Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/794f94c6-a1e0-44db-ac13-0cb5d0d8bc67.roa
File:                     794f94c6-a1e0-44db-ac13-0cb5d0d8bc67.roa (raw, json)
Hash identifier:          sMcOZerzv068ZHcAXJCz3FopwzYoQeLbDsTB7x+LZII=
Subject key identifier:   E1:8B:24:FB:6A:E2:33:A8:D4:2C:85:09:88:3B:3D:97:16:57:A8:B6
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       5914217ADD692458046573F75FE744E10A29848C
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/794f94c6-a1e0-44db-ac13-0cb5d0d8bc67.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da1a::/38 maxlen: 38
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:14:21:7a:dd:69:24:58:04:65:73:f7:5f:e7:44:e1:0a:29:84:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=0cf62f241b1746f6c9c5392e97fc5d07b55cd828c9df0310b8789e825e9cac9f, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:a4:b8:73:2e:75:21:7c:fe:40:d7:87:0e:e6:
                    e2:9c:1d:a1:08:41:be:79:58:b0:4e:84:11:e8:37:
                    77:72:e0:c8:ef:1c:fd:82:ca:90:78:fb:7f:b9:37:
                    2a:7b:bf:3a:5f:26:7f:4b:ab:e8:9f:c9:c6:74:ab:
                    70:db:a5:ce:53:80:68:13:c3:74:a0:5f:8d:dd:84:
                    6f:04:a4:cb:f2:18:5e:11:fe:24:2e:dc:71:c4:78:
                    60:9c:7c:97:a3:9f:40:9e:6d:4d:29:cf:e7:eb:0c:
                    c1:7a:c8:6b:fd:e3:a4:ac:56:d9:c8:86:86:25:ee:
                    a8:55:84:79:56:ab:af:05:73:dd:96:e9:54:7b:d5:
                    10:f9:7e:ca:32:21:b7:45:19:5d:4b:6f:a5:9f:36:
                    d3:c7:f2:3c:22:bb:60:11:59:89:64:13:b4:2b:61:
                    29:9a:56:08:bc:b1:e6:1a:8a:bd:5f:e3:07:21:28:
                    63:2a:62:1a:73:da:fe:38:6f:8a:6e:a3:1e:d7:98:
                    56:38:e6:b3:d1:b5:f9:72:1b:10:08:53:46:07:67:
                    d6:d6:45:85:85:e2:1d:70:39:72:04:60:3c:4e:b7:
                    89:1c:a7:79:8f:ba:57:d1:a7:f0:4b:b1:82:e6:1d:
                    ec:66:f3:76:be:63:95:87:0e:45:c3:cb:43:b2:24:
                    b4:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:8B:24:FB:6A:E2:33:A8:D4:2C:85:09:88:3B:3D:97:16:57:A8:B6
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/794f94c6-a1e0-44db-ac13-0cb5d0d8bc67.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da1a::/38

    Signature Algorithm: sha256WithRSAEncryption
         25:26:c3:d2:04:b9:94:3c:1f:1e:3a:01:f6:85:23:db:5c:4a:
         35:4f:79:48:bd:28:09:20:e6:ea:b2:1a:d1:2e:16:2d:94:fb:
         a2:07:c8:8f:30:e0:25:40:dc:b6:76:64:d5:4f:af:77:5f:02:
         7a:29:b1:af:f0:27:f2:4d:9a:8c:7a:cf:34:82:fa:af:94:a5:
         1c:98:cd:81:ce:69:b5:84:ce:7c:9e:32:49:d8:36:92:a7:49:
         34:f9:7b:be:08:a1:06:86:94:44:e8:ee:ec:40:1f:f9:03:29:
         90:76:3e:ca:93:0e:72:e6:9d:9c:dc:5c:8b:f8:11:15:39:43:
         61:a4:ea:aa:4c:15:84:bb:b0:17:82:0d:dd:d1:0b:92:b5:fa:
         0c:7b:03:f6:c6:a5:1a:45:fe:b9:0d:aa:11:d9:46:e7:94:86:
         0d:82:53:8f:0a:c0:65:20:11:02:34:ce:fc:26:d6:47:de:7f:
         62:1f:42:b1:7f:3a:17:99:38:e9:90:e8:82:dc:aa:f6:61:32:
         0a:d3:77:fe:72:8e:a0:96:56:0d:77:75:d2:84:df:22:ad:f3:
         48:87:25:8b:a7:02:01:5b:8b:6d:1a:ce:0e:9c:b1:a3:4e:4f:
         3b:f4:d7:16:e3:40:a7:a9:2f:0c:be:d5:45:98:60:74:73:ca:
         fc:9a:ac:0c
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUWRQhet1pJFgEZXP3X+dE4QophIwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNAMGNmNjJmMjQxYjE3NDZmNmM5YzUz
OTJlOTdmYzVkMDdiNTVjZDgyOGM5ZGYwMzEwYjg3ODllODI1ZTljYWM5ZjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzaS4cy51IXz+QNeHDubinB2hCEG+
eViwToQR6Dd3cuDI7xz9gsqQePt/uTcqe786XyZ/S6von8nGdKtw26XOU4BoE8N0
oF+N3YRvBKTL8hheEf4kLtxxxHhgnHyXo59Anm1NKc/n6wzBeshr/eOkrFbZyIaG
Je6oVYR5VquvBXPdlulUe9UQ+X7KMiG3RRldS2+lnzbTx/I8IrtgEVmJZBO0K2Ep
mlYIvLHmGoq9X+MHIShjKmIac9r+OG+KbqMe15hWOOaz0bX5chsQCFNGB2fW1kWF
heIdcDlyBGA8TreJHKd5j7pX0afwS7GC5h3sZvN2vmOVhw5Fw8tDsiS0gQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFOGLJPtq4jOo1CyFCYg7PZcWV6i2MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
Lzc5NGY5NGM2LWExZTAtNDRkYi1hYzEzLTBjYjVkMGQ4YmM2Ny5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYCJAbaGgAwDQYJKoZIhvcNAQELBQADggEBACUmw9IEuZQ8Hx46AfaF
I9tcSjVPeUi9KAkg5uqyGtEuFi2U+6IHyI8w4CVA3LZ2ZNVPr3dfAnopsa/wJ/JN
mox6zzSC+q+UpRyYzYHOabWEznyeMknYNpKnSTT5e74IoQaGlETo7uxAH/kDKZB2
PsqTDnLmnZzcXIv4ERU5Q2Gk6qpMFYS7sBeCDd3RC5K1+gx7A/bGpRpF/rkNqhHZ
RueUhg2CU48KwGUgEQI0zvwm1kfef2IfQrF/OheZOOmQ6ILcqvZhMgrTd/5yjqCW
Vg13ddKE3yKt80iHJYunAgFbi20azg6csaNOTzv01xbjQKepLwy+1UWYYHRzyvya
rAw=
-----END CERTIFICATE-----