Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/49a679dd-b6ba-4b54-beeb-b3e83302b998.roa
File:                     49a679dd-b6ba-4b54-beeb-b3e83302b998.roa (raw, json)
Hash identifier:          y8l1B2AgID5jjy0RjNCWBLgf1T5pZ5rskfLJCMGY7l4=
Subject key identifier:   B1:A7:59:60:F9:71:DF:BF:6C:A7:CE:DD:D7:7B:99:4D:AD:7A:91:EE
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       7308F867926EE48D4CE8A4D9CEE145BE0677C0BA
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/49a679dd-b6ba-4b54-beeb-b3e83302b998.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf1:800::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:08:f8:67:92:6e:e4:8d:4c:e8:a4:d9:ce:e1:45:be:06:77:c0:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=efbb79b2c36fe73bccc0ad1c814c00054eb21e01184f93c85cd38c5aa9b2f094, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:0a:f7:32:da:93:07:65:bf:9c:93:0e:4b:b0:
                    3c:9a:8b:93:d9:d4:6a:7d:0b:a1:41:3f:aa:fd:3d:
                    ec:ce:d6:b9:05:6f:75:d9:e9:13:67:bc:66:4c:f4:
                    ba:1e:8f:51:b1:9d:d1:63:81:f8:76:12:60:c4:eb:
                    ca:aa:0b:ab:39:6b:25:32:f3:83:46:9d:7c:fa:ea:
                    09:c1:bc:c8:8e:b3:13:49:81:a1:84:23:81:fa:d5:
                    6c:4b:d4:2f:b8:c9:9f:42:b9:46:6a:8f:a4:de:43:
                    23:be:a8:f8:95:55:dd:f2:95:cf:bf:1a:f8:7c:d6:
                    be:bf:df:65:92:1a:f5:c5:e6:ba:9a:7c:6e:6d:d8:
                    33:76:2c:ca:dd:a9:c0:be:fb:c7:b1:ef:e1:3b:a7:
                    cf:d5:b6:27:41:ab:32:b6:27:39:9c:4d:63:c2:a5:
                    84:32:4f:60:00:9f:e4:0d:5c:a5:b4:3d:01:26:cc:
                    bd:16:ee:3e:b1:a5:0b:80:13:dc:9d:51:e1:c3:98:
                    46:53:5c:93:f9:ae:5b:22:1e:2d:21:59:e2:81:a8:
                    23:da:5a:79:68:ac:54:e4:2e:27:6f:3e:96:d6:8c:
                    c0:b4:14:95:02:86:6d:98:e5:e0:f0:16:de:1a:96:
                    92:56:18:93:b9:ba:f4:29:95:d7:f9:dd:e9:ab:9f:
                    d1:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:A7:59:60:F9:71:DF:BF:6C:A7:CE:DD:D7:7B:99:4D:AD:7A:91:EE
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/49a679dd-b6ba-4b54-beeb-b3e83302b998.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf1:800::/40

    Signature Algorithm: sha256WithRSAEncryption
         b1:cf:82:96:c5:2a:98:cf:ab:78:f4:a8:6d:54:a4:77:81:66:
         67:37:95:58:9e:db:7e:62:78:bc:66:50:f2:7d:34:b8:83:19:
         48:08:c5:fd:0f:7c:b2:75:be:35:69:d2:9c:93:1e:7e:bf:ef:
         0a:63:31:dc:60:e5:b9:a8:bb:b2:95:42:40:d5:02:64:29:5e:
         54:1f:bf:10:5f:9c:aa:fe:64:75:22:05:1a:bf:66:f1:af:1e:
         04:bc:1b:0b:b6:76:8b:13:24:3f:20:d5:ab:ec:a7:88:7a:2e:
         22:fd:6c:95:b8:86:7d:ae:8c:93:44:66:e1:a6:99:bf:86:cc:
         5d:a3:d9:b5:1e:ba:b6:d1:7f:8f:cc:c5:a8:56:b7:32:45:c0:
         9c:88:aa:92:0d:45:70:e0:f7:e9:f3:9d:98:83:29:7a:5f:6d:
         76:ce:c8:52:a5:4e:43:f5:14:5b:0e:71:66:6b:bf:b7:b9:3b:
         6f:d5:dc:34:8b:10:a4:4f:50:9f:f0:e2:8a:11:98:28:25:1a:
         d3:11:eb:1a:6e:55:93:1f:f6:27:86:31:3e:6b:ac:5a:50:1f:
         f9:01:9b:24:92:b9:18:50:2b:52:7f:e8:8b:fa:24:bd:bc:51:
         94:f3:9d:33:07:62:40:6a:ce:04:a5:d3:e5:a1:27:c5:29:76:
         1f:7a:0d:88
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUcwj4Z5Ju5I1M6KTZzuFFvgZ3wLowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDExMzAwMDAwMFoX
DTI1MDIxNzIzNTk1OVowejFJMEcGA1UEBRNAZWZiYjc5YjJjMzZmZTczYmNjYzBh
ZDFjODE0YzAwMDU0ZWIyMWUwMTE4NGY5M2M4NWNkMzhjNWFhOWIyZjA5NDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqAr3MtqTB2W/nJMOS7A8mouT2dRq
fQuhQT+q/T3szta5BW912ekTZ7xmTPS6Ho9RsZ3RY4H4dhJgxOvKqgurOWslMvOD
Rp18+uoJwbzIjrMTSYGhhCOB+tVsS9QvuMmfQrlGao+k3kMjvqj4lVXd8pXPvxr4
fNa+v99lkhr1xea6mnxubdgzdizK3anAvvvHse/hO6fP1bYnQasytic5nE1jwqWE
Mk9gAJ/kDVyltD0BJsy9Fu4+saULgBPcnVHhw5hGU1yT+a5bIh4tIVnigagj2lp5
aKxU5C4nbz6W1ozAtBSVAoZtmOXg8BbeGpaSVhiTubr0KZXX+d3pq5/RGQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFLGnWWD5cd+/bKfO3dd7mU2tepHuMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzQ5YTY3OWRkLWI2YmEtNGI1NC1iZWViLWIzZTgzMzAyYjk5OC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba8QgwDQYJKoZIhvcNAQELBQADggEBALHPgpbFKpjPq3j0qG1U
pHeBZmc3lVie235ieLxmUPJ9NLiDGUgIxf0PfLJ1vjVp0pyTHn6/7wpjMdxg5bmo
u7KVQkDVAmQpXlQfvxBfnKr+ZHUiBRq/ZvGvHgS8Gwu2dosTJD8g1avsp4h6LiL9
bJW4hn2ujJNEZuGmmb+GzF2j2bUeurbRf4/MxahWtzJFwJyIqpINRXDg9+nznZiD
KXpfbXbOyFKlTkP1FFsOcWZrv7e5O2/V3DSLEKRPUJ/w4ooRmCglGtMR6xpuVZMf
9ieGMT5rrFpQH/kBmySSuRhQK1J/6Iv6JL28UZTznTMHYkBqzgSl0+WhJ8Updh96
DYg=
-----END CERTIFICATE-----