Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/bfce63b8-442d-44cb-a2b7-1b70800b70cf.roa
File:                     bfce63b8-442d-44cb-a2b7-1b70800b70cf.roa (raw, json)
Hash identifier:          TvDO46w2xs4CL7MuhiVYnF2K1JblBPF8piCHUB04aXg=
Subject key identifier:   CF:80:67:31:8A:2C:7C:D5:2B:98:F0:6E:4E:81:B7:64:C9:8F:26:95
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       4F087C575B42A43435D2EA5E2628C67D1424ADD3
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/bfce63b8-442d-44cb-a2b7-1b70800b70cf.roa
Signing time:             Fri 10 Jan 2025 00:00:00 +0000
ROA not before:           Fri 10 Jan 2025 00:00:00 +0000
ROA not after:            Fri 14 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dab9:2800::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:08:7c:57:5b:42:a4:34:35:d2:ea:5e:26:28:c6:7d:14:24:ad:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan 10 00:00:00 2025 GMT
            Not After : Feb 14 23:59:59 2025 GMT
        Subject: serialNumber=d9112d5ea1ef67dc89f570b8c6f7e00e92e437da13f42655c269bf07399e466f, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:46:d1:ad:81:03:0f:6f:5d:5d:81:64:d4:bc:
                    bd:38:df:12:35:29:44:94:33:ea:ad:09:60:46:47:
                    9b:59:77:59:9f:54:40:68:29:77:25:51:00:fe:49:
                    07:f6:52:ff:3d:28:88:13:4f:f1:e5:bd:60:ba:86:
                    20:40:d6:b5:39:00:3e:8c:2c:34:23:30:ae:f5:07:
                    77:8b:dd:9d:55:5a:e7:5e:94:53:40:01:1c:a9:18:
                    d5:45:76:71:e0:a5:9a:a8:d1:41:d7:ec:c1:0c:57:
                    3c:8c:b0:35:11:01:28:4f:e7:50:e8:af:4d:ef:58:
                    e2:e2:c4:2a:e6:70:ed:70:97:96:b0:c5:73:81:cb:
                    f0:e7:72:f7:91:aa:d5:a2:ee:84:73:a5:91:bd:e4:
                    a9:b2:34:65:2f:cb:e7:d1:1b:9e:65:03:38:79:16:
                    f4:7f:14:48:7e:38:1d:c5:8e:36:52:9e:32:ce:dd:
                    ce:52:02:a0:54:2e:d8:56:66:54:1f:ff:dd:5e:c2:
                    2b:ef:4d:32:ae:44:e9:66:b4:07:de:17:7b:87:75:
                    ed:5e:b8:61:60:7b:8c:b7:91:f9:0c:21:86:17:80:
                    54:af:7a:6a:4a:7f:b5:ae:3f:2d:97:49:a3:fb:11:
                    cd:3d:34:41:bf:2d:13:0c:d5:fd:5b:53:1d:5e:b4:
                    30:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:80:67:31:8A:2C:7C:D5:2B:98:F0:6E:4E:81:B7:64:C9:8F:26:95
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/bfce63b8-442d-44cb-a2b7-1b70800b70cf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dab9:2800::/40

    Signature Algorithm: sha256WithRSAEncryption
         be:3b:38:41:4a:c2:26:58:88:34:8e:ec:61:54:8a:12:6f:d8:
         b0:5e:a2:36:28:1f:0d:44:a0:00:e9:82:3c:d9:e3:c3:e0:7d:
         be:7f:4a:06:29:9d:93:e1:2b:fe:5b:14:63:32:58:76:06:2e:
         c6:1d:31:61:44:38:fc:88:dc:10:09:d8:0e:80:cb:52:1c:a6:
         01:be:df:43:db:54:4a:54:f5:96:80:cb:12:42:49:a6:17:f7:
         b0:60:ad:89:40:e0:16:8c:c1:cc:0e:11:f2:d4:b4:36:d0:54:
         ba:2f:39:88:e8:04:54:07:64:3a:3d:c0:15:ce:c6:16:42:19:
         62:5c:f9:b2:98:a3:52:53:f5:99:83:be:a4:a8:1d:9a:9d:f7:
         7a:4e:70:46:5d:fb:ac:3a:d8:9a:b7:34:83:2f:ba:3e:d9:2c:
         bb:24:f9:47:f9:15:95:4a:bb:3c:ac:9b:70:aa:71:86:d1:92:
         17:40:fc:fc:a9:3c:b3:39:2d:6d:0b:88:46:68:bf:80:66:4b:
         3b:ca:4b:fd:41:33:48:af:94:b5:e1:10:87:82:71:f5:d0:de:
         a0:c4:32:5d:b7:c0:e5:4b:46:d5:44:5a:22:19:85:e5:29:61:
         28:1f:16:4c:55:f2:68:ee:c5:28:06:cb:99:a7:7a:f4:a3:b4:
         a9:61:7a:8e
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUTwh8V1tCpDQ10upeJijGfRQkrdMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDExMDAwMDAwMFoX
DTI1MDIxNDIzNTk1OVowejFJMEcGA1UEBRNAZDkxMTJkNWVhMWVmNjdkYzg5ZjU3
MGI4YzZmN2UwMGU5MmU0MzdkYTEzZjQyNjU1YzI2OWJmMDczOTllNDY2ZjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy0bRrYEDD29dXYFk1Ly9ON8SNSlE
lDPqrQlgRkebWXdZn1RAaCl3JVEA/kkH9lL/PSiIE0/x5b1guoYgQNa1OQA+jCw0
IzCu9Qd3i92dVVrnXpRTQAEcqRjVRXZx4KWaqNFB1+zBDFc8jLA1EQEoT+dQ6K9N
71ji4sQq5nDtcJeWsMVzgcvw53L3karVou6Ec6WRveSpsjRlL8vn0RueZQM4eRb0
fxRIfjgdxY42Up4yzt3OUgKgVC7YVmZUH//dXsIr700yrkTpZrQH3hd7h3XtXrhh
YHuMt5H5DCGGF4BUr3pqSn+1rj8tl0mj+xHNPTRBvy0TDNX9W1MdXrQwdQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFM+AZzGKLHzVK5jwbk6Bt2TJjyaVMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2JmY2U2M2I4LTQ0MmQtNDRjYi1hMmI3LTFiNzA4MDBiNzBjZi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbauSgwDQYJKoZIhvcNAQELBQADggEBAL47OEFKwiZYiDSO7GFU
ihJv2LBeojYoHw1EoADpgjzZ48Pgfb5/SgYpnZPhK/5bFGMyWHYGLsYdMWFEOPyI
3BAJ2A6Ay1IcpgG+30PbVEpU9ZaAyxJCSaYX97BgrYlA4BaMwcwOEfLUtDbQVLov
OYjoBFQHZDo9wBXOxhZCGWJc+bKYo1JT9ZmDvqSoHZqd93pOcEZd+6w62Jq3NIMv
uj7ZLLsk+Uf5FZVKuzysm3CqcYbRkhdA/PypPLM5LW0LiEZov4BmSzvKS/1BM0iv
lLXhEIeCcfXQ3qDEMl23wOVLRtVEWiIZheUpYSgfFkxV8mjuxSgGy5mnevSjtKlh
eo4=
-----END CERTIFICATE-----