Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/6b336b02-f773-4fbb-bbc4-a1149b172ad2.roa
File:                     6b336b02-f773-4fbb-bbc4-a1149b172ad2.roa (raw, json)
Hash identifier:          QGcYcoDlPMN+BUv7UsuLXbpqD36IP97/SRNFloCsOu0=
Subject key identifier:   8E:CE:34:62:4E:A3:D5:D2:90:06:46:CB:A9:1B:15:3F:8C:75:D6:10
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       3F2C402EB3E4D76D2DDF2A5513315ED31A2F9B01
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/6b336b02-f773-4fbb-bbc4-a1149b172ad2.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daa0:b000::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:2c:40:2e:b3:e4:d7:6d:2d:df:2a:55:13:31:5e:d3:1a:2f:9b:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=9d911030aaab22b27eb1ae7fcad6abea7f0f95c49ba624de8c3d65dfc0472a43, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:4d:fc:a5:5e:17:1c:ce:71:2b:01:70:e0:00:
                    48:79:f8:a3:d6:83:5d:46:cf:ad:71:5f:0a:e1:13:
                    a9:08:ee:df:c7:9c:27:76:76:18:45:77:5d:2d:90:
                    f8:4e:c5:66:a5:21:b6:62:0f:ab:74:72:b2:98:4c:
                    bf:3b:43:95:27:a2:28:82:7d:ea:b9:af:eb:94:bd:
                    16:c7:a9:ec:3d:33:c2:95:08:cc:78:e7:10:12:65:
                    44:39:18:ca:47:6d:05:e0:83:34:93:ca:a5:77:1a:
                    b7:e3:5c:c4:85:ee:81:62:5b:92:11:dc:a8:a6:6d:
                    aa:7b:54:3e:8f:eb:b1:c7:bf:a7:12:32:ca:47:72:
                    3f:f9:c5:a5:e5:36:87:4f:db:fe:6c:98:89:db:7a:
                    5a:29:83:66:c1:7b:94:00:01:4f:00:ff:6e:69:56:
                    42:1d:2c:ee:9c:07:7e:57:94:93:77:55:89:0e:e4:
                    dd:de:ab:30:cc:c2:8d:43:6e:da:d3:9f:0c:b4:58:
                    33:6d:ad:5c:a3:ec:4b:93:b1:ca:0e:a5:e3:cb:a6:
                    91:d6:21:6e:8e:5b:0a:88:f9:2e:bd:50:f7:2e:db:
                    66:27:e4:24:07:46:61:c8:59:4a:ce:90:d2:d8:b2:
                    52:25:ea:af:e5:7a:6f:0a:b0:bb:60:03:b2:31:47:
                    64:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:CE:34:62:4E:A3:D5:D2:90:06:46:CB:A9:1B:15:3F:8C:75:D6:10
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/6b336b02-f773-4fbb-bbc4-a1149b172ad2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daa0:b000::/40

    Signature Algorithm: sha256WithRSAEncryption
         61:f7:5f:98:41:d6:2d:92:9e:8a:56:53:90:f6:41:20:b2:bd:
         1b:fd:97:ff:de:47:02:73:de:48:1d:48:2d:07:3d:8d:f8:6f:
         a3:51:05:cf:be:ae:9c:79:8d:cc:2a:dc:ba:83:1a:41:c5:ba:
         0e:c9:73:da:d6:b8:85:2e:0c:73:66:af:59:1a:81:98:b8:fc:
         f7:44:fe:1b:52:1a:00:70:ec:71:5e:d4:9d:ea:f3:81:ef:64:
         a0:17:37:54:af:1d:e9:97:17:9d:a7:e1:26:3f:87:22:b9:6b:
         75:76:b9:fb:ba:01:f1:de:81:f9:18:63:98:ee:ec:22:22:12:
         4f:16:89:be:7d:8e:0e:5c:e9:14:4e:d0:00:67:93:1c:d2:4f:
         57:80:d1:a9:f7:16:91:5f:74:b3:22:a8:74:aa:26:8a:2e:5c:
         95:e3:5f:78:b4:29:a4:8b:37:a4:b3:42:0c:a8:2b:35:91:c9:
         36:83:64:10:c5:1a:6e:5e:e8:70:cd:b0:7e:60:96:7c:ef:6e:
         3d:ff:88:32:73:27:c6:ba:8a:4c:4c:30:84:9e:7e:c0:6e:07:
         f5:b8:0b:29:fc:fb:dc:3c:4e:03:6b:d8:1a:56:a6:67:9e:25:
         8a:84:1e:af:81:b1:3d:da:96:4f:f7:fc:d5:aa:d6:25:ed:66:
         33:b0:c0:07
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUPyxALrPk120t3ypVEzFe0xovmwEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDExMzAwMDAwMFoX
DTI1MDIxNzIzNTk1OVowejFJMEcGA1UEBRNAOWQ5MTEwMzBhYWFiMjJiMjdlYjFh
ZTdmY2FkNmFiZWE3ZjBmOTVjNDliYTYyNGRlOGMzZDY1ZGZjMDQ3MmE0MzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtU38pV4XHM5xKwFw4ABIefij1oNd
Rs+tcV8K4ROpCO7fx5wndnYYRXddLZD4TsVmpSG2Yg+rdHKymEy/O0OVJ6Iogn3q
ua/rlL0Wx6nsPTPClQjMeOcQEmVEORjKR20F4IM0k8qldxq341zEhe6BYluSEdyo
pm2qe1Q+j+uxx7+nEjLKR3I/+cWl5TaHT9v+bJiJ23paKYNmwXuUAAFPAP9uaVZC
HSzunAd+V5STd1WJDuTd3qswzMKNQ27a058MtFgzba1co+xLk7HKDqXjy6aR1iFu
jlsKiPkuvVD3LttmJ+QkB0ZhyFlKzpDS2LJSJeqv5XpvCrC7YAOyMUdk/QIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFI7ONGJOo9XSkAZGy6kbFT+MddYQMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzZiMzM2YjAyLWY3NzMtNGZiYi1iYmM0LWExMTQ5YjE3MmFkMi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaoLAwDQYJKoZIhvcNAQELBQADggEBAGH3X5hB1i2SnopWU5D2
QSCyvRv9l//eRwJz3kgdSC0HPY34b6NRBc++rpx5jcwq3LqDGkHFug7Jc9rWuIUu
DHNmr1kagZi4/PdE/htSGgBw7HFe1J3q84HvZKAXN1SvHemXF52n4SY/hyK5a3V2
ufu6AfHegfkYY5ju7CIiEk8Wib59jg5c6RRO0ABnkxzST1eA0an3FpFfdLMiqHSq
JoouXJXjX3i0KaSLN6SzQgyoKzWRyTaDZBDFGm5e6HDNsH5glnzvbj3/iDJzJ8a6
ikxMMISefsBuB/W4Cyn8+9w8TgNr2BpWpmeeJYqEHq+BsT3alk/3/NWq1iXtZjOw
wAc=
-----END CERTIFICATE-----