Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/bf7dfcf8-ba0c-47e9-8ddb-6a6d8ec70412.roa
File:                     bf7dfcf8-ba0c-47e9-8ddb-6a6d8ec70412.roa (raw, json)
Hash identifier:          Nh8YaKx5VCpGbYJxSlRienh0pRW/2sVQnU+3RHjyc00=
Subject key identifier:   6E:6E:C1:18:2A:1A:8D:7C:DE:8D:B4:2C:15:D5:0C:43:37:05:90:26
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       2A6ABEA8DD6584748CEA6181C3F5214389CA3F69
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/bf7dfcf8-ba0c-47e9-8ddb-6a6d8ec70412.roa
Signing time:             Sat 25 Jan 2025 00:00:00 +0000
ROA not before:           Sat 25 Jan 2025 00:00:00 +0000
ROA not after:            Sat 01 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daa0:c800::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:6a:be:a8:dd:65:84:74:8c:ea:61:81:c3:f5:21:43:89:ca:3f:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan 25 00:00:00 2025 GMT
            Not After : Mar  1 23:59:59 2025 GMT
        Subject: serialNumber=3007538fdb4b3f7cd56c62b93421041235fbd25a4d6e8d5b330f18a3183d01f2, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:6a:ff:ce:4d:9d:e4:b7:67:82:f0:e6:99:b5:
                    51:70:91:cb:3c:b4:21:1d:81:95:7a:5d:48:7a:18:
                    f3:ae:c8:a8:70:5a:5a:94:31:8e:e6:6d:57:cc:fb:
                    a0:8c:8e:37:40:d0:83:08:0f:34:73:3b:ec:1b:08:
                    d5:69:a6:fa:62:03:84:9e:a5:f6:50:6b:6b:d9:ef:
                    34:77:6e:ef:04:11:bf:6a:ef:8e:37:fa:87:2b:1c:
                    14:52:52:80:05:91:8e:7b:70:8d:2f:b6:9e:71:67:
                    a1:cf:89:dc:ff:e0:90:3d:a2:b7:da:c6:70:da:93:
                    37:94:de:42:c7:d4:f0:06:15:d8:75:6d:3a:9a:09:
                    6c:66:3f:f9:66:39:0f:d1:3f:24:57:89:d9:31:48:
                    33:16:72:c9:34:6a:12:69:0c:10:f6:fe:36:44:eb:
                    9b:d6:9c:2d:42:73:a6:6d:d3:1b:d5:13:87:d7:7b:
                    9d:51:a5:c8:cf:b9:77:f0:01:56:a9:dd:1c:34:03:
                    93:7b:ba:ea:e6:a4:07:9e:37:4d:9e:4a:b8:94:7f:
                    33:c1:3e:86:44:96:ec:6a:d1:31:da:a8:c4:44:0e:
                    9f:28:d0:e7:22:ee:f2:84:c3:e0:43:a3:7a:b8:ef:
                    ee:30:81:f6:5e:62:62:d7:fb:4a:12:02:12:42:36:
                    07:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:6E:C1:18:2A:1A:8D:7C:DE:8D:B4:2C:15:D5:0C:43:37:05:90:26
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/bf7dfcf8-ba0c-47e9-8ddb-6a6d8ec70412.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daa0:c800::/40

    Signature Algorithm: sha256WithRSAEncryption
         c7:86:c1:81:4b:9e:1d:12:1b:52:e6:07:b6:5f:ca:17:b5:46:
         c8:14:ad:47:a5:ad:22:02:9b:03:7d:a5:ff:a9:80:87:4b:77:
         cc:b6:f0:92:dd:13:16:ee:f9:64:dd:d4:b6:da:43:1d:c2:b4:
         ad:33:a5:7a:49:e5:89:a4:81:4d:35:9b:85:3a:79:7e:7f:f0:
         ef:14:e3:20:c6:36:19:a5:1a:9b:3e:0f:e4:82:c3:a8:ae:40:
         b1:e3:f8:43:2f:be:c7:a7:72:7c:fc:71:97:49:72:f6:67:83:
         22:4b:ab:61:4d:b9:d3:3b:31:2d:93:3f:70:93:70:b0:a8:1d:
         0a:ac:98:b5:64:1d:76:6a:8d:75:b4:4c:22:36:c1:a9:42:8b:
         c3:2e:59:8b:ab:6d:54:7a:3e:dd:6c:07:fd:29:42:6e:fe:a5:
         20:fe:d8:7f:4b:47:02:17:88:9d:c8:06:62:9b:a1:7f:5c:e5:
         75:bc:75:f6:25:90:d4:7f:e5:4e:b9:0d:46:ef:e7:ab:28:67:
         7e:e3:1d:fd:92:0b:f3:b3:c0:29:32:52:95:e0:4b:0e:e7:59:
         40:5d:3a:7b:19:92:ab:23:e5:37:1d:49:83:c3:c0:9f:81:27:
         72:52:36:ad:53:db:66:f5:d0:62:c0:74:a5:64:67:5a:cd:0e:
         56:43:7b:49
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUKmq+qN1lhHSM6mGBw/UhQ4nKP2kwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEyNTAwMDAwMFoX
DTI1MDMwMTIzNTk1OVowejFJMEcGA1UEBRNAMzAwNzUzOGZkYjRiM2Y3Y2Q1NmM2
MmI5MzQyMTA0MTIzNWZiZDI1YTRkNmU4ZDViMzMwZjE4YTMxODNkMDFmMjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGr/zk2d5LdngvDmmbVRcJHLPLQh
HYGVel1IehjzrsiocFpalDGO5m1XzPugjI43QNCDCA80czvsGwjVaab6YgOEnqX2
UGtr2e80d27vBBG/au+ON/qHKxwUUlKABZGOe3CNL7aecWehz4nc/+CQPaK32sZw
2pM3lN5Cx9TwBhXYdW06mglsZj/5ZjkP0T8kV4nZMUgzFnLJNGoSaQwQ9v42ROub
1pwtQnOmbdMb1ROH13udUaXIz7l38AFWqd0cNAOTe7rq5qQHnjdNnkq4lH8zwT6G
RJbsatEx2qjERA6fKNDnIu7yhMPgQ6N6uO/uMIH2XmJi1/tKEgISQjYHuwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFG5uwRgqGo183o20LBXVDEM3BZAmMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2JmN2RmY2Y4LWJhMGMtNDdlOS04ZGRiLTZhNmQ4ZWM3MDQxMi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaoMgwDQYJKoZIhvcNAQELBQADggEBAMeGwYFLnh0SG1LmB7Zf
yhe1RsgUrUelrSICmwN9pf+pgIdLd8y28JLdExbu+WTd1LbaQx3CtK0zpXpJ5Ymk
gU01m4U6eX5/8O8U4yDGNhmlGps+D+SCw6iuQLHj+EMvvsencnz8cZdJcvZngyJL
q2FNudM7MS2TP3CTcLCoHQqsmLVkHXZqjXW0TCI2walCi8MuWYurbVR6Pt1sB/0p
Qm7+pSD+2H9LRwIXiJ3IBmKboX9c5XW8dfYlkNR/5U65DUbv56soZ37jHf2SC/Oz
wCkyUpXgSw7nWUBdOnsZkqsj5TcdSYPDwJ+BJ3JSNq1T22b10GLAdKVkZ1rNDlZD
e0k=
-----END CERTIFICATE-----