Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/97acb09e-a4ac-498b-bfa8-ff2d8da2bf3a.roa
File:                     97acb09e-a4ac-498b-bfa8-ff2d8da2bf3a.roa (raw, json)
Hash identifier:          U2l1Ydnj6kgI2JzI+aUkiRInlauAPqAwU+k6EjeqqeQ=
Subject key identifier:   E1:CC:A7:D4:13:57:DF:26:8F:23:84:2A:3B:23:DC:30:31:4B:35:F8
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       1B4C63BA298E892C5FC7562DE8D6DA2BED55FCD7
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/97acb09e-a4ac-498b-bfa8-ff2d8da2bf3a.roa
Signing time:             Mon 27 Jan 2025 00:00:00 +0000
ROA not before:           Mon 27 Jan 2025 00:00:00 +0000
ROA not after:            Mon 03 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da2b::/36 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:4c:63:ba:29:8e:89:2c:5f:c7:56:2d:e8:d6:da:2b:ed:55:fc:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan 27 00:00:00 2025 GMT
            Not After : Mar  3 23:59:59 2025 GMT
        Subject: serialNumber=532b170c9dab69b375bdc313e639ce9ebfb4e74f9a615d9aaacaf279afc99916, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:ef:47:8d:e3:65:e1:96:b6:04:3e:5c:34:1a:
                    ad:80:57:82:0c:78:f8:da:dd:5f:76:79:63:81:8e:
                    10:69:de:d7:14:8c:aa:bc:39:17:f7:d2:3b:b7:13:
                    e5:a0:ca:96:be:59:35:74:ce:0e:06:0f:c6:3c:5f:
                    c1:cb:0a:88:d7:7c:dd:a5:64:85:9d:79:2f:55:24:
                    b6:12:68:6c:51:54:5d:b9:79:89:4e:b4:18:ae:b0:
                    c6:81:58:31:c7:2d:f2:94:d1:2d:ca:74:c0:af:46:
                    52:48:4c:38:ae:3c:04:30:ac:6f:2c:04:63:b5:d3:
                    f3:8a:f4:4e:f0:f3:06:dc:5d:0a:6a:71:b2:9e:b4:
                    4d:6e:40:28:30:ed:ec:b6:42:de:08:90:5e:28:c0:
                    86:66:c1:c3:ee:d8:23:6a:1a:19:34:d5:5e:05:50:
                    fd:58:64:3e:e3:5f:1a:b7:dd:7e:c0:e6:6c:de:5e:
                    38:85:d2:07:bd:73:c7:65:28:2a:7b:1c:ab:84:fa:
                    63:93:52:c8:d2:0d:7c:c7:41:7e:a3:df:4c:23:bc:
                    91:23:21:3f:62:d5:a7:83:8a:d7:8a:94:6f:4b:08:
                    d4:81:92:29:9d:37:3e:40:45:02:8e:b3:88:91:82:
                    37:69:02:68:67:34:37:fb:a1:bc:25:79:fa:d0:8c:
                    f1:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:CC:A7:D4:13:57:DF:26:8F:23:84:2A:3B:23:DC:30:31:4B:35:F8
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/97acb09e-a4ac-498b-bfa8-ff2d8da2bf3a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da2b::/36

    Signature Algorithm: sha256WithRSAEncryption
         6c:5d:64:e0:9c:3d:d7:bb:22:23:bb:ce:f3:f5:5a:68:c0:21:
         14:3c:08:e0:77:09:b1:13:14:be:48:66:bc:a4:8c:ff:1b:2b:
         f4:34:1d:03:98:f4:e7:9d:a0:37:5a:63:6f:a3:b0:3a:50:75:
         1c:2a:41:1a:76:e2:50:b1:ca:46:b2:c5:b4:9d:b1:0e:25:85:
         8c:10:32:87:34:b5:fe:51:de:ac:bf:ce:53:96:5e:2e:e4:2f:
         6d:9e:52:e8:40:48:da:31:aa:fa:64:d2:64:ec:e7:87:eb:fd:
         5e:8a:07:66:30:29:50:63:60:c2:f2:23:d6:75:6e:4e:da:d1:
         5e:ab:cf:d0:e7:76:5f:d8:ea:c6:8d:cf:9d:45:66:3e:ab:af:
         68:41:16:ea:66:1b:4b:69:fe:48:a4:52:49:b4:c5:c5:b0:d3:
         91:82:35:e3:7c:04:82:d2:5b:cc:4e:e2:76:ff:b0:17:5e:27:
         5a:f2:a7:8c:46:84:74:6b:bc:a1:94:a1:b3:ed:45:9c:20:71:
         b1:2a:3b:77:cc:67:c3:0e:b2:15:20:04:5b:99:f6:64:0f:b9:
         97:ee:57:39:6a:03:bf:39:6d:1a:c4:de:7e:db:81:35:3f:7c:
         52:77:5b:ca:27:f0:b2:ac:f6:ce:58:bc:d9:b9:e2:9a:93:1c:
         ce:57:71:04
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUG0xjuimOiSxfx1Yt6NbaK+1V/NcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEyNzAwMDAwMFoX
DTI1MDMwMzIzNTk1OVowejFJMEcGA1UEBRNANTMyYjE3MGM5ZGFiNjliMzc1YmRj
MzEzZTYzOWNlOWViZmI0ZTc0ZjlhNjE1ZDlhYWFjYWYyNzlhZmM5OTkxNjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy+9HjeNl4Za2BD5cNBqtgFeCDHj4
2t1fdnljgY4Qad7XFIyqvDkX99I7txPloMqWvlk1dM4OBg/GPF/BywqI13zdpWSF
nXkvVSS2EmhsUVRduXmJTrQYrrDGgVgxxy3ylNEtynTAr0ZSSEw4rjwEMKxvLARj
tdPzivRO8PMG3F0KanGynrRNbkAoMO3stkLeCJBeKMCGZsHD7tgjahoZNNVeBVD9
WGQ+418at91+wOZs3l44hdIHvXPHZSgqexyrhPpjk1LI0g18x0F+o99MI7yRIyE/
YtWng4rXipRvSwjUgZIpnTc+QEUCjrOIkYI3aQJoZzQ3+6G8JXn60IzxQwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFOHMp9QTV98mjyOEKjsj3DAxSzX4MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
Lzk3YWNiMDllLWE0YWMtNDk4Yi1iZmE4LWZmMmQ4ZGEyYmYzYS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYEJAbaKwAwDQYJKoZIhvcNAQELBQADggEBAGxdZOCcPde7IiO7zvP1
WmjAIRQ8COB3CbETFL5IZrykjP8bK/Q0HQOY9OedoDdaY2+jsDpQdRwqQRp24lCx
ykayxbSdsQ4lhYwQMoc0tf5R3qy/zlOWXi7kL22eUuhASNoxqvpk0mTs54fr/V6K
B2YwKVBjYMLyI9Z1bk7a0V6rz9Dndl/Y6saNz51FZj6rr2hBFupmG0tp/kikUkm0
xcWw05GCNeN8BILSW8xO4nb/sBdeJ1ryp4xGhHRrvKGUobPtRZwgcbEqO3fMZ8MO
shUgBFuZ9mQPuZfuVzlqA785bRrE3n7bgTU/fFJ3W8on8LKs9s5YvNm54pqTHM5X
cQQ=
-----END CERTIFICATE-----