Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/589cd174-ff9f-4468-b434-55095a24f148.roa
File:                     589cd174-ff9f-4468-b434-55095a24f148.roa (raw, json)
Hash identifier:          sdMESGEE2UacsqFE8OBtsuah9VxSFIXXXF0DycsgAqs=
Subject key identifier:   B9:93:51:66:EF:FC:02:80:AC:4E:92:2C:7E:72:27:EF:1A:B3:D7:75
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       1D83EDB0C32A82DA85E3DA14A5482192837DF6AF
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/589cd174-ff9f-4468-b434-55095a24f148.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da00:c020::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:83:ed:b0:c3:2a:82:da:85:e3:da:14:a5:48:21:92:83:7d:f6:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=716d9dd9c3736d57bf556b6b0a01ad0da899e0ad1235cf70f3ace1e7c4d0f9b6, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:33:ff:ef:c8:df:1f:59:b5:1b:e6:4a:b1:74:
                    86:70:9f:7e:cd:7f:82:8f:77:e8:68:67:0a:c5:06:
                    82:72:ad:62:e2:23:65:74:61:3c:3d:49:74:eb:f6:
                    11:7a:50:8a:4a:8f:98:a8:b7:6b:d7:89:d0:a6:a9:
                    ee:48:4b:aa:19:fb:ae:85:2f:a0:39:45:94:59:bd:
                    2b:77:98:16:e0:20:d1:48:7d:14:4d:7f:a8:aa:1d:
                    c1:33:ed:93:e0:d4:fd:1d:d1:36:37:b9:cb:d0:00:
                    ab:bc:2b:fe:82:6e:94:86:93:4d:d9:bf:cc:16:fe:
                    c1:50:6b:98:36:c6:e9:3f:d0:08:ae:98:ff:7b:bb:
                    a1:48:5b:a5:ba:a9:27:48:db:d0:ce:03:89:2f:ed:
                    c2:44:54:0b:43:29:30:29:e6:e4:aa:33:b0:7a:25:
                    b3:9e:52:f9:12:57:68:42:9f:dc:2e:1f:0e:3f:bc:
                    8d:7f:12:56:8c:07:fc:de:87:18:77:4e:61:1b:13:
                    80:1c:14:5d:89:17:89:bb:b9:2d:f4:f2:10:42:16:
                    1f:ab:84:04:0d:99:88:5a:7f:36:7b:23:3d:2b:dd:
                    f3:4a:73:92:84:d4:e3:3a:cc:20:83:45:0e:d3:a3:
                    81:b0:ba:92:9f:c5:ce:ba:2a:a9:b6:1b:45:09:e3:
                    4a:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:93:51:66:EF:FC:02:80:AC:4E:92:2C:7E:72:27:EF:1A:B3:D7:75
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/589cd174-ff9f-4468-b434-55095a24f148.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da00:c020::/48

    Signature Algorithm: sha256WithRSAEncryption
         c0:6b:35:ff:6b:72:01:19:5b:07:88:ce:7d:d2:18:0a:52:f3:
         ac:bd:d5:fc:69:d6:cc:f6:9d:46:b9:dd:bb:46:fb:dd:a3:ae:
         62:a9:4a:13:bd:5c:83:0b:ad:f2:3b:99:73:6e:dd:3f:1e:7d:
         ac:4e:86:1c:80:0c:7d:ff:67:6a:de:d7:72:15:6e:60:54:a2:
         3c:06:23:85:a0:e4:8f:cb:cc:30:9a:f3:dc:95:02:f4:1b:ff:
         a1:7d:ee:9e:74:24:92:64:f4:f2:65:7e:14:cf:a2:e7:c7:33:
         1a:24:d9:6f:8c:f1:30:76:1a:ac:aa:ee:5b:0f:05:0d:34:6c:
         0f:a9:e5:ce:9c:2b:6a:a8:a8:69:5b:87:c0:22:09:9b:7f:46:
         93:da:4b:91:62:ff:92:19:47:43:c0:ef:73:36:a2:c5:d7:9a:
         cf:02:50:d7:47:ff:f0:7d:28:7b:86:fa:c7:c7:a0:40:07:cf:
         74:e2:d6:5d:4a:79:b5:ca:a5:3e:6e:9a:4c:20:bf:63:6e:fc:
         57:41:06:7a:8d:ef:31:6b:48:44:5e:b5:94:27:19:b4:a8:81:
         83:17:3d:d1:70:8e:49:1f:83:70:40:46:af:cc:50:b6:e4:a6:
         4d:29:f8:1e:7a:4c:1a:08:9a:6a:8f:9f:d0:d8:36:4a:d1:70:
         57:66:1a:da
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUHYPtsMMqgtqF49oUpUghkoN99q8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNANzE2ZDlkZDljMzczNmQ1N2JmNTU2
YjZiMGEwMWFkMGRhODk5ZTBhZDEyMzVjZjcwZjNhY2UxZTdjNGQwZjliNjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTP/78jfH1m1G+ZKsXSGcJ9+zX+C
j3foaGcKxQaCcq1i4iNldGE8PUl06/YRelCKSo+YqLdr14nQpqnuSEuqGfuuhS+g
OUWUWb0rd5gW4CDRSH0UTX+oqh3BM+2T4NT9HdE2N7nL0ACrvCv+gm6UhpNN2b/M
Fv7BUGuYNsbpP9AIrpj/e7uhSFuluqknSNvQzgOJL+3CRFQLQykwKebkqjOweiWz
nlL5EldoQp/cLh8OP7yNfxJWjAf83ocYd05hGxOAHBRdiReJu7kt9PIQQhYfq4QE
DZmIWn82eyM9K93zSnOShNTjOswgg0UO06OBsLqSn8XOuiqpthtFCeNKJQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFLmTUWbv/AKArE6SLH5yJ+8as9d1MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzU4OWNkMTc0LWZmOWYtNDQ2OC1iNDM0LTU1MDk1YTI0ZjE0OC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAbaAMAgMA0GCSqGSIb3DQEBCwUAA4IBAQDAazX/a3IBGVsHiM59
0hgKUvOsvdX8adbM9p1Gud27Rvvdo65iqUoTvVyDC63yO5lzbt0/Hn2sToYcgAx9
/2dq3tdyFW5gVKI8BiOFoOSPy8wwmvPclQL0G/+hfe6edCSSZPTyZX4Uz6LnxzMa
JNlvjPEwdhqsqu5bDwUNNGwPqeXOnCtqqKhpW4fAIgmbf0aT2kuRYv+SGUdDwO9z
NqLF15rPAlDXR//wfSh7hvrHx6BAB8904tZdSnm1yqU+bppMIL9jbvxXQQZ6je8x
a0hEXrWUJxm0qIGDFz3RcI5JH4NwQEavzFC25KZNKfgeekwaCJpqj5/Q2DZK0XBX
Zhra
-----END CERTIFICATE-----