Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/498f6dc3-db03-415e-b534-d74ca6f01901.roa
File:                     498f6dc3-db03-415e-b534-d74ca6f01901.roa (raw, json)
Hash identifier:          nZsyujf/QlLoLCrTNTmrh0NSuhJO1sbtdhcxRc1EO/k=
Subject key identifier:   80:D1:AD:A3:78:8E:A3:2C:50:02:CC:2D:D5:4F:35:EE:A3:32:57:1D
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       6C6D510ABA4C4ABE660E0C02055B83B8E5940F63
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/498f6dc3-db03-415e-b534-d74ca6f01901.roa
Signing time:             Fri 24 Jan 2025 00:00:00 +0000
ROA not before:           Fri 24 Jan 2025 00:00:00 +0000
ROA not after:            Fri 28 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da32:2000::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:6d:51:0a:ba:4c:4a:be:66:0e:0c:02:05:5b:83:b8:e5:94:0f:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan 24 00:00:00 2025 GMT
            Not After : Feb 28 23:59:59 2025 GMT
        Subject: serialNumber=2d72565d5123890f5fffd531493e7fe841508aae47e3e7784ffbee9e6253da61, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:f1:34:22:31:f2:90:ed:17:f9:cd:05:21:68:
                    1c:7c:75:b0:04:ad:1d:2a:98:c7:91:6f:92:4b:bf:
                    5a:cb:90:70:92:05:3c:7a:62:bb:12:12:d7:4b:d0:
                    f0:e6:5c:03:f0:e5:20:b5:1c:09:31:7d:dc:e0:53:
                    75:1e:49:3e:e0:4f:39:8c:c0:ab:6b:99:1b:46:f2:
                    55:f9:0b:0d:8b:97:9a:8b:52:fa:05:17:d8:e1:6f:
                    fa:99:31:92:eb:0b:87:1b:a3:8b:f4:10:95:ea:af:
                    1c:aa:74:c7:20:40:f6:77:cc:9e:4b:65:e4:e7:b8:
                    fb:e1:2c:d3:0a:fd:0f:d7:74:01:9c:5b:f0:d7:2f:
                    79:6b:55:08:3f:7a:5a:91:a8:7f:8d:eb:8e:11:1a:
                    6c:91:44:ed:94:be:d4:ab:0b:64:ef:8c:e1:94:93:
                    eb:d6:5d:7a:0f:fe:b7:f7:9c:93:16:2d:63:23:0f:
                    f6:b6:c1:fe:d8:68:a6:1c:28:fd:f1:67:08:60:56:
                    00:4f:fa:7d:ff:91:99:29:3d:7e:e1:1f:66:9a:f6:
                    4e:73:7f:eb:d4:44:1e:96:d1:82:cb:96:6b:e4:d3:
                    e9:3d:e5:ca:0c:ad:58:5a:90:2f:66:d2:5e:46:8e:
                    40:b8:83:1c:96:a5:9d:d9:40:b1:85:65:41:bd:86:
                    93:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:D1:AD:A3:78:8E:A3:2C:50:02:CC:2D:D5:4F:35:EE:A3:32:57:1D
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/498f6dc3-db03-415e-b534-d74ca6f01901.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da32:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         40:1c:8a:2c:14:1c:ac:ea:ed:a7:71:3c:88:71:9c:2d:7b:2e:
         19:4b:f4:96:d7:71:e4:9e:a0:7f:07:d1:a2:ba:be:a9:1c:c5:
         aa:0a:f3:38:08:c6:32:d8:96:d8:e2:ea:dd:0b:c6:fa:3c:3a:
         a0:89:d8:62:9e:85:0f:53:54:40:6c:fb:ea:41:c4:29:e0:ae:
         c8:d2:64:f2:95:99:b3:07:de:cd:3b:a3:d8:3a:08:d7:32:aa:
         bd:e6:8d:31:16:af:b1:a6:d6:f5:43:e3:b0:f8:a9:39:0f:4f:
         41:5a:78:b3:ca:e3:51:3f:4c:47:d7:19:10:81:49:3b:eb:ae:
         75:81:db:a6:06:bb:8c:c5:a9:17:3b:a3:a2:c6:11:f5:ee:47:
         bc:c7:8f:e9:ca:06:03:43:46:d0:c1:ea:80:f3:b3:0c:69:f6:
         e0:46:ed:93:50:ce:2f:64:7e:13:e6:1a:9a:ab:45:b1:1d:23:
         06:b5:c3:ee:98:4d:3e:79:46:78:f9:66:93:73:cf:dc:45:9e:
         04:1d:e8:fb:f1:53:7f:0a:59:2d:52:7a:6b:20:48:0d:c0:99:
         85:5b:7b:cf:cb:87:0c:f9:89:36:93:7e:7a:91:53:d3:5e:a7:
         e7:93:d6:61:65:dc:6d:3f:19:8d:50:ee:ec:c6:3c:c1:d0:36:
         fd:d6:00:61
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUbG1RCrpMSr5mDgwCBVuDuOWUD2MwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEyNDAwMDAwMFoX
DTI1MDIyODIzNTk1OVowejFJMEcGA1UEBRNAMmQ3MjU2NWQ1MTIzODkwZjVmZmZk
NTMxNDkzZTdmZTg0MTUwOGFhZTQ3ZTNlNzc4NGZmYmVlOWU2MjUzZGE2MTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqPE0IjHykO0X+c0FIWgcfHWwBK0d
KpjHkW+SS79ay5BwkgU8emK7EhLXS9Dw5lwD8OUgtRwJMX3c4FN1Hkk+4E85jMCr
a5kbRvJV+QsNi5eai1L6BRfY4W/6mTGS6wuHG6OL9BCV6q8cqnTHIED2d8yeS2Xk
57j74SzTCv0P13QBnFvw1y95a1UIP3pakah/jeuOERpskUTtlL7Uqwtk74zhlJPr
1l16D/6395yTFi1jIw/2tsH+2GimHCj98WcIYFYAT/p9/5GZKT1+4R9mmvZOc3/r
1EQeltGCy5Zr5NPpPeXKDK1YWpAvZtJeRo5AuIMclqWd2UCxhWVBvYaTXQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFIDRraN4jqMsUALMLdVPNe6jMlcdMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzQ5OGY2ZGMzLWRiMDMtNDE1ZS1iNTM0LWQ3NGNhNmYwMTkwMS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaMiAwDQYJKoZIhvcNAQELBQADggEBAEAciiwUHKzq7adxPIhx
nC17LhlL9JbXceSeoH8H0aK6vqkcxaoK8zgIxjLYltji6t0Lxvo8OqCJ2GKehQ9T
VEBs++pBxCngrsjSZPKVmbMH3s07o9g6CNcyqr3mjTEWr7Gm1vVD47D4qTkPT0Fa
eLPK41E/TEfXGRCBSTvrrnWB26YGu4zFqRc7o6LGEfXuR7zHj+nKBgNDRtDB6oDz
swxp9uBG7ZNQzi9kfhPmGpqrRbEdIwa1w+6YTT55Rnj5ZpNzz9xFngQd6PvxU38K
WS1SemsgSA3AmYVbe8/Lhwz5iTaTfnqRU9Nep+eT1mFl3G0/GY1Q7uzGPMHQNv3W
AGE=
-----END CERTIFICATE-----