Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/564bcbed-0561-4889-868c-6cfcb0ba50ec.roa
File:                     564bcbed-0561-4889-868c-6cfcb0ba50ec.roa (raw, json)
Hash identifier:          yi1OVlZjD1Zg377ZvVqhQXQh1qikPDNXpZUa1fSRSns=
Subject key identifier:   24:E0:F8:B2:73:1B:AE:D6:67:8A:A6:41:BE:F8:B0:06:77:FE:DC:E3
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       2A00DE3E354E5FA35A7583D6F5D47C4C0B0DDE32
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/564bcbed-0561-4889-868c-6cfcb0ba50ec.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da12:8c00::/38 maxlen: 38
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:00:de:3e:35:4e:5f:a3:5a:75:83:d6:f5:d4:7c:4c:0b:0d:de:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=797e86dc0855e6257326c072ebcd29a029d77fc62335927cff31902c5e2288ac, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:b5:3d:8c:ce:3c:50:b2:f2:71:1f:58:af:5f:
                    e4:fa:06:da:36:ae:b3:3b:79:6d:0c:61:8e:1f:38:
                    6b:9d:8e:83:ce:e8:d4:4a:e7:e9:0e:ae:a2:a3:d9:
                    1b:c9:3f:46:01:a5:dc:c0:b9:a5:a5:47:5e:8d:d3:
                    49:51:35:e6:bc:87:23:f6:ed:e0:05:cc:03:ab:15:
                    af:40:00:62:12:7a:78:c1:9e:a2:64:2b:85:7d:7c:
                    95:28:7a:a1:8f:f8:7d:8c:8b:43:b9:fc:a8:e0:44:
                    f9:1a:72:8e:3f:8c:8a:5e:52:34:af:47:02:75:ca:
                    d0:d2:19:e0:60:22:65:76:cb:08:d8:9b:8a:a8:04:
                    d5:b2:3b:e9:23:90:69:a7:4d:e7:a9:37:88:a0:9c:
                    f2:96:b7:6f:fe:57:7c:58:ba:40:0f:0f:d0:0f:39:
                    83:50:12:c9:5f:20:be:e6:16:d1:ba:ac:5d:85:78:
                    55:74:67:e9:da:93:db:73:e4:90:d4:a1:2f:6c:9a:
                    a9:11:f0:a5:f2:8f:ba:96:8f:c5:1d:72:0e:ce:35:
                    59:3c:b1:35:bd:27:8c:79:2e:ff:4b:ab:e0:b2:81:
                    be:51:55:73:a3:79:d1:e3:91:e7:a7:d4:1a:bc:a1:
                    92:37:76:64:a6:64:df:55:04:fd:33:a6:6f:48:ee:
                    7d:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:E0:F8:B2:73:1B:AE:D6:67:8A:A6:41:BE:F8:B0:06:77:FE:DC:E3
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/564bcbed-0561-4889-868c-6cfcb0ba50ec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da12:8c00::/38

    Signature Algorithm: sha256WithRSAEncryption
         53:92:88:d0:4d:05:74:5d:14:6f:80:5c:79:18:74:96:5a:ce:
         88:e5:07:f4:fb:e8:e1:1b:45:d2:f1:9a:98:0f:34:df:c8:a8:
         b8:fd:8a:16:16:6b:3d:c3:a1:8f:d6:c5:e4:28:78:8f:2f:5c:
         88:66:84:e0:00:79:74:d8:d5:95:6b:8c:33:ad:d9:e6:11:ec:
         57:3e:79:79:cb:15:00:d8:82:34:e6:b3:90:76:08:58:ec:b2:
         a9:e1:ea:b6:24:d8:ea:d7:fb:d3:06:b3:96:56:16:7f:b9:4e:
         77:d7:39:43:d7:11:1d:14:18:7b:ca:4e:b8:88:ae:b8:cf:81:
         ad:23:f8:58:ee:da:ff:9c:6c:4a:3c:6a:5a:47:68:78:b1:f3:
         08:b6:06:71:9c:1f:6d:c4:7b:ca:1b:d7:6d:5f:36:88:02:0d:
         9c:a4:3c:5c:13:e4:a9:a7:77:f4:b1:7d:87:d5:3f:6f:b7:b1:
         5a:04:bd:14:e8:52:95:d0:4c:4c:7a:23:64:88:21:98:af:33:
         85:3d:6c:6a:87:fc:ae:00:9f:9e:1f:73:05:44:29:5c:f5:6e:
         72:18:17:76:95:d4:dc:3d:1f:8d:e1:af:78:88:bc:ba:1c:bc:
         91:b0:6c:1b:25:8c:2f:0f:f9:38:96:a6:0f:43:36:8b:ab:53:
         09:19:61:9c
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUKgDePjVOX6NadYPW9dR8TAsN3jIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNANzk3ZTg2ZGMwODU1ZTYyNTczMjZj
MDcyZWJjZDI5YTAyOWQ3N2ZjNjIzMzU5MjdjZmYzMTkwMmM1ZTIyODhhYzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuLU9jM48ULLycR9Yr1/k+gbaNq6z
O3ltDGGOHzhrnY6DzujUSufpDq6io9kbyT9GAaXcwLmlpUdejdNJUTXmvIcj9u3g
BcwDqxWvQABiEnp4wZ6iZCuFfXyVKHqhj/h9jItDufyo4ET5GnKOP4yKXlI0r0cC
dcrQ0hngYCJldssI2JuKqATVsjvpI5Bpp03nqTeIoJzylrdv/ld8WLpADw/QDzmD
UBLJXyC+5hbRuqxdhXhVdGfp2pPbc+SQ1KEvbJqpEfCl8o+6lo/FHXIOzjVZPLE1
vSeMeS7/S6vgsoG+UVVzo3nR45Hnp9QavKGSN3ZkpmTfVQT9M6ZvSO59SQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFCTg+LJzG67WZ4qmQb74sAZ3/tzjMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzU2NGJjYmVkLTA1NjEtNDg4OS04NjhjLTZjZmNiMGJhNTBlYy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYCJAbaEowwDQYJKoZIhvcNAQELBQADggEBAFOSiNBNBXRdFG+AXHkY
dJZazojlB/T76OEbRdLxmpgPNN/IqLj9ihYWaz3DoY/WxeQoeI8vXIhmhOAAeXTY
1ZVrjDOt2eYR7Fc+eXnLFQDYgjTms5B2CFjssqnh6rYk2OrX+9MGs5ZWFn+5TnfX
OUPXER0UGHvKTriIrrjPga0j+Fju2v+cbEo8alpHaHix8wi2BnGcH23Ee8ob121f
NogCDZykPFwT5Kmnd/SxfYfVP2+3sVoEvRToUpXQTEx6I2SIIZivM4U9bGqH/K4A
n54fcwVEKVz1bnIYF3aV1Nw9H43hr3iIvLocvJGwbBsljC8P+TiWpg9DNourUwkZ
YZw=
-----END CERTIFICATE-----