Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ac7225c2-bba5-4a82-9be4-4396405c0a57.roa
File:                     ac7225c2-bba5-4a82-9be4-4396405c0a57.roa (raw, json)
Hash identifier:          Ud0xyti2PVhNd0Pge9Mo6SsulCLe2qHDXxDIS+lgv3E=
Subject key identifier:   74:3B:80:00:0F:3B:99:ED:7D:F5:8B:54:EB:36:4B:2E:37:5F:D5:E8
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       2A78BF70271EF5FD5C92192F6BA2C6CA010AB4C0
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ac7225c2-bba5-4a82-9be4-4396405c0a57.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daff:60a0::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:78:bf:70:27:1e:f5:fd:5c:92:19:2f:6b:a2:c6:ca:01:0a:b4:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=0099e657515579633ede7c77cf48f3cd348e04adc0ea162ac833c81a4f55538a, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:cf:d4:19:69:af:47:e7:30:b4:29:ea:7b:2b:
                    52:5f:5c:07:00:53:cd:48:29:ff:ac:8c:da:0f:10:
                    29:cc:09:34:3a:2d:ed:7c:24:ce:b6:35:df:5c:30:
                    18:18:66:50:c7:44:8a:66:8f:45:31:e5:95:e9:8c:
                    cf:84:e2:e1:8f:96:72:d3:e9:ed:0e:a3:78:26:72:
                    9f:be:86:16:28:e3:3e:0d:07:b7:1f:d0:9e:71:43:
                    66:59:9d:98:c8:78:f5:34:b3:23:d4:c3:38:ff:16:
                    21:2e:9c:40:91:5f:b9:a6:60:e3:8a:10:07:31:4d:
                    84:48:51:18:c8:0a:d5:c9:e1:da:6c:b1:7a:1f:76:
                    15:14:72:92:eb:e9:6e:d6:89:d8:3e:ba:dc:05:73:
                    d9:68:44:bd:4d:aa:48:55:7d:a2:66:15:4f:3d:82:
                    4a:6c:b7:bd:cb:f9:01:7e:85:cb:5b:2e:3e:4a:93:
                    e3:b2:73:cd:4e:d7:09:71:6f:0c:86:be:99:73:c8:
                    68:06:ca:bc:7d:18:c4:2f:39:57:05:f8:1d:c7:35:
                    9a:61:59:36:49:f6:70:96:6d:62:37:c4:8e:4e:0d:
                    33:0a:a8:23:56:c0:e2:7c:33:ba:1f:4f:b2:89:7a:
                    74:f7:9e:34:9f:f8:ca:7d:67:24:db:cb:e9:cd:ac:
                    a5:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:3B:80:00:0F:3B:99:ED:7D:F5:8B:54:EB:36:4B:2E:37:5F:D5:E8
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ac7225c2-bba5-4a82-9be4-4396405c0a57.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daff:60a0::/48

    Signature Algorithm: sha256WithRSAEncryption
         29:1b:47:29:8a:a4:1c:06:23:c6:53:c3:48:ef:c7:cb:dc:de:
         16:10:00:d3:c8:0c:37:08:4d:84:26:8e:53:8c:1b:d4:b1:cd:
         e5:fe:5a:03:3e:2c:09:b7:d8:05:08:1d:10:d9:a8:0a:f8:98:
         9c:79:b0:a0:7b:4e:74:32:ab:c1:37:bd:d3:67:6e:ad:21:1f:
         a4:b8:75:55:d8:27:62:3b:4d:e0:17:11:07:79:ec:25:0e:f0:
         29:e8:35:7d:d3:49:a1:43:ce:d6:29:d2:24:9e:d7:aa:a6:3b:
         f7:66:d2:54:6b:74:7e:87:e1:6b:23:ad:4d:b5:4f:68:02:5d:
         13:1f:e6:80:08:7d:b6:29:71:05:bb:0b:00:72:b6:ed:b6:bc:
         55:f4:77:de:56:39:cd:f9:d2:98:2b:30:fc:64:7a:bb:1d:51:
         13:14:38:d0:f1:26:bf:1f:fc:13:2c:b8:96:0e:11:ce:61:73:
         e8:e0:f2:86:0d:e3:68:4c:17:0c:ac:7e:73:78:ad:dc:5f:41:
         ee:b4:b2:bc:72:f5:74:04:44:e5:f9:8a:eb:c2:6c:9a:1f:e4:
         28:58:49:05:cc:d9:2b:53:fb:93:15:de:16:57:3e:a7:d9:6a:
         9e:f8:df:e2:64:34:bf:51:f8:19:80:f2:da:92:79:2f:ba:2d:
         61:21:30:23
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUKni/cCce9f1ckhkva6LGygEKtMAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNAMDA5OWU2NTc1MTU1Nzk2MzNlZGU3
Yzc3Y2Y0OGYzY2QzNDhlMDRhZGMwZWExNjJhYzgzM2M4MWE0ZjU1NTM4YTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7s/UGWmvR+cwtCnqeytSX1wHAFPN
SCn/rIzaDxApzAk0Oi3tfCTOtjXfXDAYGGZQx0SKZo9FMeWV6YzPhOLhj5Zy0+nt
DqN4JnKfvoYWKOM+DQe3H9CecUNmWZ2YyHj1NLMj1MM4/xYhLpxAkV+5pmDjihAH
MU2ESFEYyArVyeHabLF6H3YVFHKS6+lu1onYPrrcBXPZaES9TapIVX2iZhVPPYJK
bLe9y/kBfoXLWy4+SpPjsnPNTtcJcW8Mhr6Zc8hoBsq8fRjELzlXBfgdxzWaYVk2
SfZwlm1iN8SOTg0zCqgjVsDifDO6H0+yiXp09540n/jKfWck28vpzaylRQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFHQ7gAAPO5ntffWLVOs2Sy43X9XoMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2FjNzIyNWMyLWJiYTUtNGE4Mi05YmU0LTQzOTY0MDVjMGE1Ny5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAba/2CgMA0GCSqGSIb3DQEBCwUAA4IBAQApG0cpiqQcBiPGU8NI
78fL3N4WEADTyAw3CE2EJo5TjBvUsc3l/loDPiwJt9gFCB0Q2agK+JicebCge050
MqvBN73TZ26tIR+kuHVV2CdiO03gFxEHeewlDvAp6DV900mhQ87WKdIknteqpjv3
ZtJUa3R+h+FrI61NtU9oAl0TH+aACH22KXEFuwsAcrbttrxV9HfeVjnN+dKYKzD8
ZHq7HVETFDjQ8Sa/H/wTLLiWDhHOYXPo4PKGDeNoTBcMrH5zeK3cX0HutLK8cvV0
BETl+YrrwmyaH+QoWEkFzNkrU/uTFd4WVz6n2Wqe+N/iZDS/UfgZgPLaknkvui1h
ITAj
-----END CERTIFICATE-----