Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/2ae9fa93-06f6-4e3f-b9ac-3cfc9933e9ec.roa
File:                     2ae9fa93-06f6-4e3f-b9ac-3cfc9933e9ec.roa (raw, json)
Hash identifier:          DBdfA1aX4F83GJ3Bpgros6u0ojfeHvX5ltnxeZ52rSc=
Subject key identifier:   6A:AE:4B:12:EF:6D:14:5C:A7:6B:FC:1C:34:CC:55:FB:00:C2:21:3A
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       70C9FF155B736EDE5394D31AFC1353BBC1CAF1
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/2ae9fa93-06f6-4e3f-b9ac-3cfc9933e9ec.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafb:4020::/46 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:c9:ff:15:5b:73:6e:de:53:94:d3:1a:fc:13:53:bb:c1:ca:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=cf9860e13f788e2db9e81af19ca125dafdb85c4336e37d67695216ceee087bc2, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:1a:93:e7:4a:a9:f5:6b:29:ce:00:60:4f:08:
                    df:1f:76:23:22:87:bb:ea:a7:d3:4e:b6:0b:e3:b4:
                    26:f0:b1:96:ae:9f:ee:4e:c1:a0:ea:a0:9f:de:a5:
                    87:2c:9d:d0:c4:d4:92:a3:d4:3f:eb:dc:51:67:42:
                    76:1f:0d:26:fe:ce:87:78:0e:b4:be:43:d3:46:50:
                    73:80:f2:29:76:19:fa:6c:9e:57:30:11:54:a9:8a:
                    83:2c:b1:0a:6c:20:e1:f4:0a:2a:f2:27:fd:b3:47:
                    25:ef:54:7d:27:09:db:f1:f7:82:32:24:49:b3:c9:
                    e5:f2:4f:f9:e6:62:35:ad:c3:86:f7:d4:29:15:0f:
                    bb:bb:08:50:a2:ff:ff:5d:20:0a:d8:8b:61:94:5f:
                    d6:7c:70:f3:27:e4:17:c6:76:bb:f7:6e:b2:62:39:
                    fa:7d:d1:13:c9:e6:d9:74:81:85:0e:7b:31:17:bb:
                    37:93:46:ef:f5:7f:3a:a9:79:fc:63:3d:b2:73:f2:
                    d6:ea:f5:9e:de:75:1e:46:8e:ee:e6:1f:8d:5a:5e:
                    d8:57:db:19:ab:51:e2:04:72:6f:3c:94:f8:97:6c:
                    38:b3:bc:5e:3a:f9:50:5c:87:66:bf:ab:30:fa:0f:
                    34:e1:90:05:9f:83:12:f4:4f:9f:e3:84:2f:e3:5b:
                    4c:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:AE:4B:12:EF:6D:14:5C:A7:6B:FC:1C:34:CC:55:FB:00:C2:21:3A
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/2ae9fa93-06f6-4e3f-b9ac-3cfc9933e9ec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafb:4020::/46

    Signature Algorithm: sha256WithRSAEncryption
         60:55:80:61:ac:2c:07:82:4c:02:75:37:9b:6c:ef:5b:80:58:
         9a:2c:3e:9b:bc:c2:98:29:80:b6:d8:98:99:6e:fa:95:06:73:
         49:5a:7a:13:15:ef:c4:18:f3:0b:fc:02:f5:c0:56:2c:5f:bf:
         30:56:c0:0e:22:25:ed:15:98:d5:f1:37:d7:85:da:ba:1f:f7:
