Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4b07dfd7-5453-4b08-89f3-583f124643f9.roa
File:                     4b07dfd7-5453-4b08-89f3-583f124643f9.roa (raw, json)
Hash identifier:          CisfFKI4fk3q4q1xHN7b9edh69bl7syP9axzIiJbq74=
Subject key identifier:   55:92:45:91:AD:47:FA:11:34:72:F7:B4:C1:6D:11:E5:A8:4B:23:A9
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       5ECAC38F8A2ABA784183CA171EC2D617FEBBD430
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4b07dfd7-5453-4b08-89f3-583f124643f9.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da14::/36 maxlen: 36
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:ca:c3:8f:8a:2a:ba:78:41:83:ca:17:1e:c2:d6:17:fe:bb:d4:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=4eeba5bd58659c5fe59a00d8ad3fde2b8ab95d22bb4b7f049474eeedd173a913, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:89:79:34:9e:c2:6d:c4:10:41:58:da:60:56:
                    f0:ad:64:fd:67:31:05:07:77:b5:38:57:9d:d0:e0:
                    ba:17:c6:08:41:a6:79:32:db:ca:35:86:e4:96:a3:
                    bf:db:89:38:13:41:c1:1d:9c:70:04:36:3f:ae:c1:
                    fb:bf:ab:6b:7e:b7:6f:05:68:3c:0a:99:3c:b5:3e:
                    e1:2a:f5:f6:df:16:18:cc:14:9b:cf:97:c1:eb:4a:
                    df:d5:8a:e7:0a:86:44:ab:b4:44:51:8a:66:ca:a9:
                    8a:d9:d1:e2:c9:93:a0:3c:14:5f:34:9b:3a:b5:d1:
                    3a:3c:6d:06:5b:2f:9a:d3:d7:88:ca:a2:c5:d5:ad:
                    61:f2:f8:dd:e1:9b:89:64:df:24:4c:99:24:9f:48:
                    cc:ae:0b:fb:a8:1d:c6:82:c8:d9:cb:f4:22:fe:bc:
                    d0:33:88:1a:47:f0:05:54:00:ff:f5:cd:da:7c:aa:
                    22:2c:df:af:13:fe:20:0e:ab:76:09:66:e9:dc:ca:
                    0b:f1:80:75:1f:99:2f:43:fb:0e:56:5a:fa:79:c7:
                    20:56:5e:b5:b3:62:f6:fb:f1:79:1e:a1:43:75:61:
                    f6:3a:df:ac:06:a2:e2:18:d6:fc:62:0a:e2:a7:0b:
                    27:a2:c7:42:bd:be:49:de:08:60:79:b6:26:9d:de:
                    71:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:92:45:91:AD:47:FA:11:34:72:F7:B4:C1:6D:11:E5:A8:4B:23:A9
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4b07dfd7-5453-4b08-89f3-583f124643f9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da14::/36

    Signature Algorithm: sha256WithRSAEncryption
         4e:33:26:69:b9:d3:73:9f:3d:3e:99:c7:d8:6c:b6:20:e3:df:
         96:16:85:df:0c:21:8d:8f:cf:01:d9:ee:ed:74:c8:34:95:46:
         9d:cc:6d:90:86:f3:a9:c7:df:a1:7e:25:90:dc:4d:ff:48:a5:
         49:b3:43:fd:c3:0f:4b:33:18:72:05:1c:24:39:d4:8e:e5:90:
         c3:3b:cf:15:0d:41:76:43:fb:80:8f:cf:a4:ba:17:71:72:ab:
         3b:de:82:ed:b1:08:56:2c:bf:65:d8:fb:e8:b3:56:8a:e3:96:
         ae:40:c4:35:93:59:47:da:9a:97:05:86:80:e1:88:4d:ee:73:
         5c:dc:45:6c:67:62:c7:b7:b8:a6:51:66:f5:7f:c2:0d:d7:b3:
         7d:e7:df:77:25:5c:f3:72:b5:00:80:95:bf:f2:59:69:20:bc:
         b8:ff:9e:a6:d7:68:f9:f3:5f:93:a5:e9:5d:18:94:24:6f:0c:
         44:78:ac:87:55:67:32:d9:8f:00:7a:8e:a5:d8:d3:51:3c:cc:
         bb:90:a3:1b:93:92:29:48:98:5a:60:af:15:ce:8b:f1:11:70:
         49:2d:dc:bb:36:6d:f6:6b:ac:9c:d4:51:d3:02:c5:8e:76:26:
         29:af:28:cd:bd:d7:a4:ee:84:a9:92:c5:4a:a9:42:77:6b:78:
         33:01:94:03
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUXsrDj4oqunhBg8oXHsLWF/671DAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNANGVlYmE1YmQ1ODY1OWM1ZmU1OWEw
MGQ4YWQzZmRlMmI4YWI5NWQyMmJiNGI3ZjA0OTQ3NGVlZWRkMTczYTkxMzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs4l5NJ7CbcQQQVjaYFbwrWT9ZzEF
B3e1OFed0OC6F8YIQaZ5MtvKNYbklqO/24k4E0HBHZxwBDY/rsH7v6trfrdvBWg8
Cpk8tT7hKvX23xYYzBSbz5fB60rf1YrnCoZEq7REUYpmyqmK2dHiyZOgPBRfNJs6
tdE6PG0GWy+a09eIyqLF1a1h8vjd4ZuJZN8kTJkkn0jMrgv7qB3GgsjZy/Qi/rzQ
M4gaR/AFVAD/9c3afKoiLN+vE/4gDqt2CWbp3MoL8YB1H5kvQ/sOVlr6eccgVl61
s2L2+/F5HqFDdWH2Ot+sBqLiGNb8YgripwsnosdCvb5J3ghgebYmnd5x6QIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFFWSRZGtR/oRNHL3tMFtEeWoSyOpMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzRiMDdkZmQ3LTU0NTMtNGIwOC04OWYzLTU4M2YxMjQ2NDNmOS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYEJAbaFAAwDQYJKoZIhvcNAQELBQADggEBAE4zJmm503OfPT6Zx9hs
tiDj35YWhd8MIY2PzwHZ7u10yDSVRp3MbZCG86nH36F+JZDcTf9IpUmzQ/3DD0sz
GHIFHCQ51I7lkMM7zxUNQXZD+4CPz6S6F3Fyqzvegu2xCFYsv2XY++izVorjlq5A
xDWTWUfampcFhoDhiE3uc1zcRWxnYse3uKZRZvV/wg3Xs33n33clXPNytQCAlb/y
WWkgvLj/nqbXaPnzX5Ol6V0YlCRvDER4rIdVZzLZjwB6jqXY01E8zLuQoxuTkilI
mFpgrxXOi/ERcEkt3Ls2bfZrrJzUUdMCxY52JimvKM2916TuhKmSxUqpQndreDMB
lAM=
-----END CERTIFICATE-----