Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/92a734ef-a252-48bc-a799-25426b153989.roa
File:                     92a734ef-a252-48bc-a799-25426b153989.roa (raw, json)
Hash identifier:          aMd1BAnGJNwxD/0kF2paHYB9/ufFCgxzng0NGKuV+cA=
Subject key identifier:   90:8D:CD:58:D9:10:AB:01:28:40:88:4E:09:59:E4:02:C3:06:BB:3D
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       401DF519D8AA03AEC7E2B35D846E33378BDE985B
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/92a734ef-a252-48bc-a799-25426b153989.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da61:f000::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:1d:f5:19:d8:aa:03:ae:c7:e2:b3:5d:84:6e:33:37:8b:de:98:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=632f57d352b295874c4c99efe58b4d15bb67d35ea6c7f981b5d5318c89fe5dde, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:72:0f:56:82:cf:48:1d:a2:9f:2f:1d:91:ea:
                    7b:e8:dc:c9:2d:e4:e0:c9:71:ad:d5:91:3c:9a:9b:
                    78:9f:55:cb:31:21:7a:4b:fd:05:4e:16:75:c3:df:
                    79:7d:46:4d:cb:d7:dc:33:5d:f9:b4:17:b6:d7:f9:
                    38:e1:b3:f3:1e:44:3a:5d:96:99:fb:b8:25:be:56:
                    e9:ff:20:49:17:37:c6:27:2c:70:ff:29:56:ae:d3:
                    46:91:68:68:af:d4:fe:48:81:c6:91:58:e2:5a:a6:
                    72:84:0b:da:0f:64:87:27:66:10:73:d0:f6:c5:57:
                    22:ed:ce:90:f7:99:63:04:af:ab:38:7d:55:f6:33:
                    e7:eb:58:ce:bc:62:1e:b4:55:ac:0d:b3:da:a6:35:
                    e7:f5:f4:50:c8:08:40:98:34:d7:f6:ff:6a:f1:6d:
                    e0:31:e4:45:1d:5a:59:1e:1d:a8:b3:b8:04:fa:bd:
                    41:b1:3f:06:9a:e2:d9:30:1c:49:f1:1b:d2:94:1d:
                    dc:b7:cb:51:e4:e0:1b:ec:ba:b9:ae:66:ed:4c:53:
                    89:26:f4:b9:a2:d1:88:c5:c3:ce:2b:38:c2:23:2b:
                    4b:9f:6c:a3:4e:b6:aa:0f:cb:f9:3e:fc:0e:75:a0:
                    bc:b3:10:b2:46:c7:7d:5b:6b:3e:f2:a2:ef:d0:b3:
                    32:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:8D:CD:58:D9:10:AB:01:28:40:88:4E:09:59:E4:02:C3:06:BB:3D
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/92a734ef-a252-48bc-a799-25426b153989.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da61:f000::/40

    Signature Algorithm: sha256WithRSAEncryption
         1e:99:9e:5f:61:36:e2:2e:e7:3d:04:b1:af:40:01:89:a6:f3:
         9e:80:cf:6d:10:b8:f4:a3:41:00:41:97:29:e9:94:26:be:b9:
         31:33:b0:83:82:f9:5a:d2:bf:6b:da:a0:98:56:0b:cb:2c:cd:
         12:df:31:45:03:aa:e5:47:5f:f6:95:43:88:4a:4a:81:d8:51:
         db:9e:d5:80:70:ad:ea:52:22:af:47:10:d8:e1:02:da:cf:a9:
         d4:90:84:d3:ce:69:13:ec:11:b3:4f:61:47:c3:08:8d:1a:81:
         27:3c:e1:f2:a2:28:ed:99:19:28:fb:de:14:29:72:0a:8c:d3:
         7b:0a:ea:02:4d:df:cd:95:c3:7e:85:5d:8f:b5:39:d6:11:9c:
         cd:6d:48:08:62:fe:c6:89:d7:2b:14:7f:6e:6b:82:83:89:8f:
         72:0b:81:83:e9:3b:44:7c:c5:15:4d:2b:0f:21:ff:0f:66:00:
         42:4a:38:eb:5d:c4:3d:d0:8e:a3:8e:dc:84:df:fe:2e:e9:33:
         ff:ca:88:a7:d6:37:d4:55:62:c9:a2:af:98:69:75:5f:b8:1e:
         d5:81:9c:24:3b:f7:90:a4:1b:55:bf:72:30:09:fa:8c:b4:a3:
         b9:e4:6d:72:cb:6c:ae:e6:50:32:22:f9:9f:f5:bd:cc:5d:55:
         ee:98:2f:16
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUQB31GdiqA67H4rNdhG4zN4vemFswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNANjMyZjU3ZDM1MmIyOTU4NzRjNGM5
OWVmZTU4YjRkMTViYjY3ZDM1ZWE2YzdmOTgxYjVkNTMxOGM4OWZlNWRkZTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9XIPVoLPSB2iny8dkep76NzJLeTg
yXGt1ZE8mpt4n1XLMSF6S/0FThZ1w995fUZNy9fcM135tBe21/k44bPzHkQ6XZaZ
+7glvlbp/yBJFzfGJyxw/ylWrtNGkWhor9T+SIHGkVjiWqZyhAvaD2SHJ2YQc9D2
xVci7c6Q95ljBK+rOH1V9jPn61jOvGIetFWsDbPapjXn9fRQyAhAmDTX9v9q8W3g
MeRFHVpZHh2os7gE+r1BsT8GmuLZMBxJ8RvSlB3ct8tR5OAb7Lq5rmbtTFOJJvS5
otGIxcPOKzjCIytLn2yjTraqD8v5PvwOdaC8sxCyRsd9W2s+8qLv0LMylwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFJCNzVjZEKsBKECITglZ5ALDBrs9MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzkyYTczNGVmLWEyNTItNDhiYy1hNzk5LTI1NDI2YjE1Mzk4OS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaYfAwDQYJKoZIhvcNAQELBQADggEBAB6Znl9hNuIu5z0Esa9A
AYmm856Az20QuPSjQQBBlynplCa+uTEzsIOC+VrSv2vaoJhWC8sszRLfMUUDquVH
X/aVQ4hKSoHYUdue1YBwrepSIq9HENjhAtrPqdSQhNPOaRPsEbNPYUfDCI0agSc8
4fKiKO2ZGSj73hQpcgqM03sK6gJN382Vw36FXY+1OdYRnM1tSAhi/saJ1ysUf25r
goOJj3ILgYPpO0R8xRVNKw8h/w9mAEJKOOtdxD3QjqOO3ITf/i7pM//KiKfWN9RV
Ysmir5hpdV+4HtWBnCQ795CkG1W/cjAJ+oy0o7nkbXLLbK7mUDIi+Z/1vcxdVe6Y
LxY=
-----END CERTIFICATE-----