Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/379ac177-341a-40e4-b3e8-d66876068de1.roa
File:                     379ac177-341a-40e4-b3e8-d66876068de1.roa (raw, json)
Hash identifier:          JZsc/adJ9Rd3NQzdv8NpYDQgszmtFPV2SI+Je3kifwg=
Subject key identifier:   ED:9E:8A:ED:1E:5D:85:64:7B:89:D5:AF:1D:CB:DC:9D:E0:74:7C:90
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       4FDACDDEF6D74A74D0CAB8FF27D4D5A3279E832E
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/379ac177-341a-40e4-b3e8-d66876068de1.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafb:c880::/46 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:da:cd:de:f6:d7:4a:74:d0:ca:b8:ff:27:d4:d5:a3:27:9e:83:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=56bba334b5c0e80ca2903e36d86e6dca83ab1ca3e574868323d3f1e079c439eb, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:a9:93:45:c8:91:87:7f:d2:b5:51:b7:51:5d:
                    d6:e5:f9:2c:94:d1:64:10:aa:26:7e:40:69:3b:15:
                    d0:46:58:71:8d:53:47:97:07:05:fd:31:1b:98:fd:
                    a7:3a:de:3f:fe:bd:6f:97:d8:07:c2:b0:de:52:7a:
                    78:e1:c1:62:63:0f:33:40:71:b2:77:74:ff:ab:7a:
                    0d:53:6b:02:6d:d3:f0:fb:45:63:8e:fb:01:36:46:
                    d0:4d:1a:c3:52:99:00:80:33:35:26:28:3d:81:79:
                    65:da:e9:f1:fb:57:ae:3f:76:81:53:c6:fd:08:8a:
                    73:85:ca:6b:65:8f:20:10:48:89:ce:1f:46:72:96:
                    0a:fe:2f:c2:be:f1:ef:c4:73:0c:42:8e:72:e4:0a:
                    72:47:8e:cb:fa:ca:7c:b6:47:3f:55:4a:d0:22:f7:
                    ac:1b:50:73:99:92:0a:fe:2b:8a:c2:f1:d6:22:c7:
                    e0:09:cd:b9:db:b3:54:79:57:03:1c:3c:44:3d:35:
                    e6:11:2e:3d:75:39:12:fe:56:45:9e:ea:4e:20:d4:
                    31:4b:9d:4b:40:3b:62:b2:80:ab:61:c1:3b:5a:d8:
                    2b:c1:96:2f:e3:3f:76:6b:90:05:a6:67:0c:be:5d:
                    bb:b4:2c:84:59:45:11:88:40:9c:f2:cc:6b:93:05:
                    b1:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:9E:8A:ED:1E:5D:85:64:7B:89:D5:AF:1D:CB:DC:9D:E0:74:7C:90
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/379ac177-341a-40e4-b3e8-d66876068de1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafb:c880::/46

    Signature Algorithm: sha256WithRSAEncryption
         8e:4e:d7:bf:81:ec:6f:e5:ef:d3:06:ea:cf:66:d7:6d:89:23:
         f7:44:46:9b:59:fb:a6:45:45:e8:cf:3b:73:6e:a2:8d:af:b6:
         54:19:55:d7:81:61:3a:ae:de:7e:eb:d5:bb:67:7a:07:80:54:
         1c:0d:c7:72:4d:47:24:49:2b:ea:98:4f:3c:77:16:78:93:32:
         45:8f:43:3d:c7:dd:42:fa:78:81:76:ed:15:90:9a:c7:96:83:
         32:36:88:9e:26:9d:9b:4d:31:3f:ef:1e:93:b3:98:c4:78:54:
         44:54:ea:8d:a3:35:41:91:39:72:b8:77:9b:cf:b7:3a:c5:bf:
         7d:0e:2c:58:75:5e:a5:db:29:73:9f:ff:9e:7a:37:c2:3d:53:
         13:17:35:a1:b5:8a:0b:96:a6:95:82:ba:5f:1e:d2:f5:53:97:
         83:af:1c:da:84:6d:d8:9e:b9:d2:4f:97:a9:a9:88:8f:1d:5c:
         b4:82:61:23:a3:3e:4e:9d:dd:d6:f7:53:65:b4:47:8e:e2:98:
         94:5d:2c:84:3e:59:0e:09:bc:34:49:55:f7:fa:fa:55:e1:bd:
         6c:0c:db:54:7c:55:be:f3:c9:33:bd:c1:5b:0a:7f:fc:f4:50:
         8b:5a:b3:e5:b3:8f:68:48:0b:60:fa:78:4b:6c:62:36:15:3f:
         7e:60:42:b6
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUT9rN3vbXSnTQyrj/J9TVoyeegy4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNANTZiYmEzMzRiNWMwZTgwY2EyOTAz
ZTM2ZDg2ZTZkY2E4M2FiMWNhM2U1NzQ4NjgzMjNkM2YxZTA3OWM0MzllYjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsamTRciRh3/StVG3UV3W5fkslNFk
EKomfkBpOxXQRlhxjVNHlwcF/TEbmP2nOt4//r1vl9gHwrDeUnp44cFiYw8zQHGy
d3T/q3oNU2sCbdPw+0VjjvsBNkbQTRrDUpkAgDM1Jig9gXll2unx+1euP3aBU8b9
CIpzhcprZY8gEEiJzh9GcpYK/i/CvvHvxHMMQo5y5ApyR47L+sp8tkc/VUrQIves
G1BzmZIK/iuKwvHWIsfgCc2527NUeVcDHDxEPTXmES49dTkS/lZFnupOINQxS51L
QDtisoCrYcE7WtgrwZYv4z92a5AFpmcMvl27tCyEWUURiECc8sxrkwWxFQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFO2eiu0eXYVke4nVrx3L3J3gdHyQMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzM3OWFjMTc3LTM0MWEtNDBlNC1iM2U4LWQ2Njg3NjA2OGRlMS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcCJAba+8iAMA0GCSqGSIb3DQEBCwUAA4IBAQCOTte/gexv5e/TBurP
ZtdtiSP3REabWfumRUXozztzbqKNr7ZUGVXXgWE6rt5+69W7Z3oHgFQcDcdyTUck
SSvqmE88dxZ4kzJFj0M9x91C+niBdu0VkJrHloMyNoieJp2bTTE/7x6Ts5jEeFRE
VOqNozVBkTlyuHebz7c6xb99DixYdV6l2ylzn/+eejfCPVMTFzWhtYoLlqaVgrpf
HtL1U5eDrxzahG3YnrnST5epqYiPHVy0gmEjoz5Ond3W91NltEeO4piUXSyEPlkO
Cbw0SVX3+vpV4b1sDNtUfFW+88kzvcFbCn/89FCLWrPls49oSAtg+nhLbGI2FT9+
YEK2
-----END CERTIFICATE-----