Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/6863d6e5-517f-4f3b-8358-e9965de82700.roa
File:                     6863d6e5-517f-4f3b-8358-e9965de82700.roa (raw, json)
Hash identifier:          GzrwjAWVqLpOHvVyIDWBg/krYsdQmJlT9jOFkBY+wzQ=
Subject key identifier:   F6:35:92:6A:61:9C:59:04:0D:F6:E9:FB:4E:06:D5:D9:CB:D7:F0:BE
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       473D8F60EA852666ABD37E8649F26D3AFF1FDB51
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/6863d6e5-517f-4f3b-8358-e9965de82700.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf2:c8c0::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:3d:8f:60:ea:85:26:66:ab:d3:7e:86:49:f2:6d:3a:ff:1f:db:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=bb1e937e5eab9f1289f3edc6c250e2955fff5f5170b617bfad2ffc95a27402ae, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:60:20:9c:be:46:3b:ef:6b:33:a1:de:60:43:
                    ed:7b:15:24:75:f0:8a:6a:4b:f2:8e:70:29:c4:b8:
                    a3:7e:27:6c:95:53:e6:48:d0:44:51:ef:79:c2:25:
                    7f:23:18:bf:2c:75:8d:a6:cd:d9:ee:c9:e1:f1:fa:
                    3d:f6:08:6b:73:b4:d1:b7:81:d4:30:2b:99:6f:ce:
                    34:9c:34:be:ae:87:03:ea:c7:4a:9c:c0:d5:14:7a:
                    a3:22:30:47:94:0d:bb:bf:11:e3:2f:da:19:c4:2a:
                    72:6c:48:df:cc:f5:d8:b3:5e:bf:ea:f8:ad:59:9b:
                    45:a1:6f:c7:49:5c:50:56:d1:ae:8d:b8:09:aa:82:
                    49:53:e8:28:fa:9a:ff:cf:85:74:b9:f0:60:12:80:
                    18:0c:7e:11:4a:20:c4:db:9c:82:91:b5:12:52:a5:
                    22:5e:c8:d6:37:b9:01:05:0d:48:32:6d:0b:60:3d:
                    43:76:cc:08:23:92:37:c6:5c:70:f8:4f:62:58:45:
                    a0:82:04:0f:e5:29:bd:42:49:c0:7e:51:71:81:7f:
                    f2:f1:c7:58:e7:cd:d0:93:a0:79:db:04:6a:f5:87:
                    b3:af:37:e6:e0:73:e7:8f:cb:3d:c0:86:6f:60:9a:
                    ef:12:15:80:78:4f:7b:f0:1f:21:86:ac:c6:b0:5a:
                    4c:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:35:92:6A:61:9C:59:04:0D:F6:E9:FB:4E:06:D5:D9:CB:D7:F0:BE
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/6863d6e5-517f-4f3b-8358-e9965de82700.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf2:c8c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         bd:67:59:48:47:ed:ac:03:20:7c:d5:9a:f4:b3:ae:98:4a:bf:
         20:c0:52:01:8d:37:25:f3:ee:2b:a7:43:38:fb:f2:bf:80:f6:
         58:c2:6d:9b:e4:70:84:1d:da:01:18:3d:0a:a0:a7:b6:06:4f:
         14:89:40:65:6d:ac:2d:9a:05:1b:66:11:b0:aa:57:05:50:97:
         86:46:db:dc:6f:2b:ab:e7:40:0a:fc:11:f1:17:c9:39:7c:c8:
         c5:75:68:24:30:7e:3c:f2:9f:18:8a:50:f6:a0:06:25:fb:75:
         1d:28:14:ea:02:77:4c:2d:33:27:ed:aa:91:bf:8c:a0:75:8b:
         f6:2e:17:2f:f3:42:0f:2f:af:23:5d:68:2a:59:d5:20:87:22:
         df:b9:44:55:35:76:b9:92:85:c5:d4:ee:e3:ea:3b:d1:a0:73:
         0c:0d:d9:8b:63:1a:69:3c:13:bf:c9:4a:f4:5d:a2:55:ca:f8:
         44:93:d9:62:a9:20:0e:e3:5c:74:0a:11:5e:5c:5d:f7:8b:97:
         90:bc:d4:1a:e6:12:42:63:29:ae:2c:e2:81:55:c3:4e:aa:2e:
         e6:7e:4b:94:1e:3a:18:0b:74:fb:16:1e:7b:37:89:9c:af:00:
         ae:87:c7:b0:13:b9:12:d3:66:75:3d:a7:e5:20:a8:fb:e0:da:
         56:c7:59:b0
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIURz2PYOqFJmar036GSfJtOv8f21EwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNAYmIxZTkzN2U1ZWFiOWYxMjg5ZjNl
ZGM2YzI1MGUyOTU1ZmZmNWY1MTcwYjYxN2JmYWQyZmZjOTVhMjc0MDJhZTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3mAgnL5GO+9rM6HeYEPtexUkdfCK
akvyjnApxLijfidslVPmSNBEUe95wiV/Ixi/LHWNps3Z7snh8fo99ghrc7TRt4HU
MCuZb840nDS+rocD6sdKnMDVFHqjIjBHlA27vxHjL9oZxCpybEjfzPXYs16/6vit
WZtFoW/HSVxQVtGujbgJqoJJU+go+pr/z4V0ufBgEoAYDH4RSiDE25yCkbUSUqUi
XsjWN7kBBQ1IMm0LYD1DdswII5I3xlxw+E9iWEWgggQP5Sm9QknAflFxgX/y8cdY
583Qk6B52wRq9Yezrzfm4HPnj8s9wIZvYJrvEhWAeE978B8hhqzGsFpMsQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFPY1kmphnFkEDfbp+04G1dnL1/C+MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzY4NjNkNmU1LTUxN2YtNGYzYi04MzU4LWU5OTY1ZGU4MjcwMC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAba8sjAMA0GCSqGSIb3DQEBCwUAA4IBAQC9Z1lIR+2sAyB81Zr0
s66YSr8gwFIBjTcl8+4rp0M4+/K/gPZYwm2b5HCEHdoBGD0KoKe2Bk8UiUBlbawt
mgUbZhGwqlcFUJeGRtvcbyur50AK/BHxF8k5fMjFdWgkMH488p8YilD2oAYl+3Ud
KBTqAndMLTMn7aqRv4ygdYv2Lhcv80IPL68jXWgqWdUghyLfuURVNXa5koXF1O7j
6jvRoHMMDdmLYxppPBO/yUr0XaJVyvhEk9liqSAO41x0ChFeXF33i5eQvNQa5hJC
YymuLOKBVcNOqi7mfkuUHjoYC3T7Fh57N4mcrwCuh8ewE7kS02Z1PaflIKj74NpW
x1mw
-----END CERTIFICATE-----