Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/9d4119e3-c0cc-4acb-9dbf-e8db1c2f9395.roa
File:                     9d4119e3-c0cc-4acb-9dbf-e8db1c2f9395.roa (raw, json)
Hash identifier:          jxWBpNP4FGiDfgAFQMvmf1VQ4+aoWjNCUKzsjUTUfV4=
Subject key identifier:   CA:51:92:42:CC:E0:85:08:68:57:34:62:3F:54:A4:E9:32:A5:BC:82
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       3BA30E2EDBBA4E4CE492CC125A0CA4B9F6754EDB
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/9d4119e3-c0cc-4acb-9dbf-e8db1c2f9395.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da70:f000::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:a3:0e:2e:db:ba:4e:4c:e4:92:cc:12:5a:0c:a4:b9:f6:75:4e:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=601ec260ce9e9b79f325c672e1376e614dd5853aefd128318b9090e0fe2f14a8, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:e6:bc:0f:10:50:94:f3:a6:aa:5d:89:84:d1:
                    ae:09:99:d2:35:e0:50:39:d8:72:32:d1:9a:bb:0d:
                    8e:73:c4:20:59:3d:f6:85:da:d9:ef:e3:28:f6:a3:
                    a0:da:53:77:db:e2:2b:d9:40:ed:de:ae:3a:5c:67:
                    98:1d:31:d5:8b:75:cf:ae:74:82:eb:48:ee:d9:fa:
                    75:c5:7f:2c:eb:c8:e7:ba:58:0f:4b:78:1e:9e:a8:
                    76:6d:96:39:6f:90:03:d8:c8:16:62:f0:90:3f:fe:
                    de:3f:87:89:ce:a6:94:04:fe:44:08:c7:9b:40:5b:
                    c8:74:ae:a0:cc:99:f1:05:15:17:a3:9d:b4:c1:58:
                    79:d6:f9:d1:6f:cb:44:a4:c7:2b:d2:ce:f3:56:69:
                    5c:f8:9d:cb:79:00:2b:fd:e8:cc:ea:91:9a:0b:79:
                    d7:da:61:52:3c:b2:02:00:dd:c1:53:29:ca:14:8f:
                    2c:12:e6:36:bd:82:5c:a3:07:70:49:dd:a0:83:2d:
                    5b:66:f9:cb:70:e6:42:db:70:ae:01:0f:e7:4d:51:
                    a9:1a:f4:5e:7b:67:7f:85:e3:41:5d:ea:00:99:8e:
                    4a:fd:c6:6e:9f:6b:3b:97:e1:e1:b0:5a:eb:84:ba:
                    8f:09:e0:9f:27:0d:fc:22:45:ec:e8:33:30:07:f1:
                    19:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:51:92:42:CC:E0:85:08:68:57:34:62:3F:54:A4:E9:32:A5:BC:82
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/9d4119e3-c0cc-4acb-9dbf-e8db1c2f9395.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da70:f000::/40

    Signature Algorithm: sha256WithRSAEncryption
         28:51:3f:d4:fa:91:53:81:f7:56:47:cd:68:ae:fb:87:4b:29:
         87:95:ed:ad:d1:93:16:94:61:76:3c:94:dc:01:96:eb:a1:be:
         7e:22:41:49:5e:e6:e1:ea:29:81:08:21:cc:8e:a1:fa:cd:b1:
         6d:d8:dd:a6:55:22:e7:16:9c:c1:43:6d:c8:0d:9b:18:e0:e1:
         92:5d:67:71:1b:f7:b1:a1:0e:a3:8d:7f:e8:7d:03:d1:87:d7:
         b7:c9:36:99:b6:5e:9f:85:0e:2e:fa:1c:ed:bf:ac:15:63:dc:
         98:11:b9:2e:03:ae:c9:c3:94:40:62:4a:87:50:69:99:84:a1:
         f1:46:30:f1:fc:c0:6e:15:f7:de:e2:47:a0:c6:b2:52:f3:41:
         23:31:a2:cb:a8:19:61:e2:41:34:fa:91:01:54:bc:0b:6d:45:
         1a:4e:c9:77:5e:b6:67:48:4b:7b:7d:67:50:49:87:2f:1e:55:
         59:33:46:c6:49:d8:22:ae:e5:40:be:20:60:32:9c:19:97:e7:
         75:18:f8:9d:14:3d:46:eb:74:47:09:c4:91:50:41:d5:3b:fe:
         6a:42:61:a6:cf:d3:49:7f:46:b4:72:48:b2:3a:11:25:c4:ab:
         8b:c8:05:95:7a:80:7a:e2:5c:6a:bd:3c:07:13:9f:cd:a4:fd:
         32:18:78:c6
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUO6MOLtu6TkzkkswSWgykufZ1TtswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNANjAxZWMyNjBjZTllOWI3OWYzMjVj
NjcyZTEzNzZlNjE0ZGQ1ODUzYWVmZDEyODMxOGI5MDkwZTBmZTJmMTRhODEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Oa8DxBQlPOmql2JhNGuCZnSNeBQ
OdhyMtGauw2Oc8QgWT32hdrZ7+Mo9qOg2lN32+Ir2UDt3q46XGeYHTHVi3XPrnSC
60ju2fp1xX8s68jnulgPS3genqh2bZY5b5AD2MgWYvCQP/7eP4eJzqaUBP5ECMeb
QFvIdK6gzJnxBRUXo520wVh51vnRb8tEpMcr0s7zVmlc+J3LeQAr/ejM6pGaC3nX
2mFSPLICAN3BUynKFI8sEuY2vYJcowdwSd2ggy1bZvnLcOZC23CuAQ/nTVGpGvRe
e2d/heNBXeoAmY5K/cZun2s7l+HhsFrrhLqPCeCfJw38IkXs6DMwB/EZawIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFMpRkkLM4IUIaFc0Yj9UpOkypbyCMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzlkNDExOWUzLWMwY2MtNGFjYi05ZGJmLWU4ZGIxYzJmOTM5NS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbacPAwDQYJKoZIhvcNAQELBQADggEBAChRP9T6kVOB91ZHzWiu
+4dLKYeV7a3RkxaUYXY8lNwBluuhvn4iQUle5uHqKYEIIcyOofrNsW3Y3aZVIucW
nMFDbcgNmxjg4ZJdZ3Eb97GhDqONf+h9A9GH17fJNpm2Xp+FDi76HO2/rBVj3JgR
uS4DrsnDlEBiSodQaZmEofFGMPH8wG4V997iR6DGslLzQSMxosuoGWHiQTT6kQFU
vAttRRpOyXdetmdIS3t9Z1BJhy8eVVkzRsZJ2CKu5UC+IGAynBmX53UY+J0UPUbr
dEcJxJFQQdU7/mpCYabP00l/RrRySLI6ESXEq4vIBZV6gHriXGq9PAcTn82k/TIY
eMY=
-----END CERTIFICATE-----