Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8c6b3e2f-c441-4d2e-a3fb-511aebd72aa2.roa
File:                     8c6b3e2f-c441-4d2e-a3fb-511aebd72aa2.roa (raw, json)
Hash identifier:          l3r1TNhNNOVvyh7nfvJQRw1l6zs1+GXDpm8OgmmZghU=
Subject key identifier:   E2:99:12:E9:98:9B:86:99:0F:91:C9:55:D3:70:11:EE:3E:F9:55:7D
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       30C21EC2710EF227CA9467306F9AA7712BDDD1C6
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8c6b3e2f-c441-4d2e-a3fb-511aebd72aa2.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daff:2040::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:c2:1e:c2:71:0e:f2:27:ca:94:67:30:6f:9a:a7:71:2b:dd:d1:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=d1a8735b2b5acb77877073c469de8d1039999a2a0a974f78c4af9189c65a4e2d, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:84:fb:c9:31:4d:a7:92:52:0b:44:50:2d:ca:
                    d7:28:cd:23:37:8b:9a:0a:a1:bb:fe:f2:81:40:3e:
                    42:59:a3:e6:66:95:cf:e2:31:f5:2f:6e:95:70:a4:
                    2f:85:f2:b8:80:90:28:c0:cb:1c:a2:72:f7:ce:ce:
                    5d:35:ce:0c:a0:79:24:ad:be:76:71:cf:0b:4b:4c:
                    f5:7c:04:27:ad:55:01:7d:a1:5f:b9:07:9a:b1:d9:
                    aa:df:e4:f5:a5:f4:79:93:52:15:fa:f0:00:5f:0c:
                    59:c3:a0:99:76:37:96:03:70:c9:7e:14:e5:27:67:
                    59:92:48:d0:06:b1:95:04:a0:85:cb:0e:05:43:5b:
                    eb:e4:6e:24:0f:7c:92:79:99:48:b7:01:16:4b:0f:
                    81:43:7c:14:82:61:94:a6:53:45:c4:ce:59:90:b9:
                    97:a1:71:41:9d:2b:da:d5:53:cb:87:a3:69:e0:64:
                    02:fb:ef:dd:ee:36:78:bc:b9:96:06:bb:7a:1b:02:
                    96:bd:33:2b:2e:7b:42:07:75:39:1d:58:56:79:df:
                    8a:e2:42:24:54:24:8a:49:d0:bc:7a:a2:82:be:e7:
                    aa:7e:60:a1:77:ed:e2:50:4f:83:a4:65:bb:a1:e1:
                    ae:16:51:7d:aa:a6:36:e7:3a:1d:73:91:7e:ef:5e:
                    fb:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:99:12:E9:98:9B:86:99:0F:91:C9:55:D3:70:11:EE:3E:F9:55:7D
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8c6b3e2f-c441-4d2e-a3fb-511aebd72aa2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daff:2040::/48

    Signature Algorithm: sha256WithRSAEncryption
         4d:f9:57:63:f7:f4:53:5a:0a:74:8c:3c:ea:99:a0:3e:5d:97:
         ff:ba:db:28:87:01:d4:ce:00:34:9b:a6:8b:3b:87:2e:00:62:
         d9:0b:7b:04:c4:2a:d2:81:9f:db:2a:a7:2d:b5:f2:b8:47:46:
         ef:b7:e9:01:5b:f9:19:2d:27:53:0c:99:92:3a:d7:a8:d7:cd:
         b6:28:06:57:cd:7b:a8:af:23:26:0a:80:e0:ce:7c:75:84:ab:
         8b:7f:59:6a:84:e4:ee:13:1c:5a:59:24:d0:68:cf:d8:05:58:
         79:95:d7:69:17:14:09:f3:f2:9b:83:f0:a2:45:16:fe:79:41:
         c3:1a:4d:5f:c8:1c:2d:13:ab:55:70:17:84:b9:ac:dc:17:da:
         4e:6f:3e:d0:86:8d:18:c0:95:75:64:f5:72:a0:0d:f3:3f:6d:
         16:00:c7:a3:2e:dc:b7:e8:99:74:c7:f2:e0:36:a5:78:34:0f:
         1a:e8:4a:38:f5:31:53:b0:d2:e3:58:bd:bb:63:6e:35:d9:0d:
         8a:a1:16:3a:74:23:04:90:ea:cf:b5:93:95:2f:93:0b:11:0e:
         9e:5f:55:94:bc:ea:f4:03:f0:e8:ea:7d:a9:a2:12:f4:b0:37:
         51:b7:39:e6:50:90:d6:72:31:13:6f:48:03:e1:c7:eb:6c:26:
         ee:7a:a3:de
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUMMIewnEO8ifKlGcwb5qncSvd0cYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNAZDFhODczNWIyYjVhY2I3Nzg3NzA3
M2M0NjlkZThkMTAzOTk5OWEyYTBhOTc0Zjc4YzRhZjkxODljNjVhNGUyZDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk4T7yTFNp5JSC0RQLcrXKM0jN4ua
CqG7/vKBQD5CWaPmZpXP4jH1L26VcKQvhfK4gJAowMsconL3zs5dNc4MoHkkrb52
cc8LS0z1fAQnrVUBfaFfuQeasdmq3+T1pfR5k1IV+vAAXwxZw6CZdjeWA3DJfhTl
J2dZkkjQBrGVBKCFyw4FQ1vr5G4kD3ySeZlItwEWSw+BQ3wUgmGUplNFxM5ZkLmX
oXFBnSva1VPLh6Np4GQC++/d7jZ4vLmWBrt6GwKWvTMrLntCB3U5HVhWed+K4kIk
VCSKSdC8eqKCvueqfmChd+3iUE+DpGW7oeGuFlF9qqY25zodc5F+7177AQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFOKZEumYm4aZD5HJVdNwEe4++VV9MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzhjNmIzZTJmLWM0NDEtNGQyZS1hM2ZiLTUxMWFlYmQ3MmFhMi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAba/yBAMA0GCSqGSIb3DQEBCwUAA4IBAQBN+Vdj9/RTWgp0jDzq
maA+XZf/utsohwHUzgA0m6aLO4cuAGLZC3sExCrSgZ/bKqcttfK4R0bvt+kBW/kZ
LSdTDJmSOteo1822KAZXzXuoryMmCoDgznx1hKuLf1lqhOTuExxaWSTQaM/YBVh5
lddpFxQJ8/Kbg/CiRRb+eUHDGk1fyBwtE6tVcBeEuazcF9pObz7Qho0YwJV1ZPVy
oA3zP20WAMejLty36Jl0x/LgNqV4NA8a6Eo49TFTsNLjWL27Y2412Q2KoRY6dCME
kOrPtZOVL5MLEQ6eX1WUvOr0A/Do6n2pohL0sDdRtznmUJDWcjETb0gD4cfrbCbu
eqPe
-----END CERTIFICATE-----