Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ca60f0d8-b8b0-46a0-b18c-364b59f290a2.roa
File:                     ca60f0d8-b8b0-46a0-b18c-364b59f290a2.roa (raw, json)
Hash identifier:          sn5+ulOVeJV0HeddN8H52n2mhoyFWY0yMw6np5W1RRg=
Subject key identifier:   6F:05:60:8F:BB:0F:9D:BE:9A:07:EE:79:11:A8:A3:07:08:F7:49:2F
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       28F5CDF911CE0E5DFC892FF1B3303D5A5C33C12E
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ca60f0d8-b8b0-46a0-b18c-364b59f290a2.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf7:2840::/46 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:f5:cd:f9:11:ce:0e:5d:fc:89:2f:f1:b3:30:3d:5a:5c:33:c1:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=cac55492be1e8a1eb79345038395ce51620f165ffe43e1eb0f211b6ae3929f0f, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:64:a6:f4:f4:1b:f4:d7:67:af:47:ed:2e:3d:
                    0d:02:cd:ed:7a:5f:72:4b:4c:aa:7a:a3:14:21:5d:
                    f9:d4:45:3f:25:5d:f3:03:4b:e5:5d:cd:a1:07:b1:
                    5b:2e:62:ad:d5:81:1a:93:90:1d:0b:6a:46:a6:c8:
                    36:90:9d:74:10:c1:48:f0:67:c9:02:12:cd:76:62:
                    9b:d7:63:9e:97:25:ef:2d:8c:7e:63:5f:19:6b:a0:
                    c2:9d:fe:56:5a:15:76:c8:49:96:dc:40:57:fa:97:
                    bd:a1:9b:87:cd:a6:77:17:35:e7:e1:13:46:b7:76:
                    06:da:30:9b:4e:ef:d0:04:9c:d3:d0:f1:46:5c:72:
                    76:9e:14:1d:2b:02:8d:ec:27:9a:bf:c4:6d:24:01:
                    85:50:80:e5:99:1d:fe:63:f9:66:07:0b:05:3d:58:
                    87:7c:0e:83:e7:c3:b7:5e:58:ce:dc:42:a1:ab:cc:
                    0b:f2:8e:f4:23:b3:bc:22:71:98:7f:3a:bb:19:54:
                    4f:81:cd:12:75:ab:7a:5d:6d:86:e7:b4:5d:4d:45:
                    52:54:f9:12:d4:42:6e:73:7c:c3:50:fb:f8:6c:98:
                    a5:9c:9d:8c:42:40:27:fd:b9:fe:a2:96:6b:be:00:
                    dd:b4:42:e7:31:c8:af:6e:3b:99:bd:fb:fe:5c:79:
                    1a:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:05:60:8F:BB:0F:9D:BE:9A:07:EE:79:11:A8:A3:07:08:F7:49:2F
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ca60f0d8-b8b0-46a0-b18c-364b59f290a2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf7:2840::/46

    Signature Algorithm: sha256WithRSAEncryption
         61:bc:35:62:6b:30:77:0d:31:15:a8:41:ac:40:25:5b:5f:63:
         00:3e:14:f6:9f:43:50:bd:32:f6:01:3c:8b:b5:20:b3:a4:2d:
         d8:7f:9b:2e:c1:8e:f2:c7:1d:f6:46:c6:63:2f:0c:da:98:3c:
         b2:e8:c5:fc:bf:0d:fd:d5:2f:61:20:3e:c3:d0:da:1c:fa:04:
         27:9a:ce:66:1e:2a:af:ca:fc:c1:ac:0d:5c:86:e2:77:dd:0a:
         6a:1b:04:ea:14:b7:ec:46:0b:b3:89:e4:3d:ca:e9:4d:d0:1b:
         9e:ec:6f:1b:f5:2c:7a:be:44:3a:6d:fb:c2:bf:49:c5:cf:8a:
         da:43:73:b0:03:86:15:33:96:0a:96:4b:2e:35:f0:01:0b:19:
         6f:f2:7e:45:6a:cd:e8:4b:4f:75:2e:8b:2f:8a:a6:55:d7:b5:
         a8:0b:c7:50:db:39:52:44:f8:76:f8:91:4d:cf:2f:a2:49:0b:
         74:1d:ef:60:fc:4b:dc:4e:e2:f1:31:b7:bc:c9:9e:d3:25:7a:
         fb:08:8d:a5:7f:02:41:c6:f2:56:08:22:11:6b:83:95:e9:61:
         7a:0e:cc:7a:5b:3a:3a:8e:31:14:b4:a9:ce:aa:fe:75:a1:56:
         ae:56:92:d2:a0:30:f1:ff:04:61:43:e8:c2:2e:72:41:00:84:
         3d:48:1e:8b
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUKPXN+RHODl38iS/xszA9WlwzwS4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNAY2FjNTU0OTJiZTFlOGExZWI3OTM0
NTAzODM5NWNlNTE2MjBmMTY1ZmZlNDNlMWViMGYyMTFiNmFlMzkyOWYwZjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtGSm9PQb9Ndnr0ftLj0NAs3tel9y
S0yqeqMUIV351EU/JV3zA0vlXc2hB7FbLmKt1YEak5AdC2pGpsg2kJ10EMFI8GfJ
AhLNdmKb12OelyXvLYx+Y18Za6DCnf5WWhV2yEmW3EBX+pe9oZuHzaZ3FzXn4RNG
t3YG2jCbTu/QBJzT0PFGXHJ2nhQdKwKN7Ceav8RtJAGFUIDlmR3+Y/lmBwsFPViH
fA6D58O3XljO3EKhq8wL8o70I7O8InGYfzq7GVRPgc0Sdat6XW2G57RdTUVSVPkS
1EJuc3zDUPv4bJilnJ2MQkAn/bn+opZrvgDdtELnMcivbjuZvfv+XHkaUQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFG8FYI+7D52+mgfueRGoowcI90kvMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2NhNjBmMGQ4LWI4YjAtNDZhMC1iMThjLTM2NGI1OWYyOTBhMi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcCJAba9yhAMA0GCSqGSIb3DQEBCwUAA4IBAQBhvDViazB3DTEVqEGs
QCVbX2MAPhT2n0NQvTL2ATyLtSCzpC3Yf5suwY7yxx32RsZjLwzamDyy6MX8vw39
1S9hID7D0Noc+gQnms5mHiqvyvzBrA1chuJ33QpqGwTqFLfsRguzieQ9yulN0Bue
7G8b9Sx6vkQ6bfvCv0nFz4raQ3OwA4YVM5YKlksuNfABCxlv8n5Fas3oS091Losv
iqZV17WoC8dQ2zlSRPh2+JFNzy+iSQt0He9g/EvcTuLxMbe8yZ7TJXr7CI2lfwJB
xvJWCCIRa4OV6WF6Dsx6Wzo6jjEUtKnOqv51oVauVpLSoDDx/wRhQ+jCLnJBAIQ9
SB6L
-----END CERTIFICATE-----