Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/38ae37ad-50db-4547-8df2-8cdcc56e5ca1.roa
File:                     38ae37ad-50db-4547-8df2-8cdcc56e5ca1.roa (raw, json)
Hash identifier:          bo0ZnkPSWxDttAMtQezb9PQu1znXycpLHAHlGcU9Img=
Subject key identifier:   98:3B:80:DB:39:92:E1:7B:ED:4B:20:7A:36:85:83:4F:45:A5:E8:A5
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       1300B03823BF5F2BE394EFFE9E29E6CAA80201D9
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/38ae37ad-50db-4547-8df2-8cdcc56e5ca1.roa
Signing time:             Fri 24 Jan 2025 00:00:00 +0000
ROA not before:           Fri 24 Jan 2025 00:00:00 +0000
ROA not after:            Fri 28 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da32::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:00:b0:38:23:bf:5f:2b:e3:94:ef:fe:9e:29:e6:ca:a8:02:01:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan 24 00:00:00 2025 GMT
            Not After : Feb 28 23:59:59 2025 GMT
        Subject: serialNumber=c0ed96319efc5b0e87ab57aae37f01819cb4530c86dd14d55bf9ea6ce6f68b01, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:54:c4:69:f3:a7:70:8d:96:ff:d5:14:75:56:
                    d2:5d:b9:29:ea:2b:8f:96:75:a6:3c:e8:d1:29:d2:
                    35:3b:aa:9d:66:64:b1:50:56:ed:18:d7:db:2a:55:
                    4e:c4:31:d1:81:8c:e3:24:2f:a1:68:70:01:e0:6e:
                    c7:2b:39:11:89:52:f4:16:ef:eb:8f:94:91:ff:30:
                    a0:d1:55:11:a0:3f:33:5e:8e:4c:d2:a6:c4:dc:10:
                    8a:56:ef:d9:92:9b:6c:46:2c:e9:bc:76:54:e1:f9:
                    05:30:42:2a:d5:82:15:24:8c:e6:75:1d:4f:94:13:
                    a6:eb:1d:c0:49:4f:31:bd:7b:2f:f6:a7:2a:d0:27:
                    4d:9b:c9:7a:90:c9:cd:ce:0f:bb:39:0d:20:ce:62:
                    d6:76:62:a1:7b:38:23:1d:cb:5c:8b:85:70:c9:a7:
                    5b:6f:67:98:c0:22:a4:5b:81:ef:aa:00:ed:d2:8d:
                    60:d8:a1:7e:d9:0f:f6:06:ec:9f:2c:09:5b:a4:c8:
                    e7:81:ad:4a:6d:9f:76:73:32:16:dd:7a:3b:bf:6e:
                    92:b5:d6:f4:fb:e4:0e:9a:c2:10:ec:a3:1f:90:c3:
                    05:5c:4c:31:d2:39:22:f9:2f:04:0f:80:8e:11:f8:
                    90:b0:47:f9:4e:e0:d3:53:c8:ea:26:56:40:b0:7a:
                    ba:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:3B:80:DB:39:92:E1:7B:ED:4B:20:7A:36:85:83:4F:45:A5:E8:A5
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/38ae37ad-50db-4547-8df2-8cdcc56e5ca1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da32::/32

    Signature Algorithm: sha256WithRSAEncryption
         8e:48:9e:0c:b0:54:f3:3e:e4:3e:ec:65:6a:95:be:19:88:45:
         01:a5:b3:dc:f4:9e:42:7f:cd:7d:a7:d8:b3:ae:7c:0a:0b:07:
         5d:c1:78:f2:64:42:44:7b:13:7f:8a:e0:b8:bf:56:3c:0c:ea:
         6a:c3:45:ff:ca:90:ec:50:b3:d3:ea:e4:0a:6b:85:aa:33:7d:
         8c:9a:95:e7:a0:64:ab:bd:1d:0a:f4:bc:ca:cd:24:d1:e6:8f:
         94:68:16:5a:09:01:13:9c:dd:b3:33:9d:e3:9b:86:97:88:3e:
         08:f9:b0:4e:59:da:eb:1f:58:a7:5f:8c:34:f1:9b:0f:29:01:
         48:25:64:8c:6d:9e:b2:d8:bf:08:59:76:ca:df:c8:46:19:04:
         78:15:02:48:76:70:db:df:49:99:1f:0d:59:4f:1f:38:3b:25:
         6a:30:fd:b8:d9:11:e3:cc:83:87:ce:d6:ea:e1:ef:7c:93:70:
         ee:8b:7b:fc:4b:45:a0:9a:07:27:26:5d:fa:d9:de:d5:8a:f9:
         0d:20:95:5c:18:85:2f:0c:db:de:83:9a:bf:eb:1e:3a:7b:ee:
         e7:36:54:3d:9d:25:88:03:97:8f:1f:45:d9:2c:da:49:c1:01:
         1f:a2:1c:e1:7a:93:81:5e:5f:69:fe:23:0d:17:67:cd:d4:9b:
         89:13:1c:bd
-----BEGIN CERTIFICATE-----
MIIFnTCCBIWgAwIBAgIUEwCwOCO/XyvjlO/+ninmyqgCAdkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEyNDAwMDAwMFoX
DTI1MDIyODIzNTk1OVowejFJMEcGA1UEBRNAYzBlZDk2MzE5ZWZjNWIwZTg3YWI1
N2FhZTM3ZjAxODE5Y2I0NTMwYzg2ZGQxNGQ1NWJmOWVhNmNlNmY2OGIwMTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlFTEafOncI2W/9UUdVbSXbkp6iuP
lnWmPOjRKdI1O6qdZmSxUFbtGNfbKlVOxDHRgYzjJC+haHAB4G7HKzkRiVL0Fu/r
j5SR/zCg0VURoD8zXo5M0qbE3BCKVu/ZkptsRizpvHZU4fkFMEIq1YIVJIzmdR1P
lBOm6x3ASU8xvXsv9qcq0CdNm8l6kMnNzg+7OQ0gzmLWdmKhezgjHctci4Vwyadb
b2eYwCKkW4HvqgDt0o1g2KF+2Q/2BuyfLAlbpMjnga1KbZ92czIW3Xo7v26Stdb0
++QOmsIQ7KMfkMMFXEwx0jki+S8ED4COEfiQsEf5TuDTU8jqJlZAsHq6xwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFJg7gNs5kuF77UsgejaFg09FpeilMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzM4YWUzN2FkLTUwZGItNDU0Ny04ZGYyLThjZGNjNTZlNWNhMS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzAN
BAIAAjAHAwUAJAbaMjANBgkqhkiG9w0BAQsFAAOCAQEAjkieDLBU8z7kPuxlapW+
GYhFAaWz3PSeQn/NfafYs658CgsHXcF48mRCRHsTf4rguL9WPAzqasNF/8qQ7FCz
0+rkCmuFqjN9jJqV56Bkq70dCvS8ys0k0eaPlGgWWgkBE5zdszOd45uGl4g+CPmw
Tlna6x9Yp1+MNPGbDykBSCVkjG2esti/CFl2yt/IRhkEeBUCSHZw299JmR8NWU8f
ODslajD9uNkR48yDh87W6uHvfJNw7ot7/EtFoJoHJyZd+tne1Yr5DSCVXBiFLwzb
3oOav+seOnvu5zZUPZ0liAOXjx9F2SzaScEBH6Ic4XqTgV5faf4jDRdnzdSbiRMc
vQ==
-----END CERTIFICATE-----