Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ce7f13e7-1cae-47ba-9006-841a4d4d9e51.roa
File:                     ce7f13e7-1cae-47ba-9006-841a4d4d9e51.roa (raw, json)
Hash identifier:          jcgsOvLqTz485IJj5XvVrdsRAwUKBFz7QEHl/SVgNmE=
Subject key identifier:   3A:64:15:D6:A7:A6:B2:35:2E:01:D8:2B:45:98:B0:49:DA:6F:73:C0
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       0A60A8B8BE8F30E839105E65DE34A2CF65628FDB
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ce7f13e7-1cae-47ba-9006-841a4d4d9e51.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da69:9040::/46 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:60:a8:b8:be:8f:30:e8:39:10:5e:65:de:34:a2:cf:65:62:8f:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=76124339871d6e6dfadf72e838d4ea2361f2a61170de610769528bb61e47860e, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:69:41:5a:b8:95:f0:c3:f8:8e:dd:eb:79:6f:
                    e0:0d:5d:1b:a2:dd:a5:d9:20:9b:3a:14:d5:07:45:
                    30:04:ef:0a:95:85:b4:23:33:9b:1e:fc:d9:2f:14:
                    21:21:f0:1f:b5:0c:df:06:f2:c1:08:06:b0:bf:b1:
                    ea:74:3b:1e:16:fb:07:26:ba:28:a3:96:d2:f7:68:
                    cf:b5:60:d9:f6:9d:7d:2f:60:87:1f:1c:f9:07:a1:
                    53:ad:35:ce:e1:e0:cf:56:b1:c2:e9:66:37:9c:44:
                    7e:ef:6d:fa:09:e6:d0:fa:35:71:d5:d0:13:5c:6e:
                    b9:31:7a:c7:6f:09:50:e8:e4:10:bf:03:87:70:3c:
                    be:d9:33:ef:9c:9c:a8:19:6e:52:62:a4:bc:28:bf:
                    d4:59:1a:cd:4d:14:20:50:71:7a:5f:bb:19:e8:94:
                    1b:a5:51:9c:54:c0:76:fe:16:12:48:58:c9:b5:f3:
                    38:3f:c6:19:08:be:12:40:a0:58:8b:35:f5:0b:4b:
                    a0:50:07:78:17:1a:83:a4:19:5f:53:fd:84:68:df:
                    1c:aa:d2:5e:b7:bf:3c:61:62:b3:b9:06:8b:54:c2:
                    b2:b7:87:38:cd:8f:ec:25:0f:1a:03:6d:da:a2:72:
                    26:cf:47:ed:8b:0c:96:53:56:42:d8:62:a2:35:58:
                    7e:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:64:15:D6:A7:A6:B2:35:2E:01:D8:2B:45:98:B0:49:DA:6F:73:C0
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ce7f13e7-1cae-47ba-9006-841a4d4d9e51.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da69:9040::/46

    Signature Algorithm: sha256WithRSAEncryption
         b6:0f:9f:1e:c1:0e:b4:17:04:be:24:4d:df:51:78:14:41:87:
         35:7b:55:aa:9e:a5:58:35:51:79:c6:71:6f:c2:8c:cf:15:32:
         8b:dd:b6:d3:2e:d9:7a:7f:af:65:0d:2b:42:d8:bf:44:6a:b1:
         af:c9:4f:8b:5c:30:6d:f5:c5:4f:14:3e:b5:34:0a:36:63:b2:
         a9:7a:df:72:e7:04:29:e6:a8:9e:a5:5c:a2:bb:c5:43:fd:de:
         41:45:85:22:c2:5c:91:fe:2b:41:1e:b7:59:ae:68:2b:64:f3:
         3f:52:61:06:28:3b:48:3e:7e:e2:c5:0e:a3:44:ab:1e:d0:7c:
         b5:9f:3e:35:32:a2:b0:db:d6:74:5a:7d:03:ed:ad:5c:ec:64:
         b7:61:9f:b7:ba:cc:ed:98:fd:75:84:2a:23:16:1b:e4:1d:b4:
         7f:ec:6c:97:32:fd:b6:4c:d1:08:3d:90:a2:f9:fc:d2:87:23:
         e8:3b:82:c7:15:27:4f:39:a5:02:4b:ee:fd:e0:fd:98:41:34:
         6c:39:82:4c:b6:4b:03:10:94:b7:82:0a:04:77:a9:13:5f:5d:
         2f:9c:1b:49:75:6f:11:bb:dc:0e:ce:1a:35:c0:97:f6:cb:2c:
         5e:ce:a7:e6:2e:45:16:a3:d7:52:2a:0e:c2:14:d6:e5:fb:c1:
         fc:1e:93:0f
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUCmCouL6PMOg5EF5l3jSiz2Vij9swDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNANzYxMjQzMzk4NzFkNmU2ZGZhZGY3
MmU4MzhkNGVhMjM2MWYyYTYxMTcwZGU2MTA3Njk1MjhiYjYxZTQ3ODYwZTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsmlBWriV8MP4jt3reW/gDV0bot2l
2SCbOhTVB0UwBO8KlYW0IzObHvzZLxQhIfAftQzfBvLBCAawv7HqdDseFvsHJroo
o5bS92jPtWDZ9p19L2CHHxz5B6FTrTXO4eDPVrHC6WY3nER+7236CebQ+jVx1dAT
XG65MXrHbwlQ6OQQvwOHcDy+2TPvnJyoGW5SYqS8KL/UWRrNTRQgUHF6X7sZ6JQb
pVGcVMB2/hYSSFjJtfM4P8YZCL4SQKBYizX1C0ugUAd4FxqDpBlfU/2EaN8cqtJe
t788YWKzuQaLVMKyt4c4zY/sJQ8aA23aonImz0ftiwyWU1ZC2GKiNVh+nQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFDpkFdanprI1LgHYK0WYsEnab3PAMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2NlN2YxM2U3LTFjYWUtNDdiYS05MDA2LTg0MWE0ZDRkOWU1MS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcCJAbaaZBAMA0GCSqGSIb3DQEBCwUAA4IBAQC2D58ewQ60FwS+JE3f
UXgUQYc1e1WqnqVYNVF5xnFvwozPFTKL3bbTLtl6f69lDStC2L9EarGvyU+LXDBt
9cVPFD61NAo2Y7Kpet9y5wQp5qiepVyiu8VD/d5BRYUiwlyR/itBHrdZrmgrZPM/
UmEGKDtIPn7ixQ6jRKse0Hy1nz41MqKw29Z0Wn0D7a1c7GS3YZ+3usztmP11hCoj
FhvkHbR/7GyXMv22TNEIPZCi+fzShyPoO4LHFSdPOaUCS+794P2YQTRsOYJMtksD
EJS3ggoEd6kTX10vnBtJdW8Ru9wOzho1wJf2yyxezqfmLkUWo9dSKg7CFNbl+8H8
HpMP
-----END CERTIFICATE-----