Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c278ba10-a775-457f-b937-d1ad74079081.roa
File:                     c278ba10-a775-457f-b937-d1ad74079081.roa (raw, json)
Hash identifier:          NRL/P1ipG5j4IRwLAQDsLDslntGziexevS+FrPhWhEU=
Subject key identifier:   D0:5C:53:EB:50:8E:1B:B8:A4:6C:38:93:14:A7:DA:ED:7C:6E:74:AC
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       64F4C2051FA2F29F18B46194E7DB84C5A11FFD5D
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c278ba10-a775-457f-b937-d1ad74079081.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafb:8800::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:f4:c2:05:1f:a2:f2:9f:18:b4:61:94:e7:db:84:c5:a1:1f:fd:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=e0cc771f31c03074153703031a8e3acc42da61c1da8914647cc063358e75047e, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:17:fb:f8:82:e5:21:c0:7a:23:49:08:42:27:
                    13:bc:32:33:b2:30:89:6a:07:90:d0:b2:1e:ba:03:
                    7b:da:e7:21:f3:c7:91:90:6f:7f:59:ab:73:e7:c0:
                    eb:ce:ee:3d:f2:b8:77:c6:23:c5:66:af:af:a6:97:
                    53:e0:22:26:13:ab:67:f2:7b:b2:5f:a1:cf:2c:29:
                    c5:28:a1:9f:10:26:f2:f4:3a:6d:e5:b2:45:10:b8:
                    c9:70:2b:68:6a:61:90:fc:03:ad:e7:c8:d6:75:2e:
                    62:ec:3a:f3:b8:a9:d6:8e:dc:4f:08:6e:03:cd:91:
                    3a:d6:d4:76:5f:20:70:f4:57:11:78:7c:32:3e:29:
                    4f:ee:6e:92:79:2a:47:2f:ad:9d:0e:e4:07:be:42:
                    2e:df:b6:68:04:d3:55:97:de:39:1d:7a:ba:fe:59:
                    9e:5e:ca:28:fd:1e:8b:62:8e:27:7e:8f:69:26:09:
                    27:18:c8:7b:fa:f8:a3:db:50:c6:5e:0a:06:96:b3:
                    67:98:c1:ea:ff:4a:7a:ff:89:e9:59:f8:0d:13:a7:
                    3a:74:c1:7e:67:50:d5:05:06:5a:34:f0:f8:c9:79:
                    00:2d:ea:51:a9:00:b0:9c:45:d5:70:56:8e:d4:80:
                    59:82:61:ab:c4:0f:67:cd:26:54:41:fe:85:34:92:
                    f7:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:5C:53:EB:50:8E:1B:B8:A4:6C:38:93:14:A7:DA:ED:7C:6E:74:AC
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c278ba10-a775-457f-b937-d1ad74079081.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafb:8800::/40

    Signature Algorithm: sha256WithRSAEncryption
         0c:db:1f:0d:84:2d:ed:4e:4b:fc:34:aa:58:92:fd:71:01:6a:
         90:37:80:eb:d0:d9:4a:9c:4d:d7:e2:5a:85:bb:bd:6d:05:f6:
         5f:6c:e0:46:4c:82:7f:6c:6d:1e:88:bc:2c:89:c8:25:af:8a:
         26:2d:49:b8:6b:91:a0:d2:52:82:36:e0:68:ba:be:4b:1d:a6:
         87:09:ac:e1:ff:de:ae:91:f4:da:56:40:36:de:9f:d9:0c:ef:
         0e:f7:4b:ae:39:84:20:65:24:30:12:d3:b9:47:bd:6e:2b:c7:
         11:41:56:2b:f3:b1:c2:4c:d2:a0:63:37:b1:04:be:b1:1d:41:
         05:fa:10:31:f7:38:59:c8:58:a3:3d:78:12:92:05:ab:89:e8:
         aa:86:50:e0:c6:a0:df:83:c6:60:c9:49:47:e9:39:6d:14:11:
         a9:cf:7b:8e:a9:17:c1:8e:7e:64:91:c3:98:1f:6e:dd:0f:5b:
         c9:e7:8b:74:2e:5d:6d:2b:24:49:83:7f:ab:5e:87:22:d7:a3:
         99:05:c5:de:8b:bd:ae:31:28:22:82:cc:c9:f7:1a:d9:26:60:
         db:a4:67:59:82:30:e0:68:1b:dc:7b:c9:a0:40:c3:27:c5:db:
         e5:5e:3d:ae:7c:04:ea:7d:d4:9c:9a:48:da:ae:6b:e6:27:46:
         93:ec:4c:b3
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUZPTCBR+i8p8YtGGU59uExaEf/V0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNAZTBjYzc3MWYzMWMwMzA3NDE1Mzcw
MzAzMWE4ZTNhY2M0MmRhNjFjMWRhODkxNDY0N2NjMDYzMzU4ZTc1MDQ3ZTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Rf7+ILlIcB6I0kIQicTvDIzsjCJ
ageQ0LIeugN72uch88eRkG9/Watz58Drzu498rh3xiPFZq+vppdT4CImE6tn8nuy
X6HPLCnFKKGfECby9Dpt5bJFELjJcCtoamGQ/AOt58jWdS5i7DrzuKnWjtxPCG4D
zZE61tR2XyBw9FcReHwyPilP7m6SeSpHL62dDuQHvkIu37ZoBNNVl945HXq6/lme
Xsoo/R6LYo4nfo9pJgknGMh7+vij21DGXgoGlrNnmMHq/0p6/4npWfgNE6c6dMF+
Z1DVBQZaNPD4yXkALepRqQCwnEXVcFaO1IBZgmGrxA9nzSZUQf6FNJL3CwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFNBcU+tQjhu4pGw4kxSn2u18bnSsMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2MyNzhiYTEwLWE3NzUtNDU3Zi1iOTM3LWQxYWQ3NDA3OTA4MS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba+4gwDQYJKoZIhvcNAQELBQADggEBAAzbHw2ELe1OS/w0qliS
/XEBapA3gOvQ2UqcTdfiWoW7vW0F9l9s4EZMgn9sbR6IvCyJyCWviiYtSbhrkaDS
UoI24Gi6vksdpocJrOH/3q6R9NpWQDben9kM7w73S645hCBlJDAS07lHvW4rxxFB
VivzscJM0qBjN7EEvrEdQQX6EDH3OFnIWKM9eBKSBauJ6KqGUODGoN+DxmDJSUfp
OW0UEanPe46pF8GOfmSRw5gfbt0PW8nni3QuXW0rJEmDf6tehyLXo5kFxd6Lva4x
KCKCzMn3GtkmYNukZ1mCMOBoG9x7yaBAwyfF2+VePa58BOp91JyaSNqua+YnRpPs
TLM=
-----END CERTIFICATE-----