Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/31394a5a-554b-47ca-bb81-76d568c901d8.roa
File:                     31394a5a-554b-47ca-bb81-76d568c901d8.roa (raw, json)
Hash identifier:          zMX3XZfqPyf5QKTok+ALcGjcw1BmRViVJxNKMx+4ZSM=
Subject key identifier:   1D:11:CD:C7:3B:A8:AC:CE:E5:C5:3A:EB:F1:60:41:DB:68:8E:32:AD
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       7DDCF280274EF232CDCBB81B4DB0641042003EBB
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/31394a5a-554b-47ca-bb81-76d568c901d8.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da61:c8c0::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:dc:f2:80:27:4e:f2:32:cd:cb:b8:1b:4d:b0:64:10:42:00:3e:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=0a427b356faf78b7824367816073707293186c12b21ee5498269c4515c068578, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:e9:74:17:0d:6f:9e:e2:d7:9a:10:bd:57:f6:
                    51:48:5c:94:f8:e9:91:42:16:30:37:c6:28:f3:36:
                    49:67:27:d2:db:d7:ff:62:13:e6:9c:51:ab:94:35:
                    31:bc:43:0d:1b:3c:31:9a:84:4b:67:b4:9d:b9:41:
                    54:99:9c:92:35:c9:17:8c:94:15:14:77:7e:3b:a0:
                    b3:05:2c:fe:fb:9c:d0:02:d2:66:fb:a2:8f:3c:09:
                    e8:de:f3:85:4c:9a:c0:b3:8b:0b:a1:06:ff:3c:0e:
                    c4:ee:c4:bb:2b:07:b3:c4:ea:0b:f9:eb:4e:08:b2:
                    b0:74:a8:f9:9b:03:c6:1d:b2:8e:f2:0a:7f:99:fa:
                    3f:9d:51:29:6a:f0:82:8d:f6:ba:a9:96:6b:3e:37:
                    d9:ed:8d:b2:5d:7f:d6:e7:6a:1c:a5:7e:ee:fb:95:
                    bf:cf:bd:c4:cc:a1:51:b9:27:ed:b3:1d:41:e1:51:
                    60:02:ed:d5:9a:33:49:96:c2:d3:1a:38:30:9f:bf:
                    24:2e:65:3e:28:b0:c8:8f:38:1d:14:ce:9e:ba:61:
                    90:3c:42:bf:61:b0:51:b5:21:4b:47:00:84:09:61:
                    e8:a8:0b:b0:4f:69:3f:dc:20:7e:92:18:c1:39:b3:
                    f8:9c:47:39:d8:d0:ea:41:87:b7:8e:d4:9f:32:26:
                    81:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:11:CD:C7:3B:A8:AC:CE:E5:C5:3A:EB:F1:60:41:DB:68:8E:32:AD
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/31394a5a-554b-47ca-bb81-76d568c901d8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da61:c8c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         23:44:cf:79:5d:c9:61:3c:09:83:42:49:51:85:c0:e0:55:af:
         b2:94:f6:ec:b5:6f:03:0c:64:2f:0c:55:26:1f:a6:c0:e6:66:
         24:1e:00:05:bd:a9:ce:02:59:b0:e2:7e:93:02:23:f0:5b:04:
         ab:8b:a9:8e:82:56:78:34:b9:4a:26:61:26:84:62:03:9f:ec:
         c8:0a:ae:e5:a2:bf:fc:b1:d6:d1:f1:0a:bb:f5:2b:0a:b9:e6:
         fe:f9:d0:82:8a:8c:56:50:a3:38:93:ee:48:27:11:cd:9d:81:
         e4:63:4a:4e:38:fa:55:e9:49:3c:c8:73:88:9e:f8:b4:59:68:
         4c:e2:db:3d:d8:52:08:3e:db:1d:38:6f:03:d5:6e:6c:d3:be:
         d0:cc:8a:99:79:b8:54:5d:75:e3:f7:65:37:c2:47:4c:df:d3:
         bf:e1:a7:63:38:66:04:8e:52:02:1d:cb:06:71:05:95:8f:f2:
         18:a4:74:18:64:20:31:28:03:de:7b:56:a1:83:23:df:ae:b5:
         74:dc:25:84:a5:2d:e4:b8:0e:8d:5d:f9:5e:ff:56:b9:96:d2:
         82:f3:55:30:e6:b2:2e:d8:d1:b4:af:f1:60:59:72:3d:8f:d4:
         da:b4:7b:51:44:9d:0e:24:f4:82:bf:18:66:dc:d8:f4:3b:0f:
         b5:26:7f:c8
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUfdzygCdO8jLNy7gbTbBkEEIAPrswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNAMGE0MjdiMzU2ZmFmNzhiNzgyNDM2
NzgxNjA3MzcwNzI5MzE4NmMxMmIyMWVlNTQ5ODI2OWM0NTE1YzA2ODU3ODEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu+l0Fw1vnuLXmhC9V/ZRSFyU+OmR
QhYwN8Yo8zZJZyfS29f/YhPmnFGrlDUxvEMNGzwxmoRLZ7SduUFUmZySNckXjJQV
FHd+O6CzBSz++5zQAtJm+6KPPAno3vOFTJrAs4sLoQb/PA7E7sS7KwezxOoL+etO
CLKwdKj5mwPGHbKO8gp/mfo/nVEpavCCjfa6qZZrPjfZ7Y2yXX/W52ocpX7u+5W/
z73EzKFRuSftsx1B4VFgAu3VmjNJlsLTGjgwn78kLmU+KLDIjzgdFM6eumGQPEK/
YbBRtSFLRwCECWHoqAuwT2k/3CB+khjBObP4nEc52NDqQYe3jtSfMiaB1QIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFB0Rzcc7qKzO5cU66/FgQdtojjKtMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzMxMzk0YTVhLTU1NGItNDdjYS1iYjgxLTc2ZDU2OGM5MDFkOC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAbaYcjAMA0GCSqGSIb3DQEBCwUAA4IBAQAjRM95XclhPAmDQklR
hcDgVa+ylPbstW8DDGQvDFUmH6bA5mYkHgAFvanOAlmw4n6TAiPwWwSri6mOglZ4
NLlKJmEmhGIDn+zICq7lor/8sdbR8Qq79SsKueb++dCCioxWUKM4k+5IJxHNnYHk
Y0pOOPpV6Uk8yHOInvi0WWhM4ts92FIIPtsdOG8D1W5s077QzIqZebhUXXXj92U3
wkdM39O/4adjOGYEjlICHcsGcQWVj/IYpHQYZCAxKAPee1ahgyPfrrV03CWEpS3k
uA6NXfle/1a5ltKC81Uw5rIu2NG0r/FgWXI9j9TatHtRRJ0OJPSCvxhm3Nj0Ow+1
Jn/I
-----END CERTIFICATE-----