
EgxZoxW31ESHIeQiEOKwqkTfoXaWyPS7bC3vTzaxNyMN62dxYsfqBWJIf5dQ7mv6
rRGoL00D/fj+b70olGwxHD47/Ho8q9el5U5Qi8TYi5icSkLACqN9r2gEhxsepShc
FWhYBlvDpr7jD5XYryHW7aM0MGuGa9JsSHP5Y/kFSIFk3fKLb5GBmRjGVwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFA0ej9Pc4xO5snVMa0Cnzsmk037vMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzI4Y2RjN2JmLTU2ZjAtNGM0MC1hNzg5LTNjOTE0NDhmYjk1NS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAbaOEBAMA0GCSqGSIb3DQEBCwUAA4IBAQCcWEPYmeTia8sIuLtr
rubq0BYHh6VF/hg6iWEQLaFuZtkkALu6Xxn00gTSIQuCowpQ/EV657S4xBK2wun0
3QnY9NOAwlC4czXoFg2qCJWVxl8VlTbCy6QvRNP1bOVoXAINjjMG6hV08TXjbp1t
Jkfl+3io5ndA8Liird24vK33STtcc4BTnMiwP85pCywV2n+gO5eUbQJvoYMOUPAD
cmS6pRGWeuu94dqwNVugqaxyjNPFHNS0HOpjf53rN5pQhiDVLuv9yjx/JZVP9a+P
HelOgCoAyeuUoB7PhJFF+p1TDEvSLtwmzGWupRotzeuj42nxrY01NX0J9ekSdG/1
2grc
-----END CERTIFICATE-----