Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/b334fca2-b2bc-4db5-956c-e3ff8d975b51.roa
File:                     b334fca2-b2bc-4db5-956c-e3ff8d975b51.roa (raw, json)
Hash identifier:          57FXnvCmLPsdwR5UYB96Tp2kldcHsoqPvnu4APn7Qtw=
Subject key identifier:   8F:FE:6C:15:3C:80:D1:C0:A1:C2:C6:8E:2D:51:38:74:41:67:B0:FD
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       3492CF48D0AB3A6916B776E331C68C705A0602F9
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/b334fca2-b2bc-4db5-956c-e3ff8d975b51.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf2:4840::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:92:cf:48:d0:ab:3a:69:16:b7:76:e3:31:c6:8c:70:5a:06:02:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=4dbdc39a9c9a0c6da200212a591cac70b2b8b7e5a23f5fecec459770991f753d, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:52:4f:7c:ad:34:82:16:ea:e5:82:a9:3c:dd:
                    49:af:76:20:7a:9a:23:6c:a7:a7:66:9c:8a:58:56:
                    3b:a5:61:d3:f0:f0:17:0f:d8:0a:56:5d:95:f7:3b:
                    aa:80:82:0d:1a:53:9e:62:b7:81:91:8f:86:cb:9b:
                    76:22:32:98:45:3f:a2:bb:16:ca:21:1b:57:71:aa:
                    75:52:a5:d9:1a:26:9e:3d:f0:c8:6c:47:40:df:fa:
                    42:c7:e8:f0:5a:8b:37:46:79:e9:92:5e:05:db:cf:
                    9e:1b:7c:f2:dc:1d:d2:2a:a8:b3:ab:60:f1:4c:4a:
                    94:0f:a7:af:5b:a0:88:8c:9a:7d:d2:ba:c0:b3:8a:
                    cd:71:95:a1:f6:39:66:5b:4d:bd:44:de:2b:ca:46:
                    a3:1e:8d:cc:26:2a:1a:51:cd:19:fd:92:cd:52:18:
                    86:0a:27:d3:46:9a:48:6b:69:5c:ff:20:70:be:3f:
                    93:82:bb:8f:c0:cf:c4:b8:46:41:6a:a2:89:e4:35:
                    81:9b:42:f1:25:76:3a:54:c0:a2:ea:83:59:bf:87:
                    ff:c0:f9:8f:23:9d:d8:3c:d2:b7:53:ab:40:e1:a7:
                    f9:f6:6b:6a:eb:8e:47:ba:30:15:29:e8:9b:b1:69:
                    ec:3c:70:cf:58:6b:0e:9c:6e:4a:8d:5f:d2:f9:29:
                    50:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:FE:6C:15:3C:80:D1:C0:A1:C2:C6:8E:2D:51:38:74:41:67:B0:FD
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/b334fca2-b2bc-4db5-956c-e3ff8d975b51.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf2:4840::/48

    Signature Algorithm: sha256WithRSAEncryption
         22:bf:62:4c:e3:9f:ef:db:3e:37:e9:c1:3e:fa:7f:98:50:94:
         ce:f9:28:0a:1c:c8:7b:bd:0b:da:67:d5:6e:2a:8a:bb:e6:6e:
         44:24:85:c0:0e:5e:a6:d8:a4:7b:89:86:7f:52:b7:bc:16:54:
         5a:fa:fe:cc:a0:b7:fe:a3:43:28:21:12:1c:27:e0:d0:0a:e5:
         a7:0c:00:fb:c3:c8:6d:f9:8d:48:97:76:c6:a1:52:f2:88:1e:
         95:b2:3b:33:7c:ce:4a:be:25:ca:37:8f:e0:ce:76:6c:6f:e1:
         f5:e3:d6:f9:f2:ee:82:b2:c3:01:ab:47:5a:f7:a5:74:5b:c0:
         c6:d3:68:c0:8b:52:a0:0f:ad:e7:09:4e:bf:0a:f5:60:82:e9:
         c6:f7:4d:7a:fb:11:79:26:8b:68:fe:dd:11:f2:d9:96:ac:e6:
         cd:88:e8:06:8c:24:2f:e7:c1:8f:3e:9e:68:47:ab:cc:a8:2f:
         ac:bf:5c:a6:d3:8c:a7:a9:fd:34:be:a7:fc:59:1f:cf:38:94:
         0f:45:80:17:82:a3:94:3f:e9:d6:de:b0:af:73:8b:b3:0d:df:
         1e:2e:13:7f:e8:5f:ab:8e:18:c3:94:a5:60:89:26:49:bf:78:
         fb:ae:5b:c1:86:55:a1:ca:2f:02:fd:ea:ea:21:e4:9c:f6:e2:
         54:d8:92:ea
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUNJLPSNCrOmkWt3bjMcaMcFoGAvkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNANGRiZGMzOWE5YzlhMGM2ZGEyMDAy
MTJhNTkxY2FjNzBiMmI4YjdlNWEyM2Y1ZmVjZWM0NTk3NzA5OTFmNzUzZDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA31JPfK00ghbq5YKpPN1Jr3Ygepoj
bKenZpyKWFY7pWHT8PAXD9gKVl2V9zuqgIINGlOeYreBkY+Gy5t2IjKYRT+iuxbK
IRtXcap1UqXZGiaePfDIbEdA3/pCx+jwWos3Rnnpkl4F28+eG3zy3B3SKqizq2Dx
TEqUD6evW6CIjJp90rrAs4rNcZWh9jlmW029RN4rykajHo3MJioaUc0Z/ZLNUhiG
CifTRppIa2lc/yBwvj+TgruPwM/EuEZBaqKJ5DWBm0LxJXY6VMCi6oNZv4f/wPmP
I53YPNK3U6tA4af59mtq645HujAVKeibsWnsPHDPWGsOnG5KjV/S+SlQ9QIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFI/+bBU8gNHAocLGji1ROHRBZ7D9MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2IzMzRmY2EyLWIyYmMtNGRiNS05NTZjLWUzZmY4ZDk3NWI1MS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAba8khAMA0GCSqGSIb3DQEBCwUAA4IBAQAiv2JM45/v2z436cE+
+n+YUJTO+SgKHMh7vQvaZ9VuKoq75m5EJIXADl6m2KR7iYZ/Ure8FlRa+v7MoLf+
o0MoIRIcJ+DQCuWnDAD7w8ht+Y1Il3bGoVLyiB6VsjszfM5KviXKN4/gznZsb+H1
49b58u6CssMBq0da96V0W8DG02jAi1KgD63nCU6/CvVggunG9016+xF5Joto/t0R
8tmWrObNiOgGjCQv58GPPp5oR6vMqC+sv1ym04ynqf00vqf8WR/POJQPRYAXgqOU
P+nW3rCvc4uzDd8eLhN/6F+rjhjDlKVgiSZJv3j7rlvBhlWhyi8C/erqIeSc9uJU
2JLq
-----END CERTIFICATE-----