Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/31d82ebe-09a5-48fe-8169-b4de58988b94.roa
File:                     31d82ebe-09a5-48fe-8169-b4de58988b94.roa (raw, json)
Hash identifier:          ssLmlfyJ9JF+T3p5a/mDS+e43qK+mqLG0spkllWp5Gg=
Subject key identifier:   AD:11:27:D4:E1:9F:D2:52:52:06:9F:1F:24:F8:D1:31:D8:72:7B:D2
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       0629880DF09CA54223052CFEBFFADA16296203C5
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/31d82ebe-09a5-48fe-8169-b4de58988b94.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da1a::/36 maxlen: 36
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:29:88:0d:f0:9c:a5:42:23:05:2c:fe:bf:fa:da:16:29:62:03:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=6bfe68a6ae429015325ef86a879100e6763f82b5456efec524ba1e5dbf94d448, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:09:12:71:fc:b1:54:89:be:14:40:4f:f5:8a:
                    02:b0:52:49:0d:4e:90:d5:8f:05:5a:84:cb:56:60:
                    8d:31:01:05:65:97:66:9b:4b:25:cc:e9:ab:e8:bc:
                    02:fc:fa:63:fd:20:e0:7b:ba:a0:e7:7a:86:5d:7a:
                    f9:49:bd:89:c2:86:a8:75:03:cb:1a:b5:ac:04:12:
                    f9:a3:73:00:04:a3:c9:c6:5b:fc:45:d4:73:37:dd:
                    8c:f1:f7:ac:88:01:74:9a:21:0e:fe:20:5d:be:4f:
                    d7:8a:42:c8:86:72:3d:39:a4:c2:77:7d:63:3c:6d:
                    0b:96:58:f0:0b:b8:29:32:ea:ef:ab:28:3f:ad:b6:
                    23:0d:e4:4e:7f:af:cc:ac:3c:47:30:58:60:d0:f5:
                    1d:88:13:a4:57:e0:d7:e5:d8:ee:cf:6c:e1:2e:df:
                    a2:3c:6e:54:73:ea:76:88:10:4f:a9:10:a9:2a:19:
                    d1:17:a9:ae:96:40:d5:6f:a9:c3:4a:f3:3d:33:0c:
                    a6:be:e0:26:04:29:6f:ab:1e:f0:e7:26:37:7e:6c:
                    d8:c9:2e:93:83:b7:51:04:4f:1d:e3:63:21:ae:f7:
                    98:33:ce:24:9a:b7:28:f7:0f:e0:2a:92:90:93:1c:
                    06:56:79:25:f6:43:58:8e:e1:80:7e:e7:d6:ab:fc:
                    2a:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:11:27:D4:E1:9F:D2:52:52:06:9F:1F:24:F8:D1:31:D8:72:7B:D2
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/31d82ebe-09a5-48fe-8169-b4de58988b94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da1a::/36

    Signature Algorithm: sha256WithRSAEncryption
         c3:ac:ac:e0:84:74:d0:e5:7f:fb:e6:02:9a:a1:0d:8c:04:c9:
         0c:36:b8:5f:69:20:07:1a:74:d8:f8:c3:50:5a:84:e9:cc:90:
         dc:11:90:df:73:09:92:1d:db:1a:49:98:d3:1a:af:56:90:53:
         d5:10:03:1f:f4:c6:a5:c7:6f:93:f6:59:e0:af:2c:30:0e:ec:
         2b:f8:9c:b8:18:fc:cf:8f:cc:a3:c6:86:1d:6e:f6:b6:af:e2:
         a3:93:0b:ff:3b:2d:21:20:d3:73:84:3f:33:b1:16:09:6f:f8:
         24:bf:4c:ab:fd:51:81:3a:c7:ab:78:d4:40:b0:ed:d0:34:ae:
         11:4f:55:bc:8f:50:cc:d2:f7:43:ba:e3:c4:37:e0:4c:b0:df:
         23:f9:3b:ce:c8:04:cf:61:5c:a4:fc:51:0c:a0:b7:09:e0:e4:
         59:be:85:b9:e9:e0:55:1f:58:b6:6c:9c:6a:24:44:c3:79:45:
         68:c5:3e:41:8e:ab:fb:67:9e:5d:e2:67:6d:79:a6:a7:74:c2:
         8f:51:7e:a8:f9:82:39:29:cb:9b:ae:e1:9b:e8:6b:81:f5:78:
         aa:bd:56:a5:e6:a5:69:20:fd:e1:a1:4b:eb:e7:69:6d:dc:e6:
         e2:d2:e8:08:da:83:11:13:4d:38:ea:88:94:dd:4b:6f:40:32:
         85:58:8f:6f
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUBimIDfCcpUIjBSz+v/raFiliA8UwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNANmJmZTY4YTZhZTQyOTAxNTMyNWVm
ODZhODc5MTAwZTY3NjNmODJiNTQ1NmVmZWM1MjRiYTFlNWRiZjk0ZDQ0ODEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvgkScfyxVIm+FEBP9YoCsFJJDU6Q
1Y8FWoTLVmCNMQEFZZdmm0slzOmr6LwC/Ppj/SDge7qg53qGXXr5Sb2JwoaodQPL
GrWsBBL5o3MABKPJxlv8RdRzN92M8fesiAF0miEO/iBdvk/XikLIhnI9OaTCd31j
PG0LlljwC7gpMurvqyg/rbYjDeROf6/MrDxHMFhg0PUdiBOkV+DX5djuz2zhLt+i
PG5Uc+p2iBBPqRCpKhnRF6mulkDVb6nDSvM9MwymvuAmBClvqx7w5yY3fmzYyS6T
g7dRBE8d42MhrveYM84kmrco9w/gKpKQkxwGVnkl9kNYjuGAfufWq/wqEQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFK0RJ9Thn9JSUgafHyT40THYcnvSMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzMxZDgyZWJlLTA5YTUtNDhmZS04MTY5LWI0ZGU1ODk4OGI5NC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYEJAbaGgAwDQYJKoZIhvcNAQELBQADggEBAMOsrOCEdNDlf/vmApqh
DYwEyQw2uF9pIAcadNj4w1BahOnMkNwRkN9zCZId2xpJmNMar1aQU9UQAx/0xqXH
b5P2WeCvLDAO7Cv4nLgY/M+PzKPGhh1u9rav4qOTC/87LSEg03OEPzOxFglv+CS/
TKv9UYE6x6t41ECw7dA0rhFPVbyPUMzS90O648Q34Eyw3yP5O87IBM9hXKT8UQyg
twng5Fm+hbnp4FUfWLZsnGokRMN5RWjFPkGOq/tnnl3iZ215pqd0wo9Rfqj5gjkp
y5uu4Zvoa4H1eKq9VqXmpWkg/eGhS+vnaW3c5uLS6AjagxETTTjqiJTdS29AMoVY
j28=
-----END CERTIFICATE-----