Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8bb4fc6d-b270-4df7-a776-77d2795dda17.roa
File:                     8bb4fc6d-b270-4df7-a776-77d2795dda17.roa (raw, json)
Hash identifier:          eA86myOJnZx+CeGnDcl3KMKfHMnbAqTVjSnPGO3UHN4=
Subject key identifier:   59:3D:CC:91:C2:60:E8:84:A7:0E:33:20:C4:CA:96:83:25:BC:BF:85
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       43A07113615DC608B29F901A91DA58E95713392A
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8bb4fc6d-b270-4df7-a776-77d2795dda17.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da16:c00::/38 maxlen: 38
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:a0:71:13:61:5d:c6:08:b2:9f:90:1a:91:da:58:e9:57:13:39:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=704c3a874c538721111f08bedb94c5e6ba011f9a00f2230b6b17fa186b3f3b29, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:31:7f:54:ae:3e:a4:09:c8:d3:0b:93:f6:2a:
                    cc:1c:72:fa:cf:98:82:40:1b:67:1f:dd:fa:0b:bb:
                    1d:7a:a2:fa:0e:4f:44:b7:46:b7:6d:2f:3b:92:4c:
                    cd:a7:e7:18:3e:96:fe:ec:38:91:0b:f9:16:22:f5:
                    4c:07:91:87:6e:ea:a7:67:0e:ce:ed:cd:4f:00:e5:
                    e9:89:3c:8f:1a:fa:be:6b:e6:78:e6:0f:3d:a8:4d:
                    ea:77:68:44:d2:80:a7:a3:80:d2:7e:86:c7:34:40:
                    20:2d:4e:40:46:34:53:77:e3:ed:00:9a:87:cb:28:
                    59:70:f2:b6:ce:e3:63:cd:de:f4:16:bf:5f:99:54:
                    d3:0a:b0:3a:15:f8:7e:9e:12:89:2c:e7:09:5a:af:
                    66:fb:74:35:5e:81:00:1a:31:b6:0c:07:cf:a0:72:
                    e5:be:ae:be:fc:1b:bd:9a:b7:87:2a:35:ff:6f:da:
                    27:db:57:b5:c5:5a:65:53:68:e5:27:3a:2c:fb:2d:
                    3d:5f:a7:45:f0:64:e5:39:e8:f9:64:75:ad:32:cc:
                    fb:a6:c8:4a:7c:22:e9:f7:90:52:1e:85:3a:df:83:
                    6f:1f:89:41:ba:b8:96:fa:4a:e2:34:a4:af:53:6e:
                    d3:15:fc:5e:40:a7:d8:dd:39:d0:34:f6:d4:16:2c:
                    1a:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:3D:CC:91:C2:60:E8:84:A7:0E:33:20:C4:CA:96:83:25:BC:BF:85
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8bb4fc6d-b270-4df7-a776-77d2795dda17.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da16:c00::/38

    Signature Algorithm: sha256WithRSAEncryption
         a7:9d:5e:63:27:38:c2:47:0b:6a:f4:f1:28:cc:1f:d5:a5:ae:
         6a:dc:a2:87:df:91:f1:13:e2:85:44:51:18:63:26:f6:d9:71:
         d4:02:33:fd:a0:9c:50:cf:5d:6c:a0:5d:d5:55:71:46:61:f0:
         4a:93:d2:bb:0e:77:b4:80:72:88:ea:a4:81:83:a9:41:1b:40:
         a3:bc:ff:9a:81:9c:51:67:79:e1:82:bd:2a:f9:fc:b9:b5:ba:
         08:76:3b:e2:9e:af:46:4d:39:13:7a:04:9b:9e:b9:eb:84:56:
         b5:19:f4:48:ad:6a:a8:4c:9e:53:52:7a:41:e4:d6:d3:dc:55:
         94:95:d2:e1:75:e8:ea:02:07:81:30:64:b2:cb:05:60:57:de:
         20:91:86:e2:d7:b2:1f:49:47:00:cc:47:45:9e:76:6f:9b:71:
         77:84:e3:5f:94:c5:c2:24:18:e6:d4:f0:b5:c8:46:d0:c8:36:
         e6:d3:b5:74:ba:e4:e2:5c:7b:03:c6:5e:d0:c8:3a:cd:38:83:
         5a:df:8b:cd:12:03:54:89:44:76:85:a3:49:59:8d:bd:a8:d3:
         11:2a:79:b8:0a:a2:89:1f:69:52:d2:b2:77:bf:cb:b8:9f:45:
         a1:ef:5d:39:5d:ce:d8:8a:42:d3:bc:c8:82:db:24:62:5e:4c:
         12:d2:30:fb
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUQ6BxE2Fdxgiyn5AakdpY6VcTOSowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNANzA0YzNhODc0YzUzODcyMTExMWYw
OGJlZGI5NGM1ZTZiYTAxMWY5YTAwZjIyMzBiNmIxN2ZhMTg2YjNmM2IyOTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTF/VK4+pAnI0wuT9irMHHL6z5iC
QBtnH936C7sdeqL6Dk9Et0a3bS87kkzNp+cYPpb+7DiRC/kWIvVMB5GHbuqnZw7O
7c1PAOXpiTyPGvq+a+Z45g89qE3qd2hE0oCno4DSfobHNEAgLU5ARjRTd+PtAJqH
yyhZcPK2zuNjzd70Fr9fmVTTCrA6Ffh+nhKJLOcJWq9m+3Q1XoEAGjG2DAfPoHLl
vq6+/Bu9mreHKjX/b9on21e1xVplU2jlJzos+y09X6dF8GTlOej5ZHWtMsz7pshK
fCLp95BSHoU634NvH4lBuriW+kriNKSvU27TFfxeQKfY3TnQNPbUFiwaeQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFFk9zJHCYOiEpw4zIMTKloMlvL+FMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzhiYjRmYzZkLWIyNzAtNGRmNy1hNzc2LTc3ZDI3OTVkZGExNy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYCJAbaFgwwDQYJKoZIhvcNAQELBQADggEBAKedXmMnOMJHC2r08SjM
H9WlrmrcooffkfET4oVEURhjJvbZcdQCM/2gnFDPXWygXdVVcUZh8EqT0rsOd7SA
cojqpIGDqUEbQKO8/5qBnFFneeGCvSr5/Lm1ugh2O+Ker0ZNORN6BJueueuEVrUZ
9EitaqhMnlNSekHk1tPcVZSV0uF16OoCB4EwZLLLBWBX3iCRhuLXsh9JRwDMR0We
dm+bcXeE41+UxcIkGObU8LXIRtDINubTtXS65OJcewPGXtDIOs04g1rfi80SA1SJ
RHaFo0lZjb2o0xEqebgKookfaVLSsne/y7ifRaHvXTldztiKQtO8yILbJGJeTBLS
MPs=
-----END CERTIFICATE-----