Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/98bbbcef-0217-4c51-a717-7af30c63be28.roa
File:                     98bbbcef-0217-4c51-a717-7af30c63be28.roa (raw, json)
Hash identifier:          aP0YJfE3FXkgmoZrCiNxONfHGZ/10SyCw67RiAWPdrk=
Subject key identifier:   00:60:DA:3B:87:4D:46:C4:DE:91:E5:B7:22:BE:3E:23:DE:C4:0C:D9
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       043972C91771CE0501E698563FBC88095ECC96E2
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/98bbbcef-0217-4c51-a717-7af30c63be28.roa
Signing time:             Sat 25 Jan 2025 00:00:00 +0000
ROA not before:           Sat 25 Jan 2025 00:00:00 +0000
ROA not after:            Sat 01 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf8:8800::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:39:72:c9:17:71:ce:05:01:e6:98:56:3f:bc:88:09:5e:cc:96:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan 25 00:00:00 2025 GMT
            Not After : Mar  1 23:59:59 2025 GMT
        Subject: serialNumber=4685aa2ec333736386e145eb17f4ab8d3165e4998a7a4c2a3e4c126642272197, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:40:72:54:05:fb:a0:25:22:ce:18:de:26:97:
                    38:20:e7:66:3c:ab:d4:d0:05:83:23:74:c6:19:7a:
                    e8:d2:bc:e8:50:9b:99:df:02:24:d4:c5:13:d0:de:
                    a9:96:fe:28:08:be:96:72:c8:8f:f3:32:c5:e8:9d:
                    21:94:71:2e:9d:99:f5:23:50:dd:8c:60:a5:41:cc:
                    17:29:42:4f:ae:9c:e6:2f:68:fc:6d:5f:78:ac:ec:
                    f0:32:78:3e:9b:ef:2c:6b:26:18:8c:07:ff:ea:e1:
                    ce:6d:88:92:29:29:fc:8e:15:4d:93:ef:31:29:da:
                    a3:09:75:37:bd:93:8a:2c:42:4a:fc:54:1c:44:be:
                    e4:23:23:b7:3f:04:c7:21:58:94:ca:73:7b:8a:48:
                    2e:6c:85:3a:a6:d3:7c:10:9d:ab:61:e4:1a:69:2b:
                    6f:59:e0:b6:6e:81:83:34:98:3a:60:0b:18:a4:1c:
                    0c:90:f7:8d:92:06:c7:98:42:83:94:91:49:47:1d:
                    fa:3e:88:4c:fc:ae:73:43:7d:fa:db:40:95:7c:e4:
                    81:ca:ff:41:9d:e3:72:66:b0:00:87:ae:05:66:29:
                    5e:7c:4c:72:0e:09:b5:65:03:1a:08:dc:ff:13:67:
                    78:4a:d1:fe:50:d8:16:2c:d8:08:b1:dc:1b:d8:ec:
                    e7:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:60:DA:3B:87:4D:46:C4:DE:91:E5:B7:22:BE:3E:23:DE:C4:0C:D9
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/98bbbcef-0217-4c51-a717-7af30c63be28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf8:8800::/40

    Signature Algorithm: sha256WithRSAEncryption
         94:64:aa:06:5f:1c:ed:94:f7:9c:c0:75:4c:1a:40:11:9f:fa:
         f5:2f:d2:ec:62:a4:41:0b:5f:20:26:9a:f6:db:98:a1:12:e1:
         c8:d2:ea:4b:96:53:3e:48:4e:5a:1a:4a:60:b1:49:10:bb:ef:
         6d:37:08:92:cf:d2:60:25:a7:39:6c:8d:d6:dd:11:7a:62:6c:
         68:56:2b:49:bf:c4:aa:92:2b:ba:66:59:e4:36:c8:76:ed:b7:
         c1:6e:1a:05:39:8c:13:79:36:c6:17:4f:03:e1:d8:58:93:bd:
         25:08:a9:50:e0:09:75:cd:1d:58:a2:8c:88:68:f4:33:3c:4c:
         2a:8d:75:36:f2:0f:c5:80:1c:f3:8f:21:2a:58:2a:4c:c2:20:
         7b:94:b8:d0:90:4b:39:47:19:3d:4d:f7:45:a3:d5:40:6e:cc:
         b9:99:f3:e6:48:f0:93:d7:6f:17:6c:f6:10:2f:ae:4d:ee:a7:
         5f:51:00:07:13:d5:10:7f:4c:93:40:f7:d9:df:4a:35:d4:9a:
         d4:9f:20:cb:d3:96:86:58:b6:c0:84:83:0e:75:49:7c:41:82:
         92:75:60:05:7e:a3:66:0b:6c:f0:dd:e6:39:91:3c:e6:fc:4f:
         b7:b3:44:50:55:e4:17:e8:e0:ff:58:b0:45:7c:27:a7:ad:3e:
         bb:d8:a2:79
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUBDlyyRdxzgUB5phWP7yICV7MluIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEyNTAwMDAwMFoX
DTI1MDMwMTIzNTk1OVowejFJMEcGA1UEBRNANDY4NWFhMmVjMzMzNzM2Mzg2ZTE0
NWViMTdmNGFiOGQzMTY1ZTQ5OThhN2E0YzJhM2U0YzEyNjY0MjI3MjE5NzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqEByVAX7oCUizhjeJpc4IOdmPKvU
0AWDI3TGGXro0rzoUJuZ3wIk1MUT0N6plv4oCL6WcsiP8zLF6J0hlHEunZn1I1Dd
jGClQcwXKUJPrpzmL2j8bV94rOzwMng+m+8sayYYjAf/6uHObYiSKSn8jhVNk+8x
KdqjCXU3vZOKLEJK/FQcRL7kIyO3PwTHIViUynN7ikgubIU6ptN8EJ2rYeQaaStv
WeC2boGDNJg6YAsYpBwMkPeNkgbHmEKDlJFJRx36PohM/K5zQ33620CVfOSByv9B
neNyZrAAh64FZilefExyDgm1ZQMaCNz/E2d4StH+UNgWLNgIsdwb2OznMQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFABg2juHTUbE3pHltyK+PiPexAzZMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
Lzk4YmJiY2VmLTAyMTctNGM1MS1hNzE3LTdhZjMwYzYzYmUyOC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba+IgwDQYJKoZIhvcNAQELBQADggEBAJRkqgZfHO2U95zAdUwa
QBGf+vUv0uxipEELXyAmmvbbmKES4cjS6kuWUz5ITloaSmCxSRC77203CJLP0mAl
pzlsjdbdEXpibGhWK0m/xKqSK7pmWeQ2yHbtt8FuGgU5jBN5NsYXTwPh2FiTvSUI
qVDgCXXNHViijIho9DM8TCqNdTbyD8WAHPOPISpYKkzCIHuUuNCQSzlHGT1N90Wj
1UBuzLmZ8+ZI8JPXbxds9hAvrk3up19RAAcT1RB/TJNA99nfSjXUmtSfIMvTloZY
tsCEgw51SXxBgpJ1YAV+o2YLbPDd5jmRPOb8T7ezRFBV5Bfo4P9YsEV8J6etPrvY
onk=
-----END CERTIFICATE-----