Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8f22e1b8-adb1-42d2-8c89-7ceb3d7cecb8.roa
File:                     8f22e1b8-adb1-42d2-8c89-7ceb3d7cecb8.roa (raw, json)
Hash identifier:          GckZRmRV+5oO3Yz7rz38W+/svPZ1wo7S6Nh1kBJwTZc=
Subject key identifier:   43:20:B2:AE:49:70:3F:87:C2:B9:8B:1D:A3:E9:B8:89:48:B9:3A:D7
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       6C1136969FA76959FEF446F81838796696431A56
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8f22e1b8-adb1-42d2-8c89-7ceb3d7cecb8.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da68:9000::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:11:36:96:9f:a7:69:59:fe:f4:46:f8:18:38:79:66:96:43:1a:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=86de3c63b69675760af3ed88c1043c11289c86573239827dbaa0216b251f9513, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:79:ca:3f:f3:b0:3f:75:23:54:fb:62:e2:e7:
                    5a:8c:d4:63:1e:6f:8a:0b:86:b4:c8:dd:3d:2f:7a:
                    01:c1:07:16:7d:d0:b8:a0:f9:18:4b:41:46:5b:0b:
                    a8:73:7a:2b:26:12:04:7b:87:b3:f8:f0:bc:c8:5b:
                    ac:af:d7:34:7e:53:bb:b1:4f:ca:88:45:47:44:e8:
                    09:cf:4e:07:ac:7d:a0:ba:b9:45:a1:b7:22:c4:21:
                    38:33:be:2e:f4:76:13:49:85:b2:23:e8:16:ab:d7:
                    66:4e:8e:00:91:ff:3b:d5:e7:87:ab:e9:5a:d5:69:
                    34:0d:7d:10:d0:6e:55:f7:cb:14:32:43:45:02:8e:
                    47:d3:d4:b8:b3:4a:46:a2:25:2f:9e:84:66:cb:c3:
                    a0:99:3b:26:25:3a:17:06:cc:97:5f:b4:2c:52:2c:
                    26:94:c3:6a:b5:79:82:47:af:a4:c7:06:93:ec:ac:
                    05:c1:ac:b8:7a:87:d3:e8:0f:57:b0:20:47:ef:14:
                    3f:6c:6a:b3:85:e9:81:0d:5a:d7:cd:4b:16:b2:39:
                    96:c2:f5:52:74:48:6a:c3:47:c3:dc:2f:d0:d7:39:
                    5f:00:4e:a6:c5:fa:ad:87:fa:ee:39:16:c5:2c:fc:
                    34:0a:d8:18:54:6d:b6:27:55:f1:5d:d6:3d:5d:bd:
                    ff:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:20:B2:AE:49:70:3F:87:C2:B9:8B:1D:A3:E9:B8:89:48:B9:3A:D7
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8f22e1b8-adb1-42d2-8c89-7ceb3d7cecb8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da68:9000::/40

    Signature Algorithm: sha256WithRSAEncryption
         10:e3:f5:22:a4:f3:ef:a3:2d:51:03:81:75:46:da:bb:1b:82:
         fd:fb:13:b7:d0:20:29:84:c6:06:e4:d1:3f:36:e0:9e:fe:72:
         6c:a7:76:ab:25:ed:71:b6:56:95:6d:d6:07:58:85:20:f1:b4:
         8a:51:ea:a6:03:9e:b9:e7:25:37:1e:6a:95:08:6c:b7:3e:80:
         3f:6f:cb:42:73:ea:ad:61:3e:6e:06:f9:ad:4d:7d:09:f1:da:
         1f:31:6b:4a:cc:f9:6d:4b:63:eb:cc:8f:71:b5:5c:ca:f8:ae:
         ed:bb:5e:a2:ea:65:ca:d6:5f:59:aa:ce:e8:37:79:3d:b1:10:
         b6:48:3d:b5:e6:87:9c:57:b4:b7:de:a1:fd:06:5f:6d:d8:a5:
         40:d2:10:25:21:52:cc:07:40:90:0c:18:03:86:49:f6:39:0d:
         7c:13:66:90:39:ac:bf:8f:6e:84:a8:0b:0a:a4:4c:99:59:9d:
         0f:dd:3b:92:1c:08:40:81:b6:77:83:78:c8:a9:17:08:ca:81:
         fa:73:e4:20:03:39:44:65:01:30:8e:27:e4:bd:dd:4b:0f:e7:
         48:a2:de:ab:d1:ba:81:09:fb:3d:e7:c2:d2:84:a1:f0:46:5f:
         5b:31:96:27:9d:1e:10:b8:e6:8e:ed:40:0f:8a:fe:54:2f:cb:
         30:96:48:e0
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUbBE2lp+naVn+9Eb4GDh5ZpZDGlYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDExMzAwMDAwMFoX
DTI1MDIxNzIzNTk1OVowejFJMEcGA1UEBRNAODZkZTNjNjNiNjk2NzU3NjBhZjNl
ZDg4YzEwNDNjMTEyODljODY1NzMyMzk4MjdkYmFhMDIxNmIyNTFmOTUxMzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApHnKP/OwP3UjVPti4udajNRjHm+K
C4a0yN09L3oBwQcWfdC4oPkYS0FGWwuoc3orJhIEe4ez+PC8yFusr9c0flO7sU/K
iEVHROgJz04HrH2gurlFobcixCE4M74u9HYTSYWyI+gWq9dmTo4Akf871eeHq+la
1Wk0DX0Q0G5V98sUMkNFAo5H09S4s0pGoiUvnoRmy8OgmTsmJToXBsyXX7QsUiwm
lMNqtXmCR6+kxwaT7KwFway4eofT6A9XsCBH7xQ/bGqzhemBDVrXzUsWsjmWwvVS
dEhqw0fD3C/Q1zlfAE6mxfqth/ruORbFLPw0CtgYVG22J1XxXdY9Xb3/swIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFEMgsq5JcD+HwrmLHaPpuIlIuTrXMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzhmMjJlMWI4LWFkYjEtNDJkMi04Yzg5LTdjZWIzZDdjZWNiOC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaaJAwDQYJKoZIhvcNAQELBQADggEBABDj9SKk8++jLVEDgXVG
2rsbgv37E7fQICmExgbk0T824J7+cmyndqsl7XG2VpVt1gdYhSDxtIpR6qYDnrnn
JTceapUIbLc+gD9vy0Jz6q1hPm4G+a1NfQnx2h8xa0rM+W1LY+vMj3G1XMr4ru27
XqLqZcrWX1mqzug3eT2xELZIPbXmh5xXtLfeof0GX23YpUDSECUhUswHQJAMGAOG
SfY5DXwTZpA5rL+PboSoCwqkTJlZnQ/dO5IcCECBtneDeMipFwjKgfpz5CADOURl
ATCOJ+S93UsP50ii3qvRuoEJ+z3nwtKEofBGX1sxliedHhC45o7tQA+K/lQvyzCW
SOA=
-----END CERTIFICATE-----