Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a21dee66-37c0-469d-8b01-08b0f731a865.roa
File:                     a21dee66-37c0-469d-8b01-08b0f731a865.roa (raw, json)
Hash identifier:          bpaVSGI2u7UefpzTuK5IDDt1uo+5J3cZu4B+l7KanX4=
Subject key identifier:   7A:B0:26:C5:22:24:20:6D:4E:8F:79:D8:67:FD:A1:C2:32:7C:6A:28
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       2237A1C52B3150DABB002C836D262C2AB20B463D
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a21dee66-37c0-469d-8b01-08b0f731a865.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da36:b000::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:37:a1:c5:2b:31:50:da:bb:00:2c:83:6d:26:2c:2a:b2:0b:46:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=924bd6d4651c1caf4b20fa74453a3f831b4a78f6dc8af1a2231cc8e77e8ac2b6, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:60:2b:42:f8:2a:82:ac:ea:1b:af:e6:b5:ee:
                    cd:da:2e:b5:94:7d:6b:b0:81:44:bb:27:ee:a4:83:
                    1d:09:1c:dc:ef:f0:1a:bc:04:49:73:70:50:0b:94:
                    2f:06:8f:08:86:ec:de:1c:cc:f2:df:25:7a:47:95:
                    af:04:6b:ad:5f:c2:7e:29:f9:4e:48:94:33:fa:05:
                    d4:25:59:e8:b1:9e:9c:20:38:8b:2d:92:11:2e:d3:
                    c5:07:b3:9d:b5:70:11:98:90:bf:31:2b:88:97:12:
                    2d:f5:71:57:ff:c7:71:d5:9d:23:e4:34:86:03:9e:
                    ab:4a:0e:a8:d7:20:2c:71:33:3f:02:a8:c8:b3:c3:
                    95:35:ee:c3:60:b4:c2:70:b4:75:cc:a5:aa:91:97:
                    85:f4:72:1f:05:9b:72:fc:09:6c:35:69:20:d3:48:
                    fb:35:2a:73:2f:ab:19:c9:20:c4:71:ee:ec:3f:cd:
                    09:ee:56:b9:aa:d9:f5:4c:8d:3d:6a:e6:ed:8a:1f:
                    eb:77:1d:40:cf:d0:bb:c9:2e:1f:5c:dc:0d:8d:1f:
                    ae:18:61:89:8a:05:cb:70:41:3d:37:9d:b8:a0:d5:
                    ae:29:22:48:df:fb:c0:ac:e0:bb:44:d3:29:06:82:
                    7c:fc:ae:b1:fd:33:2d:ad:10:45:2f:fd:3d:b0:01:
                    36:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:B0:26:C5:22:24:20:6D:4E:8F:79:D8:67:FD:A1:C2:32:7C:6A:28
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a21dee66-37c0-469d-8b01-08b0f731a865.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da36:b000::/40

    Signature Algorithm: sha256WithRSAEncryption
         af:ff:57:7b:c9:b5:f4:fc:f0:a8:5c:d7:56:a5:c5:46:d1:4f:
         6b:19:fe:27:1e:6a:69:15:eb:8d:7a:7f:ca:03:5e:b3:1e:d7:
         ad:25:fb:1b:73:ed:ee:1b:56:17:b2:e1:b5:26:eb:2f:7e:fb:
         57:f0:17:f4:cb:e4:2d:72:d0:04:18:ef:ab:08:c3:0f:17:d4:
         f9:bc:7b:6b:7b:60:ac:34:32:91:25:b9:e1:0c:fa:de:80:5f:
         08:ee:8f:7e:59:88:78:c0:b1:bc:8f:b8:2f:fd:b8:e8:b3:1d:
         cc:b6:39:c0:df:b9:f7:3c:f6:0a:99:f6:51:9d:b2:32:84:b3:
         77:87:8b:30:0a:c8:b3:96:57:81:a8:0e:3c:0d:12:f5:5f:9d:
         9c:76:c5:14:eb:57:32:f7:05:35:5a:b1:85:9a:05:d8:73:8e:
         8b:b7:77:a1:aa:7a:2a:a4:0b:22:07:1c:f1:49:6b:62:30:1d:
         eb:85:ed:97:42:a4:22:bf:c0:6b:e9:e2:29:24:64:7e:d1:0f:
         a8:7b:ef:ad:be:f3:2a:79:cf:2b:75:61:a7:c2:bb:19:f4:ca:
         0d:47:8e:e1:e5:db:d7:d8:2b:15:37:34:89:89:d8:d5:dd:4a:
         db:0d:26:c6:ac:7b:34:6f:f6:1a:2b:1b:2b:1a:11:f0:65:cc:
         3b:d2:b4:91
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUIjehxSsxUNq7ACyDbSYsKrILRj0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNAOTI0YmQ2ZDQ2NTFjMWNhZjRiMjBm
YTc0NDUzYTNmODMxYjRhNzhmNmRjOGFmMWEyMjMxY2M4ZTc3ZThhYzJiNjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr2ArQvgqgqzqG6/mte7N2i61lH1r
sIFEuyfupIMdCRzc7/AavARJc3BQC5QvBo8IhuzeHMzy3yV6R5WvBGutX8J+KflO
SJQz+gXUJVnosZ6cIDiLLZIRLtPFB7OdtXARmJC/MSuIlxIt9XFX/8dx1Z0j5DSG
A56rSg6o1yAscTM/AqjIs8OVNe7DYLTCcLR1zKWqkZeF9HIfBZty/AlsNWkg00j7
NSpzL6sZySDEce7sP80J7la5qtn1TI09aubtih/rdx1Az9C7yS4fXNwNjR+uGGGJ
igXLcEE9N524oNWuKSJI3/vArOC7RNMpBoJ8/K6x/TMtrRBFL/09sAE2twIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFHqwJsUiJCBtTo952Gf9ocIyfGooMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2EyMWRlZTY2LTM3YzAtNDY5ZC04YjAxLTA4YjBmNzMxYTg2NS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaNrAwDQYJKoZIhvcNAQELBQADggEBAK//V3vJtfT88Khc11al
xUbRT2sZ/iceamkV6416f8oDXrMe160l+xtz7e4bVhey4bUm6y9++1fwF/TL5C1y
0AQY76sIww8X1Pm8e2t7YKw0MpElueEM+t6AXwjuj35ZiHjAsbyPuC/9uOizHcy2
OcDfufc89gqZ9lGdsjKEs3eHizAKyLOWV4GoDjwNEvVfnZx2xRTrVzL3BTVasYWa
Bdhzjou3d6GqeiqkCyIHHPFJa2IwHeuF7ZdCpCK/wGvp4ikkZH7RD6h7762+8yp5
zyt1YafCuxn0yg1HjuHl29fYKxU3NImJ2NXdStsNJsasezRv9horGysaEfBlzDvS
tJE=
-----END CERTIFICATE-----