Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/84ce14d5-7bf8-4610-8dae-0f2ea4ce82be.roa
File:                     84ce14d5-7bf8-4610-8dae-0f2ea4ce82be.roa (raw, json)
Hash identifier:          a9/rLk0JHw+YO0HfjifSxgoTZc78pIqfzJnY5yADTWQ=
Subject key identifier:   B4:17:FD:E5:3D:F4:8A:F6:FA:6A:A6:00:82:59:FA:78:2A:22:90:37
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       07E3DC4E1730F6A20D02C44C8F4572120B7F83D1
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/84ce14d5-7bf8-4610-8dae-0f2ea4ce82be.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf2:80c0::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:e3:dc:4e:17:30:f6:a2:0d:02:c4:4c:8f:45:72:12:0b:7f:83:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=5829c503bba2bd23c1c139ec79fe59c3132cff305e83f7e2d9d25b9abae3f0e2, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:ce:d1:d0:05:77:3d:aa:15:5d:43:ec:bc:33:
                    dc:78:39:46:4b:8f:fe:93:49:e2:70:e2:df:3d:e7:
                    7b:f7:d8:86:a3:f7:96:90:51:a0:34:a0:9e:dd:cd:
                    84:26:fd:b8:1d:22:37:b7:aa:4b:e5:6f:fa:5a:4b:
                    ee:e6:29:cc:8b:3d:21:8b:88:7f:4e:48:5a:e0:e2:
                    bf:54:d7:78:20:a6:8d:d4:b5:cc:f6:34:4f:e6:71:
                    e3:80:52:53:63:6d:7a:f2:cb:8b:39:f2:24:3d:18:
                    5b:d1:a4:42:c6:d7:ef:14:01:17:95:b3:f6:e3:14:
                    c8:b7:3a:7e:fd:ce:07:de:da:73:69:c0:ea:68:1e:
                    aa:27:be:32:55:80:44:94:37:4b:ba:5d:4f:e8:d0:
                    71:57:71:7b:c3:86:2b:c0:4a:a5:d4:6a:c1:98:e0:
                    80:cf:ed:69:d5:74:4a:fc:4e:e0:01:11:45:4e:14:
                    b6:39:f8:75:69:0b:bc:91:e6:7d:ff:48:46:3d:c5:
                    77:04:11:4f:e9:e6:7a:65:20:be:7b:d3:0f:c8:9e:
                    04:43:ff:63:21:bc:e1:59:10:b4:9c:e2:c1:ea:42:
                    55:dd:29:a1:71:76:8e:c3:d7:48:c2:cf:00:09:18:
                    cc:bb:1e:c6:de:37:5c:85:d4:41:bc:fd:83:3b:c3:
                    4a:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:17:FD:E5:3D:F4:8A:F6:FA:6A:A6:00:82:59:FA:78:2A:22:90:37
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/84ce14d5-7bf8-4610-8dae-0f2ea4ce82be.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf2:80c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         8a:44:32:2e:6e:12:1a:91:d9:ed:ab:d4:7b:c0:07:2d:73:58:
         11:33:be:a6:62:4e:5f:7f:02:7c:66:36:0b:20:10:81:75:e0:
         04:e2:44:0e:96:2a:0f:87:39:f0:39:99:8a:13:15:16:5c:66:
         aa:ac:5c:4f:4a:d5:c9:1d:32:ff:8c:39:0c:42:d1:72:c9:b3:
         45:1c:6f:54:b5:fb:d3:fa:78:6c:8d:47:48:bd:af:cc:4d:2b:
         f3:04:ad:f5:dd:d1:e0:5a:ae:cf:b8:76:a0:96:2e:2c:b8:e2:
         b3:60:1b:c6:f5:8a:97:79:12:a0:51:08:58:24:c7:f4:8f:a3:
         02:5e:e1:ce:9e:83:11:93:e3:47:60:69:ad:e3:af:41:bb:ca:
         01:fc:35:ef:74:35:c7:4c:92:08:eb:c2:4a:dc:52:81:e4:a6:
         2e:88:16:72:64:de:cd:5c:b8:16:0e:2c:c0:f8:bc:a5:e0:34:
         44:a5:0f:26:28:63:8f:66:51:3a:20:93:f9:fa:df:6d:86:83:
         92:48:07:a8:e7:0c:05:c6:27:65:82:1d:67:2a:e9:54:27:02:
         60:45:a3:91:f7:35:68:5f:a7:05:5c:10:4f:f5:fd:f4:93:c5:
         a4:c7:eb:8d:00:a7:45:94:31:66:b6:a8:01:ec:3c:41:fe:86:
         84:c4:69:d4
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUB+PcThcw9qINAsRMj0VyEgt/g9EwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNANTgyOWM1MDNiYmEyYmQyM2MxYzEz
OWVjNzlmZTU5YzMxMzJjZmYzMDVlODNmN2UyZDlkMjViOWFiYWUzZjBlMjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4M7R0AV3PaoVXUPsvDPceDlGS4/+
k0nicOLfPed799iGo/eWkFGgNKCe3c2EJv24HSI3t6pL5W/6Wkvu5inMiz0hi4h/
Tkha4OK/VNd4IKaN1LXM9jRP5nHjgFJTY2168suLOfIkPRhb0aRCxtfvFAEXlbP2
4xTItzp+/c4H3tpzacDqaB6qJ74yVYBElDdLul1P6NBxV3F7w4YrwEql1GrBmOCA
z+1p1XRK/E7gARFFThS2Ofh1aQu8keZ9/0hGPcV3BBFP6eZ6ZSC+e9MPyJ4EQ/9j
IbzhWRC0nOLB6kJV3SmhcXaOw9dIws8ACRjMux7G3jdchdRBvP2DO8NKvwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFLQX/eU99Ir2+mqmAIJZ+ngqIpA3MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
Lzg0Y2UxNGQ1LTdiZjgtNDYxMC04ZGFlLTBmMmVhNGNlODJiZS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAba8oDAMA0GCSqGSIb3DQEBCwUAA4IBAQCKRDIubhIakdntq9R7
wActc1gRM76mYk5ffwJ8ZjYLIBCBdeAE4kQOlioPhznwOZmKExUWXGaqrFxPStXJ
HTL/jDkMQtFyybNFHG9UtfvT+nhsjUdIva/MTSvzBK313dHgWq7PuHagli4suOKz
YBvG9YqXeRKgUQhYJMf0j6MCXuHOnoMRk+NHYGmt469Bu8oB/DXvdDXHTJII68JK
3FKB5KYuiBZyZN7NXLgWDizA+Lyl4DREpQ8mKGOPZlE6IJP5+t9thoOSSAeo5wwF
xidlgh1nKulUJwJgRaOR9zVoX6cFXBBP9f30k8Wkx+uNAKdFlDFmtqgB7DxB/oaE
xGnU
-----END CERTIFICATE-----