Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/3b49e771-8c61-46ae-95d2-9d6609249da0.roa
File:                     3b49e771-8c61-46ae-95d2-9d6609249da0.roa (raw, json)
Hash identifier:          SwzWHGLz/kOt6r99Dn0tXosDaFVH3pAVHGLG6S21b54=
Subject key identifier:   C1:CD:ED:B9:6C:14:16:96:45:67:62:03:F8:E8:50:B9:14:F2:38:EA
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       16D90864B4E86395A73FDA51308174604AC2E5EF
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/3b49e771-8c61-46ae-95d2-9d6609249da0.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da19:800::/38 maxlen: 38
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:d9:08:64:b4:e8:63:95:a7:3f:da:51:30:81:74:60:4a:c2:e5:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=a18f83a033e79dc33a6d8aefbdd8dc0bdbc502527f2ea916a4074d7cf357d254, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:cb:2d:d6:8b:9d:2a:88:80:35:10:1e:f9:78:
                    fa:33:ad:5c:33:60:b7:cc:9f:cd:0c:3a:3c:6d:db:
                    8f:9b:dd:16:cb:b3:91:0f:9e:d8:db:9b:34:59:6a:
                    bb:58:8a:96:89:bd:24:43:65:0d:61:93:6e:c4:97:
                    a7:79:2a:58:f9:7d:b9:87:00:5d:73:6b:a9:39:67:
                    93:23:89:5f:96:4c:69:a6:ba:5a:f3:bc:42:82:b0:
                    72:7c:26:a3:e1:1f:57:70:c7:fb:07:bc:78:7c:eb:
                    20:ca:da:52:8e:4b:74:67:6f:db:b9:9b:5d:76:22:
                    63:b6:71:bd:2f:c7:95:c4:cf:45:e9:c7:57:7c:ba:
                    df:57:28:29:3a:63:a2:e9:76:b3:ab:d2:5b:3e:9f:
                    72:8d:c1:03:cf:08:63:c5:e2:24:88:12:59:3b:2e:
                    08:a9:b6:55:55:bc:53:2c:03:d9:e3:1a:f5:c1:0a:
                    e0:41:1b:5b:60:93:a3:cb:0f:e1:65:2f:f2:f4:dd:
                    b2:0d:a1:e6:12:c5:3a:33:43:a3:73:6b:2e:32:e7:
                    e4:d9:a6:6a:0c:95:12:fe:6c:e0:9c:0e:8c:e8:25:
                    0f:d9:a9:28:6b:f0:4d:50:4d:fb:9f:4c:7e:6c:05:
                    66:4c:dd:41:f0:e0:ce:71:52:68:46:cd:d6:47:97:
                    6a:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:CD:ED:B9:6C:14:16:96:45:67:62:03:F8:E8:50:B9:14:F2:38:EA
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/3b49e771-8c61-46ae-95d2-9d6609249da0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da19:800::/38

    Signature Algorithm: sha256WithRSAEncryption
         28:4b:24:98:a2:ed:a3:f7:8e:bd:ef:f0:96:ae:11:94:7d:28:
         17:7d:39:b2:b6:b1:5c:8d:44:9d:2b:ef:47:cf:f9:62:dd:69:
         21:12:3c:5e:cf:35:11:6a:90:7f:41:f0:82:21:24:3f:59:3a:
         73:e8:68:22:68:52:a9:46:63:c1:23:e9:1a:ae:68:23:31:87:
         f1:af:51:20:b1:72:4a:b6:c3:35:3f:06:59:79:ca:ca:79:01:
         80:19:1d:40:8a:74:40:4b:32:02:5a:76:07:6c:8e:2e:49:99:
         15:ef:1c:48:0c:23:1f:68:33:05:94:65:a0:2a:40:87:5b:cc:
         16:de:66:3e:11:52:19:aa:05:e5:1d:0d:e7:09:a5:2c:98:f3:
         50:f1:aa:93:0c:cb:fd:f5:ed:e7:57:b0:2c:1a:2a:2a:46:83:
         0f:f8:fb:a0:25:c9:89:9e:03:e0:a4:f2:38:f9:29:2e:8c:67:
         14:39:d3:f8:01:a1:3e:35:08:61:3d:ab:30:bc:86:9f:c6:e2:
         3f:45:2b:29:ab:13:3e:dc:58:2a:33:a2:07:54:38:fc:da:fe:
         0b:a9:ef:93:ea:3e:26:d7:b2:12:40:57:f6:9c:fc:5c:03:bb:
         7b:11:53:3d:78:3d:66:50:c7:f1:fa:80:8e:88:bb:34:4b:a2:
         31:43:33:7e
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUFtkIZLToY5WnP9pRMIF0YErC5e8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNAYTE4ZjgzYTAzM2U3OWRjMzNhNmQ4
YWVmYmRkOGRjMGJkYmM1MDI1MjdmMmVhOTE2YTQwNzRkN2NmMzU3ZDI1NDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1sst1oudKoiANRAe+Xj6M61cM2C3
zJ/NDDo8bduPm90Wy7ORD57Y25s0WWq7WIqWib0kQ2UNYZNuxJeneSpY+X25hwBd
c2upOWeTI4lflkxpprpa87xCgrByfCaj4R9XcMf7B7x4fOsgytpSjkt0Z2/buZtd
diJjtnG9L8eVxM9F6cdXfLrfVygpOmOi6Xazq9JbPp9yjcEDzwhjxeIkiBJZOy4I
qbZVVbxTLAPZ4xr1wQrgQRtbYJOjyw/hZS/y9N2yDaHmEsU6M0Ojc2suMufk2aZq
DJUS/mzgnA6M6CUP2akoa/BNUE37n0x+bAVmTN1B8ODOcVJoRs3WR5dq7QIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFMHN7blsFBaWRWdiA/joULkU8jjqMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzNiNDllNzcxLThjNjEtNDZhZS05NWQyLTlkNjYwOTI0OWRhMC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYCJAbaGQgwDQYJKoZIhvcNAQELBQADggEBAChLJJii7aP3jr3v8Jau
EZR9KBd9ObK2sVyNRJ0r70fP+WLdaSESPF7PNRFqkH9B8IIhJD9ZOnPoaCJoUqlG
Y8Ej6RquaCMxh/GvUSCxckq2wzU/Bll5ysp5AYAZHUCKdEBLMgJadgdsji5JmRXv
HEgMIx9oMwWUZaAqQIdbzBbeZj4RUhmqBeUdDecJpSyY81DxqpMMy/317edXsCwa
KipGgw/4+6AlyYmeA+Ck8jj5KS6MZxQ50/gBoT41CGE9qzC8hp/G4j9FKymrEz7c
WCozogdUOPza/gup75PqPibXshJAV/ac/FwDu3sRUz14PWZQx/H6gI6IuzRLojFD
M34=
-----END CERTIFICATE-----