Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/3aaa4e98-35e7-4700-aa65-013387f5feae.roa
File:                     3aaa4e98-35e7-4700-aa65-013387f5feae.roa (raw, json)
Hash identifier:          i2Oc17oDCOqUEZyosHdpapMB1yb93eTfxlaIondBUYI=
Subject key identifier:   6F:66:AC:2B:11:EE:A9:F6:D9:2B:96:CA:73:D8:77:36:3C:C9:1C:70
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       0210BC677413F69C6FB102473A68195C54803EDE
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/3aaa4e98-35e7-4700-aa65-013387f5feae.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafb:b000::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:10:bc:67:74:13:f6:9c:6f:b1:02:47:3a:68:19:5c:54:80:3e:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=83bbcb0282ffde7c9f139ac17869d90d5631071e263b6dd55fe9bfd4515986e3, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:56:03:1b:75:67:4c:bd:9b:e1:d3:75:de:f6:
                    e9:d1:f5:d7:7f:e5:4a:aa:2a:ea:b7:39:3a:d6:83:
                    d4:f4:e3:ca:f7:85:bb:86:28:90:be:49:6a:cf:c1:
                    89:f8:4e:15:11:f4:ca:7a:d8:ad:ad:26:19:c8:97:
                    26:9c:c4:59:45:38:77:44:7e:dd:4f:3b:ab:45:79:
                    41:fb:b9:6e:43:52:60:73:02:26:6f:b4:67:9b:c9:
                    d8:25:db:13:46:e9:ab:f3:86:b8:75:3e:a7:80:39:
                    36:56:09:1a:97:42:c4:be:d1:fe:e9:3b:46:c2:eb:
                    3a:93:d6:e7:4a:d8:bc:d5:10:f8:90:4f:4a:c4:bc:
                    ad:2c:0f:92:73:f9:d9:2c:aa:82:45:12:5a:76:6f:
                    96:a1:34:39:56:06:db:a5:a4:e4:ed:c3:26:a1:e1:
                    79:5a:6a:13:6c:d9:36:67:ac:64:fa:76:15:b3:cc:
                    72:61:2b:ec:b5:ea:6c:2f:2e:7a:42:f5:79:e2:26:
                    44:c6:5f:7f:f0:c5:5d:ae:66:db:a6:14:5a:83:5f:
                    ec:01:0d:85:3f:96:10:d7:15:fe:61:99:b8:53:bd:
                    c7:a9:d5:0e:b4:16:fe:9b:fa:89:8d:8a:7a:a3:3a:
                    22:45:01:1d:6b:d4:01:3d:48:1e:e5:33:29:87:83:
                    25:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:66:AC:2B:11:EE:A9:F6:D9:2B:96:CA:73:D8:77:36:3C:C9:1C:70
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/3aaa4e98-35e7-4700-aa65-013387f5feae.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafb:b000::/40

    Signature Algorithm: sha256WithRSAEncryption
         37:8b:22:38:c4:49:dc:6b:a6:07:df:d1:d8:ab:ec:de:3b:ef:
         ee:46:08:96:65:88:7e:25:9f:ff:09:3a:ef:44:79:27:ff:82:
         1f:63:fd:e9:e1:2b:0a:09:a7:7b:b4:55:c7:ef:3c:b2:8d:49:
         97:2c:65:f6:8f:8a:15:70:f7:4e:38:0f:65:55:90:b4:0b:bb:
         a4:64:1f:86:ba:38:0d:eb:fc:74:af:22:04:da:96:a9:e7:34:
         c1:7b:6d:12:97:8e:58:71:e8:73:ef:d2:92:fa:17:3a:59:b7:
         3b:47:b2:69:f9:4e:bd:d0:ae:29:0e:d2:44:23:58:81:09:5b:
         41:e7:5c:31:f9:2a:35:19:f5:76:20:7b:06:a3:ea:b5:40:f1:
         d6:97:92:ec:d8:9a:0d:7d:4d:d0:61:f0:13:b9:e3:e1:cc:e7:
         e6:70:56:aa:ed:20:fb:1d:a6:52:ce:5d:42:21:5e:7a:be:2e:
         db:94:d7:e9:a8:6b:6f:8c:ed:1a:06:04:13:2d:f4:70:6e:6d:
         7e:3f:fd:4a:55:1a:0e:94:d1:3b:06:30:0e:81:84:a5:6a:5c:
         e7:c4:52:5e:20:70:45:4a:e8:e4:84:c7:ee:7e:b4:f9:b5:cd:
         85:f4:a3:b1:e3:5d:c2:e5:3f:8d:11:e8:b0:52:f2:46:9d:88:
         fe:06:04:93
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUAhC8Z3QT9pxvsQJHOmgZXFSAPt4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNAODNiYmNiMDI4MmZmZGU3YzlmMTM5
YWMxNzg2OWQ5MGQ1NjMxMDcxZTI2M2I2ZGQ1NWZlOWJmZDQ1MTU5ODZlMzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFYDG3VnTL2b4dN13vbp0fXXf+VK
qirqtzk61oPU9OPK94W7hiiQvklqz8GJ+E4VEfTKetitrSYZyJcmnMRZRTh3RH7d
TzurRXlB+7luQ1JgcwImb7Rnm8nYJdsTRumr84a4dT6ngDk2Vgkal0LEvtH+6TtG
wus6k9bnSti81RD4kE9KxLytLA+Sc/nZLKqCRRJadm+WoTQ5VgbbpaTk7cMmoeF5
WmoTbNk2Z6xk+nYVs8xyYSvstepsLy56QvV54iZExl9/8MVdrmbbphRag1/sAQ2F
P5YQ1xX+YZm4U73HqdUOtBb+m/qJjYp6ozoiRQEda9QBPUge5TMph4MlJQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFG9mrCsR7qn22SuWynPYdzY8yRxwMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzNhYWE0ZTk4LTM1ZTctNDcwMC1hYTY1LTAxMzM4N2Y1ZmVhZS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba+7AwDQYJKoZIhvcNAQELBQADggEBADeLIjjESdxrpgff0dir
7N477+5GCJZliH4ln/8JOu9EeSf/gh9j/enhKwoJp3u0VcfvPLKNSZcsZfaPihVw
9044D2VVkLQLu6RkH4a6OA3r/HSvIgTalqnnNMF7bRKXjlhx6HPv0pL6FzpZtztH
smn5Tr3QrikO0kQjWIEJW0HnXDH5KjUZ9XYgewaj6rVA8daXkuzYmg19TdBh8BO5
4+HM5+ZwVqrtIPsdplLOXUIhXnq+LtuU1+moa2+M7RoGBBMt9HBubX4//UpVGg6U
0TsGMA6BhKVqXOfEUl4gcEVK6OSEx+5+tPm1zYX0o7HjXcLlP40R6LBS8kadiP4G
BJM=
-----END CERTIFICATE-----