Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/3eecc85e-c9f3-489a-b550-f7a900d63926.roa
File:                     3eecc85e-c9f3-489a-b550-f7a900d63926.roa (raw, json)
Hash identifier:          M1axqRr+h4lZsGABYSS4GHEZhDV+zFz6EG6qkGmzxoE=
Subject key identifier:   0B:C8:65:EC:FF:8F:6C:B1:96:5F:1E:44:C9:D8:46:28:B1:9F:5B:AE
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       1A00C89BC40494179D20679BF3326A332AAD7EBA
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/3eecc85e-c9f3-489a-b550-f7a900d63926.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf2:6000::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:00:c8:9b:c4:04:94:17:9d:20:67:9b:f3:32:6a:33:2a:ad:7e:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=bd609f323a2dcee9dc3eaf933a84281fe4fbf3888386c1c0852e8910c98f2946, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:83:72:62:cd:d2:b1:3f:60:6b:34:89:c9:4d:
                    b2:97:9b:94:ca:1e:3b:7a:3f:24:d5:a5:e3:2d:fe:
                    8f:39:78:0d:fa:c8:73:0d:01:72:fd:2f:47:82:f9:
                    83:a7:e9:85:79:5c:eb:76:cd:0b:88:76:e0:9f:60:
                    93:c5:11:7d:7d:52:30:b5:b1:5d:cf:ce:7b:6d:70:
                    d0:47:f9:50:5f:ba:26:5f:06:aa:05:7a:7f:39:63:
                    56:81:f7:bb:b0:15:21:c8:d7:6e:2a:33:e2:1c:5b:
                    35:c4:96:ad:4e:f7:3b:93:ce:ff:0b:b0:9a:36:be:
                    69:6d:ce:f5:28:ad:a9:32:dd:10:19:17:96:cb:01:
                    a2:9b:69:ab:0f:02:f5:57:da:be:25:28:df:3e:ac:
                    6c:61:9a:8b:83:58:49:05:79:5a:32:1c:f6:0a:f4:
                    51:ab:ed:48:a2:7f:22:b8:77:be:be:33:7b:69:6e:
                    e7:57:ff:fa:0d:ee:6f:f3:00:6d:12:b3:a6:85:6e:
                    47:2d:09:c6:61:37:f7:18:a3:e4:61:47:d6:2a:41:
                    c4:2e:00:8a:3f:cf:cd:47:10:9e:71:4e:b8:5b:01:
                    28:d6:cd:f7:84:47:e3:cd:8d:92:6e:fa:7f:04:35:
                    71:0d:a5:33:f4:d3:5c:58:cc:56:a3:b2:56:f1:10:
                    10:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:C8:65:EC:FF:8F:6C:B1:96:5F:1E:44:C9:D8:46:28:B1:9F:5B:AE
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/3eecc85e-c9f3-489a-b550-f7a900d63926.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf2:6000::/40

    Signature Algorithm: sha256WithRSAEncryption
         c5:f5:21:6b:20:e1:0f:1e:5b:4f:4a:a4:11:50:f8:b3:b9:5b:
         9b:d2:73:7c:70:5b:fc:2d:17:15:c1:5c:dc:df:7e:b4:7f:22:
         ca:f1:30:b3:17:97:e1:e3:8a:a6:fb:19:74:9e:16:82:b2:7d:
         1e:05:b8:e2:b5:01:9b:de:50:b6:2f:6a:22:2a:eb:df:9e:3d:
         40:fc:38:ad:fc:61:d8:6f:7b:51:0c:db:02:ad:91:ef:74:79:
         34:23:d3:95:c0:05:27:38:e1:d1:f4:2e:d7:e2:73:af:d9:30:
         80:86:b1:ee:7e:3e:ac:d6:e3:7a:91:51:cb:92:fd:78:5a:41:
         eb:a7:74:91:fc:0d:19:c9:bb:ac:12:fc:b8:7f:20:27:5f:0f:
         2a:e2:2b:7d:43:a6:5a:3a:c2:70:05:c4:e8:df:1e:45:d4:b4:
         49:4d:16:bd:40:0c:4d:d1:5f:c0:6d:6b:9e:b2:b1:39:d9:d7:
         8c:d7:62:1c:cf:32:76:fc:b9:4c:e0:dc:fa:f0:a0:53:13:6b:
         0c:a0:31:93:4b:23:83:65:ee:45:4c:02:bd:77:b9:5f:aa:58:
         e2:0d:c3:ad:9c:f0:77:27:22:84:84:3c:5a:8a:6a:0c:78:d0:
         c4:67:e1:4f:e2:66:e3:c2:34:53:28:0e:f3:81:40:bd:d6:62:
         86:80:e9:1c
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUGgDIm8QElBedIGeb8zJqMyqtfrowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNAYmQ2MDlmMzIzYTJkY2VlOWRjM2Vh
ZjkzM2E4NDI4MWZlNGZiZjM4ODgzODZjMWMwODUyZTg5MTBjOThmMjk0NjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1INyYs3SsT9gazSJyU2yl5uUyh47
ej8k1aXjLf6POXgN+shzDQFy/S9HgvmDp+mFeVzrds0LiHbgn2CTxRF9fVIwtbFd
z857bXDQR/lQX7omXwaqBXp/OWNWgfe7sBUhyNduKjPiHFs1xJatTvc7k87/C7Ca
Nr5pbc71KK2pMt0QGReWywGim2mrDwL1V9q+JSjfPqxsYZqLg1hJBXlaMhz2CvRR
q+1Ion8iuHe+vjN7aW7nV//6De5v8wBtErOmhW5HLQnGYTf3GKPkYUfWKkHELgCK
P8/NRxCecU64WwEo1s33hEfjzY2Sbvp/BDVxDaUz9NNcWMxWo7JW8RAQUwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFAvIZez/j2yxll8eRMnYRiixn1uuMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzNlZWNjODVlLWM5ZjMtNDg5YS1iNTUwLWY3YTkwMGQ2MzkyNi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba8mAwDQYJKoZIhvcNAQELBQADggEBAMX1IWsg4Q8eW09KpBFQ
+LO5W5vSc3xwW/wtFxXBXNzffrR/IsrxMLMXl+Hjiqb7GXSeFoKyfR4FuOK1AZve
ULYvaiIq69+ePUD8OK38Ydhve1EM2wKtke90eTQj05XABSc44dH0Ltfic6/ZMICG
se5+PqzW43qRUcuS/XhaQeundJH8DRnJu6wS/Lh/ICdfDyriK31Dplo6wnAFxOjf
HkXUtElNFr1ADE3RX8Bta56ysTnZ14zXYhzPMnb8uUzg3PrwoFMTawygMZNLI4Nl
7kVMAr13uV+qWOINw62c8HcnIoSEPFqKagx40MRn4U/iZuPCNFMoDvOBQL3WYoaA
6Rw=
-----END CERTIFICATE-----