         be:9d:af:f2:87:c3:c0:f1:65:dc:e6:74:af:eb:da:e9:ab:09:
         4e:41:0c:c1:31:8e:dc:d3:44:4d:ce:cf:38:cd:d7:04:81:b5:
         e2:e3:90:a8:a4:ef:0a:21:9b:32:35:3a:04:76:ef:02:e6:cc:
         35:1a:e5:a0:b4:04:ff:e8:24:13:e1:b8:33:ce:2f:0b:24:93:
         c5:f0:1a:5a:93:37:c3:43:88:41:b2:38:1f:01:f0:8b:8c:23:
         84:90:89:4c:d1:4e:8f:3f:ef:82:e6:23:7b:60:0a:56:8b:6a:
         0e:3b:d1:3c:61:7c:28:60:d9:4d:90:35:2e:11:27:51:94:4c:
         9f:93:a6:81:ef:1b:78:bd:05:76:a5:11:c3:83:4b:08:de:7c:
         cc:c7:0b:68:fa:35:f7:d3:4d:cc:18:a1:41:e9:f0:36:eb:0e:
         e7:46:0c:b0:0a:35:6d:5c:85:09:40:24:1e:8d:e5:4f:af:34:
         e6:3e:be:22
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgITcMn/FVtzbt5TlNMa/BNTu8HK8TANBgkqhkiG9w0BAQsF
ADBKMRUwEwYDVQQDEwxBOTFGNjM1RjAwMDAxMTAvBgNVBAUTKDQwNzY4MjU1MjRE
MkM2NkQyRTEwNDM2RkU2NUU5M0U4QzFCRDRBMzcwHhcNMjUwMTA3MDAwMDAwWhcN
MjUwMjExMjM1OTU5WjB6MUkwRwYDVQQFE0BjZjk4NjBlMTNmNzg4ZTJkYjllODFh
ZjE5Y2ExMjVkYWZkYjg1YzQzMzZlMzdkNjc2OTUyMTZjZWVlMDg3YmMyMS0wKwYD
VQQDEyRjMGJmMGZlOC03MTdjLTRmNzItOWI0NS1jOWM1MTkxMzJhODEwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpGpPnSqn1aynOAGBPCN8fdiMih7vq
p9NOtgvjtCbwsZaun+5OwaDqoJ/epYcsndDE1JKj1D/r3FFnQnYfDSb+zod4DrS+
Q9NGUHOA8il2GfpsnlcwEVSpioMssQpsIOH0CiryJ/2zRyXvVH0nCdvx94IyJEmz
yeXyT/nmYjWtw4b31CkVD7u7CFCi//9dIArYi2GUX9Z8cPMn5BfGdrv3brJiOfp9
0RPJ5tl0gYUOezEXuzeTRu/1fzqpefxjPbJz8tbq9Z7edR5Gju7mH41aXthX2xmr
UeIEcm88lPiXbDizvF46+VBch2a/qzD6DzThkAWfgxL0T5/jhC/jW0xPAgMBAAGj
ggJLMIICRzAdBgNVHQ4EFgQUaq5LEu9tFFyna/wcNMxV+wDCITowHwYDVR0jBBgw
FoAUQHaCVSTSxm0uEENv5l6T6MG9SjcwDgYDVR0PAQH/BAQDAgeAMH4GCCsGAQUF
BwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBv
c2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3QzcyRkQxRkYyL1FIYUNWU1RT
eG0wdUVFTnY1bDZUNk1HOVNqYy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1MGJlYzkyNjEv
MmFlOWZhOTMtMDZmNi00ZTNmLWI5YWMtM2NmYzk5MzNlOWVjLnJvYTCBlQYDVR0f
BIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFzdC0yLmFt
YXpvbmF3cy5jb20vdm9sdW1lLzA4YzJmMjY0LTIzZjktNDlmYi05ZDQzLWY4YjUw
YmVjOTI2MS83YmExNzg2My1hNjEzLTQxOTctOWVkNS1iZWRhNmE4OTg2OWYuY3Js
MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8E
AgACMAkDBwIkBtr7QCAwDQYJKoZIhvcNAQELBQADggEBAGBVgGGsLAeCTAJ1N5ts
71uAWJosPpu8wpgpgLbYmJlu+pUGc0laehMV78QY8wv8AvXAVixfvzBWwA4iJe0V
mNXxN9eF2rof976dr/KHw8DxZdzmdK/r2umrCU5BDMExjtzTRE3OzzjN1wSBteLj
kKik7wohmzI1OgR27wLmzDUa5aC0BP/oJBPhuDPOLwskk8XwGlqTN8NDiEGyOB8B
8IuMI4SQiUzRTo8/74LmI3tgClaLag470TxhfChg2U2QNS4RJ1GUTJ+TpoHvG3i9
BXalEcODSwjefMzHC2j6NffTTcwYoUHp8DbrDudGDLAKNW1chQlAJB6N5U+vNOY+
viI=
-----END CERTIFICATE-----