Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/9d98c780-618d-45ef-8526-22afd4c5352b.roa
File:                     9d98c780-618d-45ef-8526-22afd4c5352b.roa (raw, json)
Hash identifier:          0tOgJC7X89m4wXCv8APRBZNSgzGs3nbAbhO5lrt4cPM=
Subject key identifier:   72:35:37:9B:93:B7:A0:99:64:AB:82:1A:B7:1C:B3:C0:63:85:E1:13
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       56A506D35F20AC8AB91AE3B249301B47093690B9
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/9d98c780-618d-45ef-8526-22afd4c5352b.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf4:c880::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:a5:06:d3:5f:20:ac:8a:b9:1a:e3:b2:49:30:1b:47:09:36:90:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=1df63defa43814b18c8e0569c12e5d993ee24b9312c923ddf00a3c2f1b829fe6, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:97:fc:cd:c9:38:e2:92:df:f3:1c:0e:b7:94:
                    fd:7c:fa:6a:52:61:5d:4f:f2:9b:a3:5c:fb:84:ba:
                    9d:ff:75:f9:e5:5c:ea:ca:5e:91:5d:ac:e6:e2:f5:
                    44:07:af:98:ab:f4:e6:f3:16:90:07:41:da:af:a9:
                    8e:0a:ec:d7:74:b1:df:1a:88:ed:55:ab:8f:c0:bb:
                    0e:04:72:ff:1a:a4:10:79:d0:18:d8:79:d4:ca:f2:
                    0c:ee:4d:45:26:d9:ca:10:94:d9:b4:be:0e:99:da:
                    4a:17:9d:a4:2f:27:9f:8a:c6:be:5a:10:3a:26:3f:
                    98:70:e6:8c:70:4e:5b:71:bc:29:02:4a:4b:81:2d:
                    3e:08:01:35:36:25:fc:a4:c4:64:51:32:1c:0d:9a:
                    a6:ad:0b:83:24:1e:a0:66:6e:fa:4a:3c:6f:80:06:
                    c3:bf:4b:f8:6a:82:ac:91:f1:e5:d3:90:3c:fd:87:
                    2a:0e:c5:e8:8f:be:13:62:31:39:9b:f2:a8:c8:a6:
                    b2:af:a1:b4:be:f4:02:d3:21:1b:e5:3f:98:48:61:
                    1d:42:e7:e9:09:5f:42:c9:94:64:c4:15:09:44:c6:
                    86:8d:d3:24:69:86:dc:1b:f3:3e:c3:af:db:d1:e7:
                    bd:9d:f8:31:1d:69:28:f7:0c:ad:86:6d:bc:8c:c4:
                    e3:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:35:37:9B:93:B7:A0:99:64:AB:82:1A:B7:1C:B3:C0:63:85:E1:13
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/9d98c780-618d-45ef-8526-22afd4c5352b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf4:c880::/48

    Signature Algorithm: sha256WithRSAEncryption
         b9:4f:41:ad:c0:15:b3:9c:79:67:81:c4:d4:ce:24:e7:46:c9:
         ee:5d:f2:83:3b:d5:49:13:ca:b0:49:0c:cc:81:aa:09:ae:24:
         9e:16:5c:5c:9c:50:6d:07:b5:24:03:73:af:38:18:c8:c2:2d:
         fe:a7:6e:40:83:68:79:b9:54:e7:e9:53:c1:54:92:f5:ec:2c:
         bd:58:36:36:67:06:e5:34:8f:4b:62:cb:82:71:5d:d9:6a:0a:
         30:7b:4b:54:62:c5:91:e9:3f:a9:9a:04:3f:5b:84:93:43:66:
         1c:1a:1e:8f:a1:96:b7:9c:0c:ba:6c:14:ae:62:08:4c:ff:f6:
         66:d3:33:49:c0:e2:5e:dc:09:bd:29:3f:58:77:24:52:c1:2a:
         98:61:d1:01:20:3d:05:90:54:52:e0:b2:71:7d:0c:f9:db:1e:
         12:29:0d:9d:43:c2:5e:d7:d5:0d:bd:57:60:89:8d:34:ce:ce:
         c9:4f:c3:52:bf:59:44:15:69:00:c3:d2:6f:fd:69:a1:ec:9f:
         0b:0b:a7:ce:36:19:f4:d8:c9:2e:e9:22:95:b8:e2:3e:fe:05:
         d3:de:9d:21:51:28:89:10:7b:cb:ac:55:43:be:95:e8:a8:45:
         d4:38:a7:1b:a1:0e:4c:f8:c5:69:11:07:e3:a7:11:a4:a9:fa:
         44:62:1a:18
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUVqUG018grIq5GuOySTAbRwk2kLkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNAMWRmNjNkZWZhNDM4MTRiMThjOGUw
NTY5YzEyZTVkOTkzZWUyNGI5MzEyYzkyM2RkZjAwYTNjMmYxYjgyOWZlNjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5pf8zck44pLf8xwOt5T9fPpqUmFd
T/Kbo1z7hLqd/3X55Vzqyl6RXazm4vVEB6+Yq/Tm8xaQB0Har6mOCuzXdLHfGojt
VauPwLsOBHL/GqQQedAY2HnUyvIM7k1FJtnKEJTZtL4OmdpKF52kLyefisa+WhA6
Jj+YcOaMcE5bcbwpAkpLgS0+CAE1NiX8pMRkUTIcDZqmrQuDJB6gZm76SjxvgAbD
v0v4aoKskfHl05A8/YcqDsXoj74TYjE5m/KoyKayr6G0vvQC0yEb5T+YSGEdQufp
CV9CyZRkxBUJRMaGjdMkaYbcG/M+w6/b0ee9nfgxHWko9wythm28jMTjkQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFHI1N5uTt6CZZKuCGrccs8BjheETMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzlkOThjNzgwLTYxOGQtNDVlZi04NTI2LTIyYWZkNGM1MzUyYi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAba9MiAMA0GCSqGSIb3DQEBCwUAA4IBAQC5T0GtwBWznHlngcTU
ziTnRsnuXfKDO9VJE8qwSQzMgaoJriSeFlxcnFBtB7UkA3OvOBjIwi3+p25Ag2h5
uVTn6VPBVJL17Cy9WDY2ZwblNI9LYsuCcV3Zagowe0tUYsWR6T+pmgQ/W4STQ2Yc
Gh6PoZa3nAy6bBSuYghM//Zm0zNJwOJe3Am9KT9YdyRSwSqYYdEBID0FkFRS4LJx
fQz52x4SKQ2dQ8Je19UNvVdgiY00zs7JT8NSv1lEFWkAw9Jv/Wmh7J8LC6fONhn0
2Mku6SKVuOI+/gXT3p0hUSiJEHvLrFVDvpXoqEXUOKcboQ5M+MVpEQfjpxGkqfpE
YhoY
-----END CERTIFICATE-----