Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d51f6a86-d3e3-446c-a538-46f2a7e7724a.roa
File:                     d51f6a86-d3e3-446c-a538-46f2a7e7724a.roa (raw, json)
Hash identifier:          TMSnFaRy8MSqBgBf1Ci8CTAKb7jzcOvePk1XoURMSQg=
Subject key identifier:   4F:E7:4F:64:36:E3:B3:FF:46:07:59:03:9F:97:AD:C4:4B:B0:FF:99
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       14E4C1F7C5F303BFCF3FFFAC6AA6E8EEA4F30D23
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d51f6a86-d3e3-446c-a538-46f2a7e7724a.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da61:8880::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:e4:c1:f7:c5:f3:03:bf:cf:3f:ff:ac:6a:a6:e8:ee:a4:f3:0d:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=e659b3a742ecea4a2c59e3542d364d8fb98c63718cc18f5e8a6ac7ccae93d803, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:a7:ec:d1:f0:94:84:1e:bd:fa:e6:c1:e5:70:
                    ea:71:67:16:85:e6:8f:f6:13:df:ce:71:1e:3c:75:
                    5c:3d:62:1f:52:dd:9f:ad:88:61:5b:8c:46:02:94:
                    e6:a3:f2:70:1d:62:55:af:ed:16:d1:50:d2:ed:ea:
                    bc:a0:db:3c:bb:d6:9a:b5:34:6a:1a:d6:44:ec:31:
                    ec:01:5f:0b:a7:b5:4a:71:79:90:74:9a:2e:32:d3:
                    8a:ca:dd:0d:a2:af:26:64:33:37:e5:61:c1:dd:18:
                    d6:06:dd:3e:eb:70:40:80:d9:40:a8:b9:fa:ad:ce:
                    a1:9c:00:ef:8f:07:6b:fd:bd:02:37:35:be:02:8c:
                    e2:e4:fb:6d:de:18:a3:aa:8d:37:aa:55:c8:8b:95:
                    2a:0e:83:a0:00:1e:d6:52:1e:7e:43:9a:fd:fa:02:
                    c3:e3:ca:24:20:1e:a1:9f:55:3d:af:04:d3:54:28:
                    8a:29:1f:b8:b4:85:83:fc:4b:15:73:70:7d:5e:12:
                    80:5d:53:5b:05:8d:c3:ee:1d:c2:01:30:12:88:11:
                    ee:60:8b:da:84:06:c4:72:11:6d:92:42:18:fd:bf:
                    fd:c3:bc:12:64:9b:70:40:ad:54:9f:4e:f1:60:7f:
                    cd:92:8b:92:5c:6a:75:86:d6:54:64:f3:e8:7c:10:
                    a7:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:E7:4F:64:36:E3:B3:FF:46:07:59:03:9F:97:AD:C4:4B:B0:FF:99
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d51f6a86-d3e3-446c-a538-46f2a7e7724a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da61:8880::/48

    Signature Algorithm: sha256WithRSAEncryption
         2e:8b:6c:88:fb:7f:f6:74:86:31:e6:d0:dc:69:a0:a5:a7:9c:
         7a:7c:ee:03:18:3a:12:06:88:af:06:75:60:29:55:01:68:73:
         7a:1d:87:59:a7:7e:8b:98:03:25:00:48:65:15:0c:7f:a6:59:
         fe:2a:55:58:e9:f5:e4:c1:dc:e4:db:68:ea:aa:88:dc:94:f1:
         25:71:3a:4a:04:32:aa:88:4b:14:fe:ba:a6:85:22:19:b2:47:
         f7:ec:46:d9:b7:d3:f2:fc:4e:24:5b:a6:df:22:3e:42:55:ca:
         7e:7f:1d:39:b8:43:53:e9:3b:10:f8:42:4e:ad:4f:a1:9b:90:
         56:c1:c8:37:21:8c:69:2c:20:86:6a:7d:07:b7:d9:5c:1f:02:
         a1:c0:c7:71:45:f0:fc:4e:23:4a:d5:50:7b:81:9f:4d:0f:b1:
         7d:76:c4:8c:b0:e8:91:8f:5f:76:83:1f:99:be:8d:a3:3c:2d:
         a0:4c:2c:9c:98:d9:37:e4:8e:ec:80:28:10:58:7e:93:71:72:
         49:b8:ea:73:79:3d:f5:8c:0d:75:a3:89:9f:8c:a6:89:36:f6:
         d0:63:44:5a:03:3f:d0:e5:86:34:ae:82:de:74:7c:4e:1c:93:
         42:35:6e:5e:ad:c9:4e:38:06:e1:20:53:69:e2:ca:01:8c:ae:
         5d:24:8b:be
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUFOTB98XzA7/PP/+saqbo7qTzDSMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNAZTY1OWIzYTc0MmVjZWE0YTJjNTll
MzU0MmQzNjRkOGZiOThjNjM3MThjYzE4ZjVlOGE2YWM3Y2NhZTkzZDgwMzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvqfs0fCUhB69+ubB5XDqcWcWheaP
9hPfznEePHVcPWIfUt2frYhhW4xGApTmo/JwHWJVr+0W0VDS7eq8oNs8u9aatTRq
GtZE7DHsAV8Lp7VKcXmQdJouMtOKyt0Noq8mZDM35WHB3RjWBt0+63BAgNlAqLn6
rc6hnADvjwdr/b0CNzW+Aozi5Ptt3hijqo03qlXIi5UqDoOgAB7WUh5+Q5r9+gLD
48okIB6hn1U9rwTTVCiKKR+4tIWD/EsVc3B9XhKAXVNbBY3D7h3CATASiBHuYIva
hAbEchFtkkIY/b/9w7wSZJtwQK1Un07xYH/NkouSXGp1htZUZPPofBCneQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFE/nT2Q247P/RgdZA5+XrcRLsP+ZMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2Q1MWY2YTg2LWQzZTMtNDQ2Yy1hNTM4LTQ2ZjJhN2U3NzI0YS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAbaYYiAMA0GCSqGSIb3DQEBCwUAA4IBAQAui2yI+3/2dIYx5tDc
aaClp5x6fO4DGDoSBoivBnVgKVUBaHN6HYdZp36LmAMlAEhlFQx/pln+KlVY6fXk
wdzk22jqqojclPElcTpKBDKqiEsU/rqmhSIZskf37EbZt9Py/E4kW6bfIj5CVcp+
fx05uENT6TsQ+EJOrU+hm5BWwcg3IYxpLCCGan0Ht9lcHwKhwMdxRfD8TiNK1VB7
gZ9ND7F9dsSMsOiRj192gx+Zvo2jPC2gTCycmNk35I7sgCgQWH6TcXJJuOpzeT31
jA11o4mfjKaJNvbQY0RaAz/Q5YY0roLedHxOHJNCNW5erclOOAbhIFNp4soBjK5d
JIu+
-----END CERTIFICATE-----