Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/29bedfc3-5012-48c2-8699-377e478d8269.roa
File:                     29bedfc3-5012-48c2-8699-377e478d8269.roa (raw, json)
Hash identifier:          DO8zdqJUjImNDzvJQGcl0VjjMgm/YblA80N4YCt+GIM=
Subject key identifier:   C9:79:74:28:B2:05:F9:6C:A7:C3:24:6A:19:FC:61:19:57:71:A4:D0
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       02D627ED96E2660FE61818CA0007D74588E44F79
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/29bedfc3-5012-48c2-8699-377e478d8269.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da36:1000::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:d6:27:ed:96:e2:66:0f:e6:18:18:ca:00:07:d7:45:88:e4:4f:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=dd3c972bd2968c538c77a53af241f03966d9dc805a0c22e4e4949df2808d3511, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:3f:a2:1b:56:53:2b:4e:ee:db:25:90:9b:f9:
                    ac:c2:9a:94:35:8a:38:06:d4:c8:fc:94:e9:26:a5:
                    8c:c2:29:91:ec:9c:db:1a:88:c3:55:20:64:0c:01:
                    fd:69:ed:52:5e:ad:a2:19:2d:fd:0c:67:de:86:ab:
                    b8:e9:af:92:35:e0:bc:e7:c3:e6:f5:2a:f3:36:f6:
                    93:8f:7a:22:5b:08:c8:d4:aa:17:ec:14:a9:7f:75:
                    5d:da:59:c9:9c:f3:e7:aa:58:4a:05:db:a5:7d:5b:
                    7f:0a:4a:aa:05:43:61:ca:bc:8b:07:13:8e:ed:c5:
                    ca:ad:14:e0:01:fd:c4:dc:22:3e:99:44:ec:bf:47:
                    59:57:ec:d3:f0:19:2b:d5:72:f5:f9:37:6a:ab:1f:
                    db:e4:5c:17:44:c0:11:34:4d:dc:9f:27:48:81:13:
                    9e:ac:49:9e:6f:a5:75:22:4e:55:d2:3b:68:82:cf:
                    20:67:51:3e:d2:45:d9:30:82:ec:78:74:11:0f:88:
                    a8:2d:94:3c:19:d0:b6:33:77:bb:5e:c0:97:cd:d6:
                    1e:af:40:c9:6b:99:d1:ff:4d:50:7c:6e:25:b5:9a:
                    0b:4b:64:67:ee:81:52:11:1c:3d:ad:34:a8:42:eb:
                    5b:81:d9:a8:72:53:d2:c2:b2:16:47:68:24:8b:0e:
                    ad:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:79:74:28:B2:05:F9:6C:A7:C3:24:6A:19:FC:61:19:57:71:A4:D0
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/29bedfc3-5012-48c2-8699-377e478d8269.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da36:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         aa:ee:25:04:03:ab:78:10:42:89:f0:a6:85:f9:ce:87:33:2e:
         f2:11:82:d7:1b:f6:3a:90:cd:72:d6:58:07:3d:9f:db:30:8b:
         c4:58:f1:65:30:bc:e6:97:0c:8d:2c:1d:36:f3:62:cd:59:9f:
         db:a2:a8:39:54:e9:c4:32:81:25:71:d9:b3:ab:84:b4:08:5a:
         be:f2:e3:36:79:fa:c8:1f:b1:d8:fc:59:3a:6b:cf:87:4c:7a:
         fa:05:15:38:65:d2:db:66:eb:a0:2a:52:36:77:cf:05:13:0d:
         af:af:f5:7c:db:22:92:4c:e8:f5:11:05:a4:91:db:05:90:f6:
         49:de:7e:52:69:b0:2b:29:69:93:f2:ef:01:7d:e9:7d:25:b6:
         4c:17:e1:c4:f6:dd:4f:dd:78:ca:da:c2:e6:df:90:73:11:76:
         2f:7a:e2:1e:f4:16:0d:df:80:05:97:fc:87:4f:01:88:cd:03:
         fd:59:70:8c:73:14:48:be:20:0b:a2:37:cd:5b:92:95:37:58:
         a7:6b:c2:cc:c1:2b:f8:19:d0:4f:70:fc:06:00:2a:fe:e3:c5:
         77:be:45:96:19:27:1c:8f:09:85:d5:c1:40:85:66:09:53:42:
         14:2b:27:13:f2:3e:b5:28:b2:1f:e1:a6:76:e0:19:f4:24:bb:
         55:99:af:a2
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUAtYn7ZbiZg/mGBjKAAfXRYjkT3kwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNAZGQzYzk3MmJkMjk2OGM1MzhjNzdh
NTNhZjI0MWYwMzk2NmQ5ZGM4MDVhMGMyMmU0ZTQ5NDlkZjI4MDhkMzUxMTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsD+iG1ZTK07u2yWQm/mswpqUNYo4
BtTI/JTpJqWMwimR7JzbGojDVSBkDAH9ae1SXq2iGS39DGfehqu46a+SNeC858Pm
9SrzNvaTj3oiWwjI1KoX7BSpf3Vd2lnJnPPnqlhKBdulfVt/CkqqBUNhyryLBxOO
7cXKrRTgAf3E3CI+mUTsv0dZV+zT8Bkr1XL1+Tdqqx/b5FwXRMARNE3cnydIgROe
rEmeb6V1Ik5V0jtogs8gZ1E+0kXZMILseHQRD4ioLZQ8GdC2M3e7XsCXzdYer0DJ
a5nR/01QfG4ltZoLS2Rn7oFSERw9rTSoQutbgdmoclPSwrIWR2gkiw6tnwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFMl5dCiyBflsp8Mkahn8YRlXcaTQMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzI5YmVkZmMzLTUwMTItNDhjMi04Njk5LTM3N2U0NzhkODI2OS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaNhAwDQYJKoZIhvcNAQELBQADggEBAKruJQQDq3gQQonwpoX5
zoczLvIRgtcb9jqQzXLWWAc9n9swi8RY8WUwvOaXDI0sHTbzYs1Zn9uiqDlU6cQy
gSVx2bOrhLQIWr7y4zZ5+sgfsdj8WTprz4dMevoFFThl0ttm66AqUjZ3zwUTDa+v
9XzbIpJM6PURBaSR2wWQ9kneflJpsCspaZPy7wF96X0ltkwX4cT23U/deMrawubf
kHMRdi964h70Fg3fgAWX/IdPAYjNA/1ZcIxzFEi+IAuiN81bkpU3WKdrwszBK/gZ
0E9w/AYAKv7jxXe+RZYZJxyPCYXVwUCFZglTQhQrJxPyPrUosh/hpnbgGfQku1WZ
r6I=
-----END CERTIFICATE-----