Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/36a61bb0-d5ee-40f9-b3eb-0fa1d1a4956c.roa
File:                     36a61bb0-d5ee-40f9-b3eb-0fa1d1a4956c.roa (raw, json)
Hash identifier:          7QkS4M1YcXwZTchQ863m3t7fmO/u5fUbM8eRK9p5hoQ=
Subject key identifier:   E6:99:C3:77:6A:41:14:1B:60:D0:F1:C1:58:63:8B:C9:00:F0:2B:2D
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       5048692FF29152D17159E628FA9D906B7998D2EA
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/36a61bb0-d5ee-40f9-b3eb-0fa1d1a4956c.roa
Signing time:             Fri 10 Jan 2025 00:00:00 +0000
ROA not before:           Fri 10 Jan 2025 00:00:00 +0000
ROA not after:            Fri 14 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da36::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:48:69:2f:f2:91:52:d1:71:59:e6:28:fa:9d:90:6b:79:98:d2:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan 10 00:00:00 2025 GMT
            Not After : Feb 14 23:59:59 2025 GMT
        Subject: serialNumber=4dfeaff9c94e5103292992a97dd57493a4c980f616db07975bd85fa7c8469890, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:a4:e7:49:9f:23:71:58:1d:7f:92:28:b5:55:
                    2c:35:28:4a:3f:c6:30:af:30:cb:0f:df:0d:ec:b4:
                    b2:ab:3a:72:54:c0:35:68:38:1b:fb:66:b5:f8:ed:
                    e5:15:ed:20:40:0a:9e:09:20:81:dc:89:0e:c3:38:
                    d6:65:d8:8a:9f:59:e9:c8:68:3b:4c:12:cd:cc:ed:
                    7e:82:63:f6:eb:45:03:51:37:e9:fe:f9:1a:76:01:
                    8c:48:36:8f:f1:d4:01:03:22:c8:3f:a9:c3:86:61:
                    73:ec:57:f0:e7:db:a5:79:55:2d:7d:cc:cf:42:53:
                    66:fc:c1:42:79:18:7f:04:83:fc:6b:47:c3:7f:74:
                    26:6d:81:e2:af:9e:05:c1:4b:d9:e4:bf:46:e5:aa:
                    16:15:0e:9a:92:cd:08:e9:6a:61:09:cc:7c:a9:28:
                    33:e3:ec:65:e3:b0:c8:53:8b:b1:ea:80:81:2c:78:
                    50:8f:af:8a:7b:d8:18:46:7b:c0:37:b1:1d:42:70:
                    27:bd:06:45:b5:87:77:2b:86:73:58:e2:94:7a:bb:
                    e9:f7:6d:45:31:ff:bf:f5:19:20:36:bf:d9:2c:4e:
                    2a:74:c6:b2:ea:38:f1:7c:e4:4a:26:17:51:29:ef:
                    b7:52:41:81:1a:6b:80:9b:2f:07:2b:1c:1c:81:81:
                    50:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:99:C3:77:6A:41:14:1B:60:D0:F1:C1:58:63:8B:C9:00:F0:2B:2D
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/36a61bb0-d5ee-40f9-b3eb-0fa1d1a4956c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da36::/32

    Signature Algorithm: sha256WithRSAEncryption
         0f:f5:fd:80:45:9a:19:15:d9:9b:4a:d3:98:be:e2:ca:df:b3:
         de:3a:cb:d3:e2:05:19:17:3c:2b:43:eb:cb:67:22:b1:af:6c:
         e2:98:52:35:46:7f:d9:0a:cc:5a:ca:35:3e:e4:c4:7b:78:66:
         ec:17:de:86:a2:ba:66:82:e2:ea:c0:d2:43:b0:4f:59:e8:67:
         bb:ad:f2:4b:ef:f2:8a:f9:26:0d:1c:4d:c3:7f:61:f6:b9:4e:
         6f:66:7f:7a:1f:f1:fa:9d:bb:75:ea:28:33:ff:34:45:cd:46:
         d9:e6:c1:16:33:15:88:cd:ce:d3:a6:35:58:07:d1:03:b1:7d:
         92:00:de:24:df:9f:a1:df:b6:b2:0a:cd:e3:88:48:6d:88:23:
         e9:bc:52:e2:4d:e9:41:a0:f4:e5:ef:35:46:89:7d:40:3b:2d:
         98:df:92:7f:5e:9e:38:b3:01:d8:55:b7:d3:fa:b1:64:44:e3:
         22:68:a1:31:cb:c9:90:6a:c4:4f:1f:f9:2b:33:ea:f5:89:ff:
         e6:a4:b9:15:9f:bf:53:6a:e9:43:39:b0:a9:93:da:25:db:3b:
         41:61:e0:75:94:a6:c8:7c:fa:fd:8a:ff:bb:ca:4c:b2:bd:08:
         eb:7a:0d:7f:28:cf:01:d3:b9:44:a5:a6:f7:15:f1:8b:7f:f1:
         ee:82:eb:f6
-----BEGIN CERTIFICATE-----
MIIFnTCCBIWgAwIBAgIUUEhpL/KRUtFxWeYo+p2Qa3mY0uowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDExMDAwMDAwMFoX
DTI1MDIxNDIzNTk1OVowejFJMEcGA1UEBRNANGRmZWFmZjljOTRlNTEwMzI5Mjk5
MmE5N2RkNTc0OTNhNGM5ODBmNjE2ZGIwNzk3NWJkODVmYTdjODQ2OTg5MDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArqTnSZ8jcVgdf5IotVUsNShKP8Yw
rzDLD98N7LSyqzpyVMA1aDgb+2a1+O3lFe0gQAqeCSCB3IkOwzjWZdiKn1npyGg7
TBLNzO1+gmP260UDUTfp/vkadgGMSDaP8dQBAyLIP6nDhmFz7Ffw59uleVUtfczP
QlNm/MFCeRh/BIP8a0fDf3QmbYHir54FwUvZ5L9G5aoWFQ6aks0I6WphCcx8qSgz
4+xl47DIU4ux6oCBLHhQj6+Ke9gYRnvAN7EdQnAnvQZFtYd3K4ZzWOKUervp921F
Mf+/9RkgNr/ZLE4qdMay6jjxfORKJhdRKe+3UkGBGmuAmy8HKxwcgYFQqQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFOaZw3dqQRQbYNDxwVhji8kA8CstMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzM2YTYxYmIwLWQ1ZWUtNDBmOS1iM2ViLTBmYTFkMWE0OTU2Yy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzAN
BAIAAjAHAwUAJAbaNjANBgkqhkiG9w0BAQsFAAOCAQEAD/X9gEWaGRXZm0rTmL7i
yt+z3jrL0+IFGRc8K0Pry2cisa9s4phSNUZ/2QrMWso1PuTEe3hm7BfehqK6ZoLi
6sDSQ7BPWehnu63yS+/yivkmDRxNw39h9rlOb2Z/eh/x+p27deooM/80Rc1G2ebB
FjMViM3O06Y1WAfRA7F9kgDeJN+fod+2sgrN44hIbYgj6bxS4k3pQaD05e81Rol9
QDstmN+Sf16eOLMB2FW30/qxZETjImihMcvJkGrETx/5KzPq9Yn/5qS5FZ+/U2rp
QzmwqZPaJds7QWHgdZSmyHz6/Yr/u8pMsr0I63oNfyjPAdO5RKWm9xXxi3/x7oLr
9g==
-----END CERTIFICATE-----