Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a7ca9837-1d67-452f-8fea-80250f36d360.roa
File:                     a7ca9837-1d67-452f-8fea-80250f36d360.roa (raw, json)
Hash identifier:          VFcnerELZ4LpQDxu9xSQoQJXQptAu3wgyzKT1PObWIE=
Subject key identifier:   F2:69:0C:36:44:65:1F:D1:75:F0:03:C9:9D:85:AE:B3:09:D9:07:66
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       41E3E85C433879C955A5170DD8A3CF6937465045
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a7ca9837-1d67-452f-8fea-80250f36d360.roa
Signing time:             Fri 10 Jan 2025 00:00:00 +0000
ROA not before:           Fri 10 Jan 2025 00:00:00 +0000
ROA not after:            Fri 14 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf8:1000::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:e3:e8:5c:43:38:79:c9:55:a5:17:0d:d8:a3:cf:69:37:46:50:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan 10 00:00:00 2025 GMT
            Not After : Feb 14 23:59:59 2025 GMT
        Subject: serialNumber=e59960e362ca1c31eb1d58e4076c977b350bee981c40014963bb55045d746100, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:38:1b:cb:82:d0:ff:f8:ce:86:66:a1:7d:c2:
                    0d:d7:26:f9:84:29:25:69:a9:59:33:58:e1:e0:36:
                    05:ae:a3:9e:b0:70:52:73:e2:83:b9:60:17:35:58:
                    d0:ca:b4:0c:dd:2c:3f:0a:e6:89:97:3c:6a:44:72:
                    be:fe:55:a3:31:52:a5:aa:ee:14:28:06:a7:b6:fe:
                    ed:9c:a9:9e:ef:85:23:c8:62:29:58:69:a3:e3:48:
                    28:e5:7b:6d:99:6f:6e:dc:13:13:f4:1e:0b:b8:5e:
                    60:ca:4b:9b:9d:ad:33:1a:86:7c:35:e7:ca:28:9e:
                    4f:7e:a0:0b:5c:57:6d:bf:ad:b6:72:f0:b4:61:c8:
                    14:10:0e:71:58:a6:ae:c5:8e:1a:83:42:23:84:91:
                    b6:6d:2f:fb:81:ff:d4:a6:7d:8c:f9:00:3a:31:55:
                    94:de:5f:a2:f7:ef:58:1a:49:14:32:48:6f:8b:18:
                    ea:e5:8e:80:01:9d:0f:2f:b4:0c:31:b8:87:6d:a7:
                    a1:00:de:9d:b8:61:eb:7f:c7:81:1a:cd:bc:eb:0e:
                    86:e5:5e:eb:9e:44:7f:48:d1:4b:8c:ef:6c:35:10:
                    dd:91:d2:ee:cf:5e:a8:45:78:a9:9c:0b:c2:28:ef:
                    9a:b0:99:dd:a3:64:00:52:1b:99:7d:dd:27:45:20:
                    6e:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:69:0C:36:44:65:1F:D1:75:F0:03:C9:9D:85:AE:B3:09:D9:07:66
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a7ca9837-1d67-452f-8fea-80250f36d360.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf8:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         11:0b:0f:a3:9f:97:eb:2c:4d:ef:b7:3d:8f:78:07:11:a0:1f:
         3b:61:23:a9:49:f2:36:f1:8f:05:7d:b5:00:28:84:ae:11:86:
         81:0f:f8:e3:64:c0:a0:8b:0d:b1:4a:27:3f:ee:38:f3:e8:36:
         d9:78:a3:97:ce:3c:2c:2b:74:be:66:40:8d:79:79:be:ee:ef:
         41:e9:0a:84:d8:15:81:95:a5:a5:d9:88:85:8f:e6:4e:09:14:
         eb:d7:32:2e:91:4c:1c:8b:05:1c:9d:b2:8c:ff:e5:1e:c4:84:
         56:69:5c:54:75:82:5e:32:28:3d:be:1e:1f:8c:44:54:c4:be:
         f4:fe:28:ca:6b:c3:07:56:0e:87:3c:be:1d:d8:47:66:3c:b2:
         d3:9b:8b:b0:4e:63:0c:84:c3:23:3e:6b:00:9f:ea:35:33:d1:
         c1:95:2f:37:00:25:31:79:25:5e:70:09:a8:48:98:53:23:d7:
         03:1a:03:14:38:43:31:40:3e:27:9c:0a:82:e6:77:b4:de:17:
         93:b7:36:24:14:cb:cd:84:12:72:a9:dc:16:80:a9:13:ea:64:
         09:5e:94:e4:78:e8:3c:38:30:03:d6:2f:d8:7f:e6:3e:e8:48:
         56:6c:f0:80:85:e4:c9:e8:3f:b5:bf:5c:d0:2e:fa:78:b7:ff:
         e4:1d:91:31
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUQePoXEM4eclVpRcN2KPPaTdGUEUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDExMDAwMDAwMFoX
DTI1MDIxNDIzNTk1OVowejFJMEcGA1UEBRNAZTU5OTYwZTM2MmNhMWMzMWViMWQ1
OGU0MDc2Yzk3N2IzNTBiZWU5ODFjNDAwMTQ5NjNiYjU1MDQ1ZDc0NjEwMDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6jgby4LQ//jOhmahfcIN1yb5hCkl
aalZM1jh4DYFrqOesHBSc+KDuWAXNVjQyrQM3Sw/CuaJlzxqRHK+/lWjMVKlqu4U
KAantv7tnKme74UjyGIpWGmj40go5XttmW9u3BMT9B4LuF5gykubna0zGoZ8NefK
KJ5PfqALXFdtv622cvC0YcgUEA5xWKauxY4ag0IjhJG2bS/7gf/Upn2M+QA6MVWU
3l+i9+9YGkkUMkhvixjq5Y6AAZ0PL7QMMbiHbaehAN6duGHrf8eBGs286w6G5V7r
nkR/SNFLjO9sNRDdkdLuz16oRXipnAvCKO+asJndo2QAUhuZfd0nRSBuJwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFPJpDDZEZR/RdfADyZ2FrrMJ2QdmMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2E3Y2E5ODM3LTFkNjctNDUyZi04ZmVhLTgwMjUwZjM2ZDM2MC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba+BAwDQYJKoZIhvcNAQELBQADggEBABELD6Ofl+ssTe+3PY94
BxGgHzthI6lJ8jbxjwV9tQAohK4RhoEP+ONkwKCLDbFKJz/uOPPoNtl4o5fOPCwr
dL5mQI15eb7u70HpCoTYFYGVpaXZiIWP5k4JFOvXMi6RTByLBRydsoz/5R7EhFZp
XFR1gl4yKD2+Hh+MRFTEvvT+KMprwwdWDoc8vh3YR2Y8stObi7BOYwyEwyM+awCf
6jUz0cGVLzcAJTF5JV5wCahImFMj1wMaAxQ4QzFAPiecCoLmd7TeF5O3NiQUy82E
EnKp3BaAqRPqZAlelOR46Dw4MAPWL9h/5j7oSFZs8ICF5MnoP7W/XNAu+ni3/+Qd
kTE=
-----END CERTIFICATE-----