Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/680b28c0-fd78-49c9-9355-94724e964ebe.roa
File:                     680b28c0-fd78-49c9-9355-94724e964ebe.roa (raw, json)
Hash identifier:          YVPEhuGZeoIYHFg8BJbC1T9auAE07In28wcOfidVOHw=
Subject key identifier:   9D:20:57:24:34:11:19:4D:13:F6:31:98:A1:68:14:54:56:CD:A7:22
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       5FCF9FA4C11D9EF333C882E28C3AC5F21A5A7484
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/680b28c0-fd78-49c9-9355-94724e964ebe.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da61:c040::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:cf:9f:a4:c1:1d:9e:f3:33:c8:82:e2:8c:3a:c5:f2:1a:5a:74:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=cf8a55f43471a9a6f9cc43474bfc1ecf6bc515e93d4502e29a8fcaf34ed7858c, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:2b:d5:e8:31:a4:31:97:e7:34:bc:36:5c:ff:
                    f4:30:7b:37:ea:ea:2a:61:27:7d:ec:96:ba:52:12:
                    4a:78:27:41:b2:00:5c:83:81:15:97:66:51:f0:76:
                    c8:63:ee:57:7c:53:05:11:dd:08:4d:e0:fe:d3:3f:
                    30:05:99:2e:cd:ef:0c:b8:5d:29:7f:0b:f3:1d:13:
                    fc:ac:c9:d5:a9:5a:25:f4:99:b3:fb:7f:dc:5f:de:
                    98:31:57:31:1e:c3:4e:e6:a7:7c:08:5b:cd:a3:8d:
                    33:4f:0a:5d:0e:31:5a:bd:38:0d:64:80:da:95:f1:
                    d7:88:f9:a5:a2:b3:1c:38:53:82:ad:a2:13:4c:35:
                    2a:1a:96:b5:7e:fc:37:0e:b6:fb:d4:ee:82:8d:f9:
                    04:ba:28:98:ed:7e:6e:32:1a:83:dd:31:4d:e0:2f:
                    2d:03:d1:61:72:8b:f4:68:69:9a:b9:8b:1b:ac:d0:
                    01:72:80:f0:db:86:0c:4f:04:ad:22:8a:04:01:17:
                    dd:bb:cf:f9:b3:2a:c1:59:e7:70:28:45:dd:88:3b:
                    2f:62:a6:6c:de:11:a0:3a:47:24:a3:a2:cd:38:26:
                    82:9b:b0:40:dc:91:11:f9:8f:1c:cb:28:5e:ba:e1:
                    ee:7d:8f:59:e9:f9:25:be:55:65:1b:40:ae:f7:8e:
                    75:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:20:57:24:34:11:19:4D:13:F6:31:98:A1:68:14:54:56:CD:A7:22
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/680b28c0-fd78-49c9-9355-94724e964ebe.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da61:c040::/48

    Signature Algorithm: sha256WithRSAEncryption
         04:b8:74:d5:a2:68:fd:b8:2a:72:99:9d:28:b8:7c:0e:1c:54:
         b2:c9:d7:bf:67:f2:5c:68:ae:51:60:b3:dc:d4:c8:cf:84:9b:
         41:0d:0d:86:2c:c4:09:37:89:32:2c:4b:5e:86:a5:54:6d:06:
         1c:99:83:2f:07:44:23:2f:e8:24:1a:40:a1:66:ea:c5:5b:70:
         dd:da:f2:e6:9f:2c:5e:23:9e:06:97:c7:46:66:ad:d4:ad:fc:
         c7:f0:d3:89:66:37:7e:c1:4d:4c:2d:18:8f:1a:75:43:c1:28:
         45:04:47:e0:53:23:b9:7c:66:14:b9:e4:cf:37:cc:8f:d3:ce:
         c6:d2:c6:e7:49:6d:f0:55:55:c1:b8:38:0a:68:46:eb:e2:1f:
         b4:ee:fc:e3:9f:1b:c6:b8:14:7d:53:56:16:a5:20:74:71:fd:
         c0:41:21:fe:df:6d:5e:91:72:31:ea:55:c2:52:23:ba:7c:1e:
         bd:4a:00:75:0e:76:9f:53:78:58:4f:39:12:82:19:cb:a9:32:
         99:d7:40:6b:2c:4d:59:0d:93:81:a2:34:d2:7f:da:84:e1:95:
         f3:05:d6:6b:3f:f4:1b:59:2b:2f:89:df:ae:61:8d:48:42:2c:
         bf:50:b1:49:da:4d:b6:48:25:82:de:b4:06:2b:d5:02:2d:ac:
         55:46:58:f7
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUX8+fpMEdnvMzyILijDrF8hpadIQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNAY2Y4YTU1ZjQzNDcxYTlhNmY5Y2M0
MzQ3NGJmYzFlY2Y2YmM1MTVlOTNkNDUwMmUyOWE4ZmNhZjM0ZWQ3ODU4YzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1SvV6DGkMZfnNLw2XP/0MHs36uoq
YSd97Ja6UhJKeCdBsgBcg4EVl2ZR8HbIY+5XfFMFEd0ITeD+0z8wBZkuze8MuF0p
fwvzHRP8rMnVqVol9Jmz+3/cX96YMVcxHsNO5qd8CFvNo40zTwpdDjFavTgNZIDa
lfHXiPmlorMcOFOCraITTDUqGpa1fvw3Drb71O6CjfkEuiiY7X5uMhqD3TFN4C8t
A9Fhcov0aGmauYsbrNABcoDw24YMTwStIooEARfdu8/5syrBWedwKEXdiDsvYqZs
3hGgOkcko6LNOCaCm7BA3JER+Y8cyyheuuHufY9Z6fklvlVlG0Cu94519QIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFJ0gVyQ0ERlNE/YxmKFoFFRWzaciMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzY4MGIyOGMwLWZkNzgtNDljOS05MzU1LTk0NzI0ZTk2NGViZS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAbaYcBAMA0GCSqGSIb3DQEBCwUAA4IBAQAEuHTVomj9uCpymZ0o
uHwOHFSyyde/Z/JcaK5RYLPc1MjPhJtBDQ2GLMQJN4kyLEtehqVUbQYcmYMvB0Qj
L+gkGkChZurFW3Dd2vLmnyxeI54Gl8dGZq3UrfzH8NOJZjd+wU1MLRiPGnVDwShF
BEfgUyO5fGYUueTPN8yP087G0sbnSW3wVVXBuDgKaEbr4h+07vzjnxvGuBR9U1YW
pSB0cf3AQSH+321ekXIx6lXCUiO6fB69SgB1DnafU3hYTzkSghnLqTKZ10BrLE1Z
DZOBojTSf9qE4ZXzBdZrP/QbWSsvid+uYY1IQiy/ULFJ2k22SCWC3rQGK9UCLaxV
Rlj3
-----END CERTIFICATE-----