Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c0d4438c-48d3-4e79-8a64-d15a4521eb7b.roa
File:                     c0d4438c-48d3-4e79-8a64-d15a4521eb7b.roa (raw, json)
Hash identifier:          x2X2/wwEQnfVR2QaAsoGqWllTMZrzLNIkb+jPQWlP8I=
Subject key identifier:   AB:C0:C4:A8:4F:0E:B3:C2:A5:1A:26:C0:6A:B2:78:00:F3:AA:5E:0E
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       4D2B19FE586ACC318CBA12127ABBA3C8B0A4D104
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c0d4438c-48d3-4e79-8a64-d15a4521eb7b.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf2:800::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:2b:19:fe:58:6a:cc:31:8c:ba:12:12:7a:bb:a3:c8:b0:a4:d1:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=c8ded415d37cd5843ca204b4ac75445ca30a048ed2b5fbeb85309103e35dc78b, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:04:0f:14:cb:8a:28:28:59:8c:91:c3:67:f5:
                    d3:9e:fb:d6:9a:0c:e5:8f:61:2f:e3:c5:e4:69:61:
                    8c:38:c7:b0:4c:0b:d4:51:1d:a6:20:4c:5d:60:1c:
                    9c:c1:95:3e:c0:56:2d:33:71:f3:1b:d5:dc:d7:39:
                    a0:4b:6e:22:ae:6e:ab:b2:0e:8e:40:ef:12:51:a8:
                    21:1d:88:ea:96:82:d1:3a:d4:10:3a:f0:e4:c7:77:
                    60:45:e0:3a:8d:9a:96:8e:87:1f:a2:97:e3:a0:af:
                    9e:9c:ae:fe:1b:28:5e:f9:f1:97:54:a7:d8:cd:e4:
                    5f:5b:97:a6:d2:99:cf:79:24:73:2b:e8:43:7a:74:
                    a9:35:64:90:bd:04:3c:87:38:b7:c8:bd:a5:cf:9f:
                    1d:17:77:8d:a0:a9:fc:35:4c:87:f8:84:89:4f:57:
                    f6:27:28:9f:a6:dc:8b:bc:a6:e7:0c:22:32:34:89:
                    fe:4e:b7:11:e8:27:f6:8c:6e:7f:17:ab:b5:fa:00:
                    2f:67:1c:02:03:b2:6b:2a:5c:20:93:f0:e5:ba:d0:
                    27:fe:99:14:f3:44:2e:fe:6f:ec:41:0a:57:81:5d:
                    b5:16:aa:ee:ba:bb:bb:44:55:d7:fb:d7:08:ce:18:
                    9b:df:43:f1:4a:84:3f:a4:e8:b8:3f:2c:6b:16:7c:
                    48:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:C0:C4:A8:4F:0E:B3:C2:A5:1A:26:C0:6A:B2:78:00:F3:AA:5E:0E
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c0d4438c-48d3-4e79-8a64-d15a4521eb7b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf2:800::/40

    Signature Algorithm: sha256WithRSAEncryption
         bb:8d:e3:f4:4d:c5:15:a3:68:f9:f7:2b:e2:78:59:26:28:38:
         95:7d:34:e9:5b:bc:0d:04:ef:6b:7b:2b:3f:c6:52:06:b3:1b:
         bf:68:99:0f:1d:2e:0f:64:45:bb:c0:e5:25:84:60:5b:e1:c7:
         f3:5e:e5:74:37:58:76:a4:fc:7f:d8:ae:71:2b:85:b2:09:a4:
         a6:fe:42:fa:40:ba:bb:ab:ed:d6:95:ab:55:a1:60:11:46:98:
         01:a2:79:7a:e4:de:76:3c:37:55:2c:24:6c:56:35:3a:62:15:
         eb:7a:08:23:fa:64:92:ee:92:9e:60:f6:88:7e:7f:d9:94:bc:
         ff:c9:44:24:c2:15:bb:82:fc:06:bc:b9:35:77:3b:ae:3a:db:
         97:3f:c3:3d:02:69:bc:97:d1:12:aa:66:da:9a:1e:40:a1:82:
         af:91:ca:8e:d2:19:0b:42:e4:98:d7:20:0a:84:1c:b3:32:46:
         30:c5:25:f0:1c:92:37:c4:cc:6f:05:3b:e0:27:b5:94:6d:be:
         c3:39:b5:0b:ff:70:b0:52:e1:0e:0b:0e:d0:b0:9b:8a:76:33:
         8b:bf:fb:8a:3b:ef:e8:38:0e:2f:e0:87:59:df:6c:6f:5f:22:
         5d:05:f4:1c:1e:b6:77:ca:8b:4d:81:e2:eb:c9:87:aa:1a:e2:
         23:3e:5a:ad
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUTSsZ/lhqzDGMuhISerujyLCk0QQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNAYzhkZWQ0MTVkMzdjZDU4NDNjYTIw
NGI0YWM3NTQ0NWNhMzBhMDQ4ZWQyYjVmYmViODUzMDkxMDNlMzVkYzc4YjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwQPFMuKKChZjJHDZ/XTnvvWmgzl
j2Ev48XkaWGMOMewTAvUUR2mIExdYBycwZU+wFYtM3HzG9Xc1zmgS24irm6rsg6O
QO8SUaghHYjqloLROtQQOvDkx3dgReA6jZqWjocfopfjoK+enK7+Gyhe+fGXVKfY
zeRfW5em0pnPeSRzK+hDenSpNWSQvQQ8hzi3yL2lz58dF3eNoKn8NUyH+ISJT1f2
JyifptyLvKbnDCIyNIn+TrcR6Cf2jG5/F6u1+gAvZxwCA7JrKlwgk/DlutAn/pkU
80Qu/m/sQQpXgV21Fqruuru7RFXX+9cIzhib30PxSoQ/pOi4PyxrFnxIswIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFKvAxKhPDrPCpRomwGqyeADzql4OMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2MwZDQ0MzhjLTQ4ZDMtNGU3OS04YTY0LWQxNWE0NTIxZWI3Yi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba8ggwDQYJKoZIhvcNAQELBQADggEBALuN4/RNxRWjaPn3K+J4
WSYoOJV9NOlbvA0E72t7Kz/GUgazG79omQ8dLg9kRbvA5SWEYFvhx/Ne5XQ3WHak
/H/YrnErhbIJpKb+QvpAurur7daVq1WhYBFGmAGieXrk3nY8N1UsJGxWNTpiFet6
CCP6ZJLukp5g9oh+f9mUvP/JRCTCFbuC/Aa8uTV3O64625c/wz0CabyX0RKqZtqa
HkChgq+Ryo7SGQtC5JjXIAqEHLMyRjDFJfAckjfEzG8FO+AntZRtvsM5tQv/cLBS
4Q4LDtCwm4p2M4u/+4o77+g4Di/gh1nfbG9fIl0F9BwetnfKi02B4uvJh6oa4iM+
Wq0=
-----END CERTIFICATE-----