Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/5a5f4524-3417-4701-8ae6-02d271484008.roa
File:                     5a5f4524-3417-4701-8ae6-02d271484008.roa (raw, json)
Hash identifier:          D9nSjHq2Td9IrRSf1wzbi0GHI2groUnrKdSOC4EDXVg=
Subject key identifier:   8F:E8:FC:B2:62:B4:43:A3:FB:6B:3A:71:EB:AD:66:96:0A:72:7C:15
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       27F62DC9306346438E88EB12DDB3A1C993CE4943
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/5a5f4524-3417-4701-8ae6-02d271484008.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da10:8800::/38 maxlen: 38
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:f6:2d:c9:30:63:46:43:8e:88:eb:12:dd:b3:a1:c9:93:ce:49:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=6a1755491877912c94902517b9fd947f284ebbc6e6529cf5adcb5ce47d258f07, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:b6:5f:09:6e:1d:18:16:02:11:9f:18:96:76:
                    cc:ac:db:03:50:c0:12:e0:04:d3:c8:6d:f8:ad:27:
                    fb:38:18:85:eb:5b:44:06:31:bb:35:b8:85:10:63:
                    0c:ef:3f:7c:91:af:48:16:fc:56:bf:8a:de:57:c0:
                    36:75:00:2b:f3:f7:5f:73:84:2e:cd:a8:c7:c5:ac:
                    7b:15:6a:f2:fa:e0:cb:7d:d3:5a:5e:2b:47:78:7a:
                    25:fc:13:6d:2d:98:01:21:bd:b1:ab:2d:20:4a:04:
                    dd:1c:43:42:2f:8d:ea:0f:43:cf:55:aa:40:23:70:
                    3c:48:69:2c:1c:c4:82:cb:fa:67:a7:74:ef:20:10:
                    d9:af:eb:16:3f:5e:1b:d0:46:42:49:26:8f:d0:c0:
                    9e:85:a9:b9:81:1b:7a:33:82:47:4d:6f:9f:6e:7f:
                    aa:eb:58:30:2e:2c:79:fc:37:cd:61:2d:a6:13:20:
                    43:28:f1:54:75:9f:0d:86:89:04:af:d9:72:93:23:
                    81:7a:68:c8:c9:e5:ae:37:37:76:8e:da:4e:57:3b:
                    a6:9f:36:29:cd:3d:2b:29:28:26:33:03:85:b1:13:
                    49:de:fd:73:9b:1f:c7:b0:44:5b:a3:73:56:4f:89:
                    3d:c9:16:83:02:a1:da:52:0b:24:6e:15:df:a2:42:
                    a7:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:E8:FC:B2:62:B4:43:A3:FB:6B:3A:71:EB:AD:66:96:0A:72:7C:15
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/5a5f4524-3417-4701-8ae6-02d271484008.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da10:8800::/38

    Signature Algorithm: sha256WithRSAEncryption
         62:f7:4c:64:95:c1:87:e0:db:4a:f3:13:81:79:37:6f:e8:28:
         9f:1d:98:77:e5:0d:59:aa:13:9f:83:7b:78:16:53:71:98:19:
         ee:41:a2:8f:8b:87:01:52:da:8c:43:a9:ec:dc:f2:26:85:e7:
         91:16:8d:ce:58:00:7a:7f:03:7b:38:fe:f3:23:9b:64:e4:ae:
         28:89:d2:75:3f:9a:f3:f9:68:b1:1a:c0:b4:99:18:9a:0d:0a:
         55:09:a9:02:c5:fe:7f:f2:01:9e:cf:5a:aa:e6:3c:9d:cd:1b:
         9e:5c:d2:1c:a1:ec:c7:83:34:3d:96:5d:2c:bb:76:46:8a:ba:
         f7:00:4b:ce:b2:47:be:4e:5d:fd:38:41:6a:63:3a:b1:a8:3e:
         9f:42:11:63:f6:12:cf:0d:33:1c:b2:66:0b:23:6d:61:5c:11:
         47:42:76:66:56:f7:0e:6e:70:a6:1e:68:47:2a:c7:df:b6:61:
         12:3e:2b:0f:f1:9e:c9:89:89:af:3f:ff:f9:95:b7:7e:ca:84:
         54:df:ac:2a:42:d7:e6:47:9a:15:b5:a4:84:04:f6:05:f0:c1:
         f8:fb:8e:71:69:d0:a4:e3:1f:7f:c1:d9:1d:15:5b:95:4e:4a:
         3d:1a:a5:4e:73:d6:93:a3:ea:8d:c4:cf:c8:34:b6:98:47:ee:
         79:8c:e5:07
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUJ/YtyTBjRkOOiOsS3bOhyZPOSUMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNANmExNzU1NDkxODc3OTEyYzk0OTAy
NTE3YjlmZDk0N2YyODRlYmJjNmU2NTI5Y2Y1YWRjYjVjZTQ3ZDI1OGYwNzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3rZfCW4dGBYCEZ8YlnbMrNsDUMAS
4ATTyG34rSf7OBiF61tEBjG7NbiFEGMM7z98ka9IFvxWv4reV8A2dQAr8/dfc4Qu
zajHxax7FWry+uDLfdNaXitHeHol/BNtLZgBIb2xqy0gSgTdHENCL43qD0PPVapA
I3A8SGksHMSCy/pnp3TvIBDZr+sWP14b0EZCSSaP0MCeham5gRt6M4JHTW+fbn+q
61gwLix5/DfNYS2mEyBDKPFUdZ8NhokEr9lykyOBemjIyeWuNzd2jtpOVzumnzYp
zT0rKSgmMwOFsRNJ3v1zmx/HsERbo3NWT4k9yRaDAqHaUgskbhXfokKntQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFI/o/LJitEOj+2s6ceutZpYKcnwVMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzVhNWY0NTI0LTM0MTctNDcwMS04YWU2LTAyZDI3MTQ4NDAwOC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYCJAbaEIgwDQYJKoZIhvcNAQELBQADggEBAGL3TGSVwYfg20rzE4F5
N2/oKJ8dmHflDVmqE5+De3gWU3GYGe5Boo+LhwFS2oxDqezc8iaF55EWjc5YAHp/
A3s4/vMjm2TkriiJ0nU/mvP5aLEawLSZGJoNClUJqQLF/n/yAZ7PWqrmPJ3NG55c
0hyh7MeDND2WXSy7dkaKuvcAS86yR75OXf04QWpjOrGoPp9CEWP2Es8NMxyyZgsj
bWFcEUdCdmZW9w5ucKYeaEcqx9+2YRI+Kw/xnsmJia8///mVt37KhFTfrCpC1+ZH
mhW1pIQE9gXwwfj7jnFp0KTjH3/B2R0VW5VOSj0apU5z1pOj6o3Ez8g0tphH7nmM
5Qc=
-----END CERTIFICATE-----