Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/2ef94ee4-4310-4cee-8115-190220d10277.roa
File:                     2ef94ee4-4310-4cee-8115-190220d10277.roa (raw, json)
Hash identifier:          vjHsPR7tgpJpUCriXocl4B2F7fCYFxwhielIxJ8dz0A=
Subject key identifier:   28:E0:AE:5A:02:2B:3F:8E:BC:7E:FC:64:DE:5B:D1:AD:13:31:55:A1
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       3BB5AC7CF83D4B91033F413E839F91062788223F
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/2ef94ee4-4310-4cee-8115-190220d10277.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf7:840::/46 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:b5:ac:7c:f8:3d:4b:91:03:3f:41:3e:83:9f:91:06:27:88:22:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=923bee9ed0f610e7ea3854e801a9890726c21ecccad3d87f7fe36f0ab0f8fc52, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:92:a3:98:47:f5:4f:57:cd:ca:17:a9:87:fc:
                    e9:8e:1c:b6:55:80:05:d7:66:04:e2:fe:0d:43:96:
                    ca:7e:94:14:62:47:65:7e:f3:bf:e4:5f:32:52:81:
                    df:c4:46:d8:ac:04:91:ac:37:87:83:ec:82:39:b2:
                    ac:31:61:56:42:22:b5:d4:de:6a:4d:82:59:02:b8:
                    a1:31:8e:1f:6f:28:a5:0d:0a:d4:59:ab:1c:78:dc:
                    88:24:03:01:05:17:c4:b6:73:1a:0d:6c:e0:1d:24:
                    58:c4:ad:39:5c:e1:4b:17:ce:9d:82:fb:37:be:48:
                    86:1f:67:92:68:6e:50:bb:cf:a3:eb:3e:29:df:66:
                    15:9b:52:c5:ab:0b:4e:29:39:c3:5d:84:f2:7b:d5:
                    02:06:43:88:0a:36:4c:47:84:53:ce:6d:8a:11:82:
                    ae:f3:dd:7c:91:6f:46:90:17:07:d0:e3:47:bc:e5:
                    6b:43:73:81:be:c7:90:7e:3a:09:c4:b1:30:2d:10:
                    84:82:79:07:4e:d9:04:d1:c5:85:eb:04:e6:2f:b3:
                    2b:67:cd:4c:39:8a:16:24:cd:93:39:7f:68:d6:56:
                    ba:60:1e:fb:78:4f:95:e8:ad:3d:bf:a7:12:16:00:
                    3e:a8:78:b9:71:dd:d3:8e:d2:0d:49:c2:08:b5:b9:
                    15:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:E0:AE:5A:02:2B:3F:8E:BC:7E:FC:64:DE:5B:D1:AD:13:31:55:A1
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/2ef94ee4-4310-4cee-8115-190220d10277.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf7:840::/46

    Signature Algorithm: sha256WithRSAEncryption
         2c:30:c8:3f:5e:f8:af:f1:86:bc:82:1e:02:7c:3c:f7:29:fe:
         22:40:a6:f8:5e:49:fe:d9:a7:fd:84:9d:b2:5b:d7:c0:7b:0f:
         2e:d4:f9:68:9e:12:3b:85:26:21:e1:04:8c:85:b1:84:6e:30:
         6a:9e:95:c6:c4:f9:2b:90:db:ba:c6:d7:be:38:1e:72:bb:d5:
         5a:9d:a4:32:fb:30:eb:d8:16:d0:75:8d:1e:de:81:37:43:9d:
         a2:99:ed:4f:1b:0f:83:d3:9a:9c:db:f2:03:35:ad:84:ca:13:
         81:ae:1a:b4:fb:58:21:ae:73:10:3e:4c:10:e7:9e:00:ab:17:
         32:46:d4:5b:98:03:71:f1:fc:eb:dc:f5:31:85:ea:41:f1:23:
         97:2f:53:0f:9b:d0:bc:18:fb:2f:4d:7c:85:5b:65:06:23:5e:
         21:27:f2:5b:45:78:0c:9b:46:41:23:86:c3:ab:95:47:c8:5f:
         40:6d:b2:ab:a9:a9:58:41:cc:fe:4a:b0:5a:d2:53:3e:f2:a9:
         43:9b:92:2a:06:d6:6f:ab:d9:70:c8:ad:b9:d0:ac:52:d2:49:
         26:f3:e1:c6:f8:b3:cd:35:e2:bf:f4:06:77:41:cc:ec:d8:52:
         1c:f4:48:30:1c:9a:80:5d:ad:d9:73:a0:81:20:f6:63:5f:b4:
         56:b1:b0:d8
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUO7WsfPg9S5EDP0E+g5+RBieIIj8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNAOTIzYmVlOWVkMGY2MTBlN2VhMzg1
NGU4MDFhOTg5MDcyNmMyMWVjY2NhZDNkODdmN2ZlMzZmMGFiMGY4ZmM1MjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAupKjmEf1T1fNyheph/zpjhy2VYAF
12YE4v4NQ5bKfpQUYkdlfvO/5F8yUoHfxEbYrASRrDeHg+yCObKsMWFWQiK11N5q
TYJZArihMY4fbyilDQrUWasceNyIJAMBBRfEtnMaDWzgHSRYxK05XOFLF86dgvs3
vkiGH2eSaG5Qu8+j6z4p32YVm1LFqwtOKTnDXYTye9UCBkOICjZMR4RTzm2KEYKu
8918kW9GkBcH0ONHvOVrQ3OBvseQfjoJxLEwLRCEgnkHTtkE0cWF6wTmL7MrZ81M
OYoWJM2TOX9o1la6YB77eE+V6K09v6cSFgA+qHi5cd3TjtINScIItbkVvQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFCjgrloCKz+OvH78ZN5b0a0TMVWhMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzJlZjk0ZWU0LTQzMTAtNGNlZS04MTE1LTE5MDIyMGQxMDI3Ny5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcCJAba9whAMA0GCSqGSIb3DQEBCwUAA4IBAQAsMMg/Xviv8Ya8gh4C
fDz3Kf4iQKb4Xkn+2af9hJ2yW9fAew8u1PlonhI7hSYh4QSMhbGEbjBqnpXGxPkr
kNu6xte+OB5yu9VanaQy+zDr2BbQdY0e3oE3Q52ime1PGw+D05qc2/IDNa2EyhOB
rhq0+1ghrnMQPkwQ554AqxcyRtRbmANx8fzr3PUxhepB8SOXL1MPm9C8GPsvTXyF
W2UGI14hJ/JbRXgMm0ZBI4bDq5VHyF9AbbKrqalYQcz+SrBa0lM+8qlDm5IqBtZv
q9lwyK250KxS0kkm8+HG+LPNNeK/9AZ3Qczs2FIc9EgwHJqAXa3Zc6CBIPZjX7RW
sbDY
-----END CERTIFICATE-----