Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/803133e2-b46b-4dbc-9fc8-0014c2592315.roa
File:                     803133e2-b46b-4dbc-9fc8-0014c2592315.roa (raw, json)
Hash identifier:          YYdJ/xcyOUpY/V85ycPE7XNLFwhl9KtEnXli7cu2izA=
Subject key identifier:   0D:42:72:74:11:F1:56:5F:AF:FF:4C:F5:CD:43:FC:74:AC:51:9A:58
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       3689348B4D31885F4E3E5AB4AADCF9A9D13E1E07
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/803133e2-b46b-4dbc-9fc8-0014c2592315.roa
Signing time:             Sat 25 Jan 2025 00:00:00 +0000
ROA not before:           Sat 25 Jan 2025 00:00:00 +0000
ROA not after:            Sat 01 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf5:4000::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:89:34:8b:4d:31:88:5f:4e:3e:5a:b4:aa:dc:f9:a9:d1:3e:1e:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan 25 00:00:00 2025 GMT
            Not After : Mar  1 23:59:59 2025 GMT
        Subject: serialNumber=744782f62c15c6e49eaf1e4d0afc916793e07584e8da2756662be57e0766079d, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:4f:87:0f:af:5c:7e:dd:2c:13:76:00:40:d1:
                    ee:55:ac:8b:a4:bc:da:a2:47:73:e0:86:20:ec:f8:
                    18:e0:52:21:e4:b1:d3:1b:ee:93:d2:04:b5:2e:33:
                    34:5e:84:6f:11:1f:2f:3d:44:5c:26:1e:07:83:1b:
                    58:07:d2:e0:9c:22:4f:bd:4a:d7:03:24:e1:04:8c:
                    3a:6b:16:07:6e:0f:fc:dd:a7:07:6a:10:26:aa:cd:
                    9c:ca:1a:56:61:6f:86:00:60:1e:9a:09:84:35:43:
                    27:15:65:43:f4:57:0c:6b:cb:f2:f0:2a:37:83:ed:
                    b6:20:f8:40:02:ca:95:38:fa:8b:1c:15:b3:5c:c1:
                    53:e0:89:0b:8b:b5:c6:f0:f5:a4:52:a8:d5:dd:84:
                    fd:df:82:bc:90:83:41:79:4f:73:37:08:c8:c9:d3:
                    29:ed:67:7c:2f:8a:28:58:5d:d8:0d:b9:f9:29:b4:
                    1d:0b:83:6d:29:de:9c:4c:6b:52:bd:63:28:cc:e5:
                    82:ed:26:ba:74:82:61:6c:58:ee:72:8d:6b:f0:9f:
                    bd:36:8c:e9:16:28:82:b1:a3:bc:f8:40:ff:fa:12:
                    84:99:70:26:c0:7b:f6:b8:11:36:c0:83:1a:f3:2a:
                    80:9c:4b:11:85:ae:f1:d6:06:8e:80:b4:56:c4:8e:
                    35:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:42:72:74:11:F1:56:5F:AF:FF:4C:F5:CD:43:FC:74:AC:51:9A:58
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/803133e2-b46b-4dbc-9fc8-0014c2592315.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf5:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         08:66:fc:94:12:43:a7:f0:c6:10:d3:64:af:bb:14:b2:a9:32:
         2f:7c:a2:7d:19:91:24:37:73:a4:84:94:e2:79:10:df:60:ee:
         9d:f0:23:63:11:ae:5f:61:c7:3a:b4:e8:19:ff:82:bc:37:5a:
         62:91:5e:05:3c:81:05:a7:8a:33:8e:ab:3f:29:4a:f6:68:74:
         b5:f6:21:49:01:e1:83:81:f1:3f:4b:40:34:ef:9e:ae:d6:88:
         d9:21:d6:fc:c6:8a:88:28:28:c6:4d:92:c3:b3:d6:88:9c:7a:
         8a:86:64:61:e8:20:47:b3:79:42:10:11:8d:0d:92:aa:31:34:
         a3:72:a2:12:ca:70:a6:e4:4c:57:85:3f:58:77:4b:07:7c:cd:
         85:da:2f:bd:af:49:de:0d:2b:65:7b:66:7e:d4:24:2d:e0:a7:
         0c:f3:06:9b:5b:cb:ef:4e:1e:87:57:03:e8:87:19:68:20:4d:
         f2:6e:38:05:ca:00:18:b7:f1:3c:58:4e:2b:8c:82:ad:f9:b8:
         88:d0:ac:5a:8c:84:62:4a:12:3f:4c:26:09:2d:61:ae:74:e1:
         59:25:04:f3:69:1a:ce:e7:41:78:cb:1c:32:5f:42:08:ae:21:
         84:f4:ea:09:b6:d8:2c:ac:d6:25:6d:e7:a2:5d:72:4c:05:a4:
         21:79:2f:20
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUNok0i00xiF9OPlq0qtz5qdE+HgcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEyNTAwMDAwMFoX
DTI1MDMwMTIzNTk1OVowejFJMEcGA1UEBRNANzQ0NzgyZjYyYzE1YzZlNDllYWYx
ZTRkMGFmYzkxNjc5M2UwNzU4NGU4ZGEyNzU2NjYyYmU1N2UwNzY2MDc5ZDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0k+HD69cft0sE3YAQNHuVayLpLza
okdz4IYg7PgY4FIh5LHTG+6T0gS1LjM0XoRvER8vPURcJh4HgxtYB9LgnCJPvUrX
AyThBIw6axYHbg/83acHahAmqs2cyhpWYW+GAGAemgmENUMnFWVD9FcMa8vy8Co3
g+22IPhAAsqVOPqLHBWzXMFT4IkLi7XG8PWkUqjV3YT934K8kINBeU9zNwjIydMp
7Wd8L4ooWF3YDbn5KbQdC4NtKd6cTGtSvWMozOWC7Sa6dIJhbFjuco1r8J+9Nozp
FiiCsaO8+ED/+hKEmXAmwHv2uBE2wIMa8yqAnEsRha7x1gaOgLRWxI41ZQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFA1CcnQR8VZfr/9M9c1D/HSsUZpYMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzgwMzEzM2UyLWI0NmItNGRiYy05ZmM4LTAwMTRjMjU5MjMxNS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba9UAwDQYJKoZIhvcNAQELBQADggEBAAhm/JQSQ6fwxhDTZK+7
FLKpMi98on0ZkSQ3c6SElOJ5EN9g7p3wI2MRrl9hxzq06Bn/grw3WmKRXgU8gQWn
ijOOqz8pSvZodLX2IUkB4YOB8T9LQDTvnq7WiNkh1vzGiogoKMZNksOz1oiceoqG
ZGHoIEezeUIQEY0NkqoxNKNyohLKcKbkTFeFP1h3Swd8zYXaL72vSd4NK2V7Zn7U
JC3gpwzzBptby+9OHodXA+iHGWggTfJuOAXKABi38TxYTiuMgq35uIjQrFqMhGJK
Ej9MJgktYa504VklBPNpGs7nQXjLHDJfQgiuIYT06gm22Cys1iVt56JdckwFpCF5
LyA=
-----END CERTIFICATE-----