Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8bd7eded-c7ab-48c4-8c04-ddd5ef73c985.roa
File:                     8bd7eded-c7ab-48c4-8c04-ddd5ef73c985.roa (raw, json)
Hash identifier:          R/rB6g4q8+9PIXoCr0Wwl6IGKyFdl2mjZ8qQeQB8Atc=
Subject key identifier:   E5:84:CC:73:AF:6D:34:4F:81:CA:74:6E:98:0F:62:89:87:78:42:6B
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       329CD4DDECBF9EA5E7FDEFF8D4FBEA20A814C52C
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8bd7eded-c7ab-48c4-8c04-ddd5ef73c985.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da11::/36 maxlen: 36
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:9c:d4:dd:ec:bf:9e:a5:e7:fd:ef:f8:d4:fb:ea:20:a8:14:c5:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=d8281515b6942fea75e20147380d9faee062b82eb4dd5866f15611cf566da5e6, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:41:2b:d7:8c:79:c9:bb:08:c2:e0:c0:da:ec:
                    26:30:cb:d7:e6:08:63:90:9a:1b:ac:de:45:3f:ed:
                    04:33:e5:cb:ec:52:01:d8:12:80:36:1c:8b:f8:f5:
                    20:89:a7:83:c7:33:f2:2c:29:c8:19:47:fe:e1:f0:
                    31:11:36:fe:49:99:97:51:c6:36:0f:6f:98:f6:74:
                    49:d9:16:00:cd:27:c5:38:30:47:64:e5:18:6a:d4:
                    96:e9:59:73:74:e8:16:d1:4e:f6:18:70:2c:1f:1a:
                    66:50:d3:83:f4:84:74:ee:58:45:9c:fe:2b:b0:99:
                    20:39:d3:c2:31:67:c8:68:ed:33:1f:d4:ec:d1:d1:
                    91:74:22:84:e5:09:75:79:bf:fd:58:f7:13:18:05:
                    c4:d2:f6:36:5b:c4:f8:bc:c4:a9:87:ad:dc:35:eb:
                    ac:4c:be:c8:2b:b2:c9:70:43:a9:6d:e2:03:30:d7:
                    8b:17:0d:e6:63:9b:40:16:50:14:2e:2c:82:1b:82:
                    67:7b:0b:cc:7a:e6:4b:0e:e1:b0:8e:ce:9f:f7:35:
                    31:79:f5:13:19:4b:26:4e:77:9a:f6:ac:8d:61:3f:
                    e3:79:7c:cf:67:e1:70:12:6c:7a:14:b3:37:14:92:
                    ba:b1:87:bd:97:c8:92:2f:64:b3:85:bb:14:75:81:
                    7f:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:84:CC:73:AF:6D:34:4F:81:CA:74:6E:98:0F:62:89:87:78:42:6B
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8bd7eded-c7ab-48c4-8c04-ddd5ef73c985.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da11::/36

    Signature Algorithm: sha256WithRSAEncryption
         83:a2:44:ef:4b:38:90:e6:0f:12:2f:52:e8:ee:1f:08:fe:ef:
         60:72:bb:5f:4b:69:81:75:52:cb:01:85:37:b9:42:99:ae:57:
         cc:aa:88:6c:9e:a4:8f:c1:bc:7f:61:b1:7a:f6:81:d8:f2:99:
         7f:a6:c8:d4:b8:8c:7c:50:7e:e0:90:52:67:94:9f:a2:6b:2a:
         2a:1b:3f:6f:f3:c3:10:18:39:98:5c:3d:31:07:81:39:51:66:
         49:e9:be:e5:43:df:e7:66:ed:81:f4:2c:f0:c8:df:59:8a:c4:
         b4:aa:38:f8:fc:ef:5e:0c:e0:e2:79:b1:5c:a7:8b:97:54:bd:
         f5:64:5b:ba:8e:a4:dc:1d:62:44:45:8a:39:5d:51:f8:7a:9b:
         39:94:9a:4f:e6:9b:ea:a7:5d:07:64:bf:01:55:fb:19:7c:8a:
         c2:e4:92:7b:84:d2:9d:0f:d3:47:b4:00:ed:0c:1b:65:b1:41:
         b0:3f:8b:43:94:d5:44:42:18:b4:ef:02:9b:d8:95:68:c7:3b:
         5b:93:5e:73:76:49:91:cf:bb:1f:73:0d:8b:83:b4:f7:b8:81:
         2b:f6:0a:96:15:47:97:ef:60:e6:9a:1c:9f:6e:5a:48:b4:20:
         6a:61:bb:72:41:66:91:a1:11:31:10:57:89:c2:4f:bd:cb:17:
         3a:24:b0:0a
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUMpzU3ey/nqXn/e/41PvqIKgUxSwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNAZDgyODE1MTViNjk0MmZlYTc1ZTIw
MTQ3MzgwZDlmYWVlMDYyYjgyZWI0ZGQ1ODY2ZjE1NjExY2Y1NjZkYTVlNjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUEr14x5ybsIwuDA2uwmMMvX5ghj
kJobrN5FP+0EM+XL7FIB2BKANhyL+PUgiaeDxzPyLCnIGUf+4fAxETb+SZmXUcY2
D2+Y9nRJ2RYAzSfFODBHZOUYatSW6VlzdOgW0U72GHAsHxpmUNOD9IR07lhFnP4r
sJkgOdPCMWfIaO0zH9Ts0dGRdCKE5Ql1eb/9WPcTGAXE0vY2W8T4vMSph63cNeus
TL7IK7LJcEOpbeIDMNeLFw3mY5tAFlAULiyCG4JnewvMeuZLDuGwjs6f9zUxefUT
GUsmTnea9qyNYT/jeXzPZ+FwEmx6FLM3FJK6sYe9l8iSL2SzhbsUdYF/1wIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFOWEzHOvbTRPgcp0bpgPYomHeEJrMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzhiZDdlZGVkLWM3YWItNDhjNC04YzA0LWRkZDVlZjczYzk4NS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYEJAbaEQAwDQYJKoZIhvcNAQELBQADggEBAIOiRO9LOJDmDxIvUuju
Hwj+72Byu19LaYF1UssBhTe5QpmuV8yqiGyepI/BvH9hsXr2gdjymX+myNS4jHxQ
fuCQUmeUn6JrKiobP2/zwxAYOZhcPTEHgTlRZknpvuVD3+dm7YH0LPDI31mKxLSq
OPj8714M4OJ5sVyni5dUvfVkW7qOpNwdYkRFijldUfh6mzmUmk/mm+qnXQdkvwFV
+xl8isLkknuE0p0P00e0AO0MG2WxQbA/i0OU1URCGLTvApvYlWjHO1uTXnN2SZHP
ux9zDYuDtPe4gSv2CpYVR5fvYOaaHJ9uWki0IGphu3JBZpGhETEQV4nCT73LFzok
sAo=
-----END CERTIFICATE-----