Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/3ae9323a-2f10-49ff-b208-486ce6ee50dd.roa
File:                     3ae9323a-2f10-49ff-b208-486ce6ee50dd.roa (raw, json)
Hash identifier:          tjo8TL+F5z/XWoy9sFhDGoR6qrUXh3K8x2XHfHDYMuk=
Subject key identifier:   32:E5:C8:7F:8C:DF:C9:68:6D:F8:3F:EB:B0:CC:CA:60:97:F9:D0:6A
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       35EE21736A40B5400010629A74887476C721F810
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/3ae9323a-2f10-49ff-b208-486ce6ee50dd.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafb:1000::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:ee:21:73:6a:40:b5:40:00:10:62:9a:74:88:74:76:c7:21:f8:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=52748484ea640bcc4b67f776cc58b6c4e44afbbd584b2ad344f178720aa9155a, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:b3:f7:42:19:c0:6e:b2:87:75:ac:78:dc:21:
                    fb:65:22:28:f8:12:e6:49:e9:0a:50:bf:82:44:48:
                    ec:14:e6:71:42:7c:fd:c7:80:47:1b:16:e1:2d:55:
                    87:4d:5f:88:c8:79:48:d2:6b:a9:22:5e:ea:15:81:
                    43:a5:95:6d:f1:69:de:91:50:ef:e5:be:e3:c1:92:
                    11:6f:f5:ca:0e:e2:b1:ab:27:10:de:9a:d6:69:d5:
                    fc:f4:6a:9a:97:bd:f6:f9:0c:4e:44:65:da:18:a5:
                    a8:58:8e:87:84:ca:3b:b5:5c:38:00:97:22:46:4a:
                    1a:a7:9b:a4:7c:35:d6:00:a4:30:dc:c6:98:02:2c:
                    21:ec:6c:79:b6:25:77:be:26:f2:9d:95:ef:9b:cb:
                    37:9f:d6:50:d7:87:a6:80:c4:d0:24:ea:93:3a:48:
                    75:e1:2b:df:14:55:38:57:d9:1c:b4:da:53:45:52:
                    d9:82:58:b0:8a:c2:e6:3b:64:f8:b6:b4:7d:8b:38:
                    ed:47:3d:b3:bb:44:0e:a2:44:06:79:6b:0d:4b:03:
                    d0:92:a7:fc:d9:13:79:cd:8e:65:ef:03:2d:d7:b7:
                    3e:78:26:8b:ee:43:34:80:ed:c1:fc:8f:bd:78:2f:
                    56:d7:e5:ca:9f:0c:f5:87:41:05:8f:47:2e:b5:c3:
                    bc:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:E5:C8:7F:8C:DF:C9:68:6D:F8:3F:EB:B0:CC:CA:60:97:F9:D0:6A
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/3ae9323a-2f10-49ff-b208-486ce6ee50dd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafb:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         7e:2b:7d:8e:ad:e7:52:27:ef:e6:8e:b3:2a:57:57:c0:00:64:
         e6:99:8f:fb:36:bb:93:c6:8b:05:d3:a8:9a:ec:84:dc:6e:b5:
         7c:e5:6d:b8:31:3b:51:c3:5e:0e:03:05:ad:e5:77:04:9e:19:
         8b:02:15:6b:4a:0d:5b:a1:06:90:92:98:b1:23:c6:f3:30:af:
         14:05:30:5d:05:ff:31:0b:bb:d2:b8:eb:bc:17:e3:49:b1:22:
         93:02:1c:e8:cb:fe:94:e9:28:76:34:10:b6:aa:b7:be:b8:54:
         e8:26:cf:25:b4:6f:bb:9c:d1:0d:cd:25:79:74:9f:17:29:fe:
         20:3d:b6:ed:a2:d9:77:f8:ba:41:93:87:a2:e1:f5:1b:5b:16:
         3c:4d:e3:53:d1:76:14:bb:0a:71:62:24:36:62:2f:08:1f:b2:
         72:26:fc:c1:e3:71:d3:78:5c:ed:12:e5:58:08:c3:14:98:04:
         bd:5d:2c:2d:55:6d:66:d3:d5:4f:a6:cd:cd:d4:d3:73:1c:04:
         de:2e:74:d2:3f:17:b5:b8:14:28:11:1f:8e:e7:41:46:6d:10:
         5a:89:72:ab:7d:c7:7f:08:83:2a:a1:2d:0d:ac:2b:17:26:b1:
         ad:8a:20:09:63:0f:3e:f0:ec:1a:51:41:35:32:51:1c:b5:e2:
         02:e8:26:be
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUNe4hc2pAtUAAEGKadIh0dsch+BAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNANTI3NDg0ODRlYTY0MGJjYzRiNjdm
Nzc2Y2M1OGI2YzRlNDRhZmJiZDU4NGIyYWQzNDRmMTc4NzIwYWE5MTU1YTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAobP3QhnAbrKHdax43CH7ZSIo+BLm
SekKUL+CREjsFOZxQnz9x4BHGxbhLVWHTV+IyHlI0mupIl7qFYFDpZVt8WnekVDv
5b7jwZIRb/XKDuKxqycQ3prWadX89Gqal732+QxORGXaGKWoWI6HhMo7tVw4AJci
Rkoap5ukfDXWAKQw3MaYAiwh7Gx5tiV3vibynZXvm8s3n9ZQ14emgMTQJOqTOkh1
4SvfFFU4V9kctNpTRVLZgliwisLmO2T4trR9izjtRz2zu0QOokQGeWsNSwPQkqf8
2RN5zY5l7wMt17c+eCaL7kM0gO3B/I+9eC9W1+XKnwz1h0EFj0cutcO8sQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFDLlyH+M38lobfg/67DMymCX+dBqMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzNhZTkzMjNhLTJmMTAtNDlmZi1iMjA4LTQ4NmNlNmVlNTBkZC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba+xAwDQYJKoZIhvcNAQELBQADggEBAH4rfY6t51In7+aOsypX
V8AAZOaZj/s2u5PGiwXTqJrshNxutXzlbbgxO1HDXg4DBa3ldwSeGYsCFWtKDVuh
BpCSmLEjxvMwrxQFMF0F/zELu9K467wX40mxIpMCHOjL/pTpKHY0ELaqt764VOgm
zyW0b7uc0Q3NJXl0nxcp/iA9tu2i2Xf4ukGTh6Lh9RtbFjxN41PRdhS7CnFiJDZi
LwgfsnIm/MHjcdN4XO0S5VgIwxSYBL1dLC1VbWbT1U+mzc3U03McBN4udNI/F7W4
FCgRH47nQUZtEFqJcqt9x38IgyqhLQ2sKxcmsa2KIAljDz7w7BpRQTUyURy14gLo
Jr4=
-----END CERTIFICATE-----