Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/5bbba35a-ebdf-420c-9fbe-831fe4124982.roa
File:                     5bbba35a-ebdf-420c-9fbe-831fe4124982.roa (raw, json)
Hash identifier:          MddlzDpuwZlD+6LWURGJcd+3hQzygEJhWn5ylehJoLI=
Subject key identifier:   93:8F:AB:8C:F9:4C:37:82:78:04:33:A6:C9:73:E7:75:98:D9:84:F4
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       675F4CB3C55DE885B2503E7FF2124590B41AC6DE
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/5bbba35a-ebdf-420c-9fbe-831fe4124982.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafb:6040::/46 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:5f:4c:b3:c5:5d:e8:85:b2:50:3e:7f:f2:12:45:90:b4:1a:c6:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=2d554f91aeaea2ef43d037ac2d19c414267b382ce9161a774f0f789bb5432976, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:c5:e7:56:c9:b7:28:c2:9c:d9:7f:44:1d:b5:
                    3f:b9:30:f9:9d:14:d1:b4:d7:a5:26:6c:12:5d:d5:
                    41:57:70:94:da:13:8f:3c:8e:14:6a:7b:2c:e0:c5:
                    79:e7:5c:25:93:91:29:f7:b2:e1:17:2f:a5:40:e3:
                    65:0f:46:cc:7a:9f:b0:24:31:fa:82:e4:b0:42:0a:
                    bf:5e:3b:24:2e:d6:6d:b0:95:df:0b:81:8c:f4:36:
                    89:54:b9:d9:4d:77:f8:fb:7a:63:c6:b9:53:f1:61:
                    36:fb:59:cf:c7:fc:65:22:5f:ea:a9:9d:2a:ec:b8:
                    b6:ee:3f:82:8e:fb:48:88:e5:11:89:a7:62:64:63:
                    a6:63:1a:1b:ba:e3:29:f4:d9:27:df:4b:62:00:2f:
                    61:13:57:f4:07:07:1b:ed:49:22:5b:a4:93:da:08:
                    37:39:91:40:7d:83:8b:2d:1e:36:da:f4:dc:b9:d9:
                    f3:6e:e2:10:10:aa:45:9c:df:55:80:aa:23:64:2f:
                    5d:ed:25:27:ca:e7:9e:51:56:b3:8c:d4:95:70:f1:
                    3f:85:74:35:aa:8a:10:43:07:98:a5:b2:1c:ef:5f:
                    8e:6b:f4:5d:e3:c2:20:39:cc:b5:03:44:68:85:b9:
                    fa:ca:4b:70:6d:5d:d5:3d:98:db:c6:ac:e7:b6:43:
                    44:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:8F:AB:8C:F9:4C:37:82:78:04:33:A6:C9:73:E7:75:98:D9:84:F4
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/5bbba35a-ebdf-420c-9fbe-831fe4124982.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafb:6040::/46

    Signature Algorithm: sha256WithRSAEncryption
         7a:46:11:e9:ad:fd:a0:66:a4:61:f4:74:83:37:4d:77:41:34:
         4b:5e:68:26:47:50:37:38:c2:c1:c2:4c:9e:54:7c:4d:fa:54:
         f9:8c:76:8e:d7:4c:79:a2:23:5d:92:d3:c8:2f:71:b3:55:ad:
         0b:0a:93:ca:94:83:e3:cf:ce:ef:ad:70:0b:bc:1a:6c:0d:a0:
         6f:2f:9c:51:63:f4:13:bb:02:46:e4:73:33:75:cc:fc:6b:67:
         ae:1f:ed:b4:5a:04:95:45:9b:bd:1c:73:64:46:05:7d:b0:91:
         c0:05:e2:67:d6:3c:1a:5e:1e:1e:ab:25:b5:34:cc:d9:ba:3c:
         14:70:a2:ce:80:d6:86:b1:3d:06:78:11:ff:46:64:27:9e:d9:
         0d:f8:7a:b3:d7:b8:46:94:d1:9b:56:ec:eb:61:38:3b:a9:2d:
         cc:e8:dc:dd:df:42:d6:8e:23:92:fd:74:15:88:1b:23:d6:43:
         09:c0:8c:51:fe:44:c9:c8:91:cd:d8:7b:c8:2d:60:16:c9:2a:
         a8:c0:42:c0:c0:21:26:67:59:ef:8b:c9:94:8e:ba:0a:11:ca:
         0a:ec:48:f2:0b:23:a0:0c:62:43:8b:f3:de:49:a9:44:f1:f4:
         8a:32:b4:43:73:e0:6b:45:87:60:82:e4:04:06:a2:0b:63:9b:
         40:5a:a7:e6
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUZ19Ms8Vd6IWyUD5/8hJFkLQaxt4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNAMmQ1NTRmOTFhZWFlYTJlZjQzZDAz
N2FjMmQxOWM0MTQyNjdiMzgyY2U5MTYxYTc3NGYwZjc4OWJiNTQzMjk3NjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyMXnVsm3KMKc2X9EHbU/uTD5nRTR
tNelJmwSXdVBV3CU2hOPPI4Uanss4MV551wlk5Ep97LhFy+lQONlD0bMep+wJDH6
guSwQgq/XjskLtZtsJXfC4GM9DaJVLnZTXf4+3pjxrlT8WE2+1nPx/xlIl/qqZ0q
7Li27j+CjvtIiOURiadiZGOmYxobuuMp9Nkn30tiAC9hE1f0Bwcb7UkiW6ST2gg3
OZFAfYOLLR422vTcudnzbuIQEKpFnN9VgKojZC9d7SUnyueeUVazjNSVcPE/hXQ1
qooQQweYpbIc71+Oa/Rd48IgOcy1A0Rohbn6yktwbV3VPZjbxqzntkNExwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFJOPq4z5TDeCeAQzpslz53WY2YT0MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzViYmJhMzVhLWViZGYtNDIwYy05ZmJlLTgzMWZlNDEyNDk4Mi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcCJAba+2BAMA0GCSqGSIb3DQEBCwUAA4IBAQB6RhHprf2gZqRh9HSD
N013QTRLXmgmR1A3OMLBwkyeVHxN+lT5jHaO10x5oiNdktPIL3GzVa0LCpPKlIPj
z87vrXALvBpsDaBvL5xRY/QTuwJG5HMzdcz8a2euH+20WgSVRZu9HHNkRgV9sJHA
BeJn1jwaXh4eqyW1NMzZujwUcKLOgNaGsT0GeBH/RmQnntkN+Hqz17hGlNGbVuzr
YTg7qS3M6Nzd30LWjiOS/XQViBsj1kMJwIxR/kTJyJHN2HvILWAWySqowELAwCEm
Z1nvi8mUjroKEcoK7EjyCyOgDGJDi/PeSalE8fSKMrRDc+BrRYdgguQEBqILY5tA
Wqfm
-----END CERTIFICATE-----