Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/af8b3ecb-e097-475f-ad47-1a2c6df1db32.roa
File:                     af8b3ecb-e097-475f-ad47-1a2c6df1db32.roa (raw, json)
Hash identifier:          xzIN7CwEGTq1CnEXUrdcw/apnzGuPOr9mAQLX49J+do=
Subject key identifier:   58:B5:3D:2F:AB:2E:3B:70:1E:34:C6:90:FA:F4:AE:F6:1A:07:67:6F
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       2FE13E9FBDAAFBDF68FCF0BD160DA0013B015867
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/af8b3ecb-e097-475f-ad47-1a2c6df1db32.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf4:f040::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:e1:3e:9f:bd:aa:fb:df:68:fc:f0:bd:16:0d:a0:01:3b:01:58:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=388ec38d898837e10c0b29266993fa8ece22489c5adb5ec79312520da74932a2, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:73:7a:d1:29:4d:72:42:27:8b:74:a1:89:bb:
                    2e:67:49:b8:86:e3:0c:7d:27:78:70:3f:89:12:71:
                    93:ec:e2:30:01:74:1f:df:e3:0e:e6:e9:72:c6:a2:
                    9f:d7:07:a3:ce:4b:9b:ce:a2:f3:ae:2d:b6:ec:75:
                    5f:aa:d3:32:e4:ac:6c:65:9f:d8:50:a0:b6:bf:7b:
                    1b:04:42:5b:02:e4:46:42:66:63:bd:cf:d3:52:72:
                    47:d8:f8:c8:77:72:7d:a0:9a:c3:e6:11:d7:9d:40:
                    d8:64:b3:87:f7:ce:6e:1c:eb:44:cf:af:ce:21:b7:
                    9d:5f:b4:73:96:41:dd:be:9c:ec:f8:a5:30:c8:b3:
                    f7:8a:c9:27:fc:72:0a:6c:a8:ae:e7:e4:da:56:4c:
                    8d:cb:72:3d:9d:79:80:16:44:52:83:18:be:ca:8f:
                    65:70:5f:c8:a5:ba:91:ac:b6:91:72:4a:93:4b:24:
                    6a:f5:12:cf:87:fb:18:64:39:c9:a4:cf:60:e4:19:
                    90:dd:09:a0:c7:92:1b:17:cc:b6:9c:54:1e:03:42:
                    df:fb:7b:f1:5b:f9:1b:80:8c:64:67:ae:63:89:90:
                    a9:59:c7:30:c2:f8:12:29:52:67:92:83:d6:60:0a:
                    d5:47:20:5d:f6:b5:3b:83:36:db:c7:f6:29:65:48:
                    5b:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:B5:3D:2F:AB:2E:3B:70:1E:34:C6:90:FA:F4:AE:F6:1A:07:67:6F
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/af8b3ecb-e097-475f-ad47-1a2c6df1db32.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf4:f040::/48

    Signature Algorithm: sha256WithRSAEncryption
         09:19:f5:eb:a5:c2:ed:ec:c6:2d:68:00:0b:a8:5a:d1:a4:7d:
         f3:57:f6:99:63:42:18:ac:7e:2e:fe:79:74:f5:b5:04:3e:a2:
         c6:ec:e1:89:e0:35:80:cc:0d:3f:0d:5e:88:1d:19:c1:5b:7d:
         38:ca:5a:a8:41:5c:9c:95:7b:fd:52:34:03:1c:67:a7:db:a5:
         85:fb:99:d4:89:01:3e:bd:1f:64:15:ae:43:2a:7d:f5:fa:37:
         1f:23:59:5c:31:cb:35:67:b4:97:c3:ea:09:a5:25:54:52:85:
         d1:f9:f5:69:79:f2:22:09:cf:86:d6:9b:4a:bd:10:3b:c9:a0:
         bf:4f:06:4d:4c:42:61:84:8e:17:84:06:fe:fd:f6:b9:a9:cb:
         00:8b:5a:46:05:f2:ac:de:4c:e8:bd:ee:1f:8c:f6:e9:50:db:
         ab:91:2f:01:dc:82:75:86:f4:c2:4c:fd:70:89:a2:0f:7c:7e:
         7b:0b:69:79:15:bb:ed:2f:29:41:3e:a3:4e:27:2c:0f:d2:e9:
         85:52:3a:9c:35:b5:45:f5:c2:a0:0e:53:e3:2c:36:f1:76:64:
         0e:07:e7:26:50:e9:83:49:60:95:48:7b:31:6c:67:22:32:fb:
         3d:3d:0d:31:a2:e1:2d:3a:02:e6:44:82:ef:cf:10:35:bb:71:
         b0:c2:d5:b1
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUL+E+n72q+99o/PC9Fg2gATsBWGcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNAMzg4ZWMzOGQ4OTg4MzdlMTBjMGIy
OTI2Njk5M2ZhOGVjZTIyNDg5YzVhZGI1ZWM3OTMxMjUyMGRhNzQ5MzJhMjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvXN60SlNckIni3ShibsuZ0m4huMM
fSd4cD+JEnGT7OIwAXQf3+MO5ulyxqKf1wejzkubzqLzri227HVfqtMy5KxsZZ/Y
UKC2v3sbBEJbAuRGQmZjvc/TUnJH2PjId3J9oJrD5hHXnUDYZLOH985uHOtEz6/O
IbedX7RzlkHdvpzs+KUwyLP3iskn/HIKbKiu5+TaVkyNy3I9nXmAFkRSgxi+yo9l
cF/IpbqRrLaRckqTSyRq9RLPh/sYZDnJpM9g5BmQ3Qmgx5IbF8y2nFQeA0Lf+3vx
W/kbgIxkZ65jiZCpWccwwvgSKVJnkoPWYArVRyBd9rU7gzbbx/YpZUhbbQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFFi1PS+rLjtwHjTGkPr0rvYaB2dvMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2FmOGIzZWNiLWUwOTctNDc1Zi1hZDQ3LTFhMmM2ZGYxZGIzMi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAba9PBAMA0GCSqGSIb3DQEBCwUAA4IBAQAJGfXrpcLt7MYtaAAL
qFrRpH3zV/aZY0IYrH4u/nl09bUEPqLG7OGJ4DWAzA0/DV6IHRnBW304ylqoQVyc
lXv9UjQDHGen26WF+5nUiQE+vR9kFa5DKn31+jcfI1lcMcs1Z7SXw+oJpSVUUoXR
+fVpefIiCc+G1ptKvRA7yaC/TwZNTEJhhI4XhAb+/fa5qcsAi1pGBfKs3kzove4f
jPbpUNurkS8B3IJ1hvTCTP1wiaIPfH57C2l5FbvtLylBPqNOJywP0umFUjqcNbVF
9cKgDlPjLDbxdmQOB+cmUOmDSWCVSHsxbGciMvs9PQ0xouEtOgLmRILvzxA1u3Gw
wtWx
-----END CERTIFICATE-----