Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d845b183-711b-4c94-b81c-1732651903fe.roa
File:                     d845b183-711b-4c94-b81c-1732651903fe.roa (raw, json)
Hash identifier:          osB4JBSNidmsBJuCmy2cFaVkeM7Dq7V4ZbMIeophk8Y=
Subject key identifier:   B5:C5:90:AC:62:47:BF:03:6F:58:09:D5:25:35:E8:52:DB:39:9C:6A
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       405BA4066BEA1EC4AA9AB1EBF5EC172C7E2B657C
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d845b183-711b-4c94-b81c-1732651903fe.roa
Signing time:             Fri 10 Jan 2025 00:00:00 +0000
ROA not before:           Fri 10 Jan 2025 00:00:00 +0000
ROA not after:            Fri 14 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf8:4800::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:5b:a4:06:6b:ea:1e:c4:aa:9a:b1:eb:f5:ec:17:2c:7e:2b:65:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan 10 00:00:00 2025 GMT
            Not After : Feb 14 23:59:59 2025 GMT
        Subject: serialNumber=d2312fc1e3e736f1bcfa39a99a28cc55995f56cef7e3d2402899ce782e3b180c, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:ac:8b:23:fc:aa:79:5b:ac:d8:05:46:58:99:
                    18:d9:4f:4c:51:f2:60:5a:f9:16:d3:23:d1:da:b7:
                    3f:b0:63:b7:ec:7e:d6:21:7f:0f:76:2d:ab:8f:cc:
                    6d:d8:dd:a2:08:08:75:8d:40:f4:29:76:ab:a3:e6:
                    e9:66:a8:77:6e:27:57:5a:c7:cb:0d:18:30:d7:9d:
                    77:86:be:f4:58:02:c8:bf:c3:4f:d0:a3:19:be:f5:
                    6b:c3:37:db:99:c0:17:ab:19:58:51:4a:d3:83:50:
                    fb:18:ff:6c:20:52:2a:fc:8d:d7:4c:f6:9a:b2:e6:
                    1a:f2:bc:47:76:d4:14:dd:ea:9c:65:35:67:ec:bc:
                    c4:cd:6d:e2:bd:e2:23:ae:9e:7b:74:04:f5:21:88:
                    0f:3a:0c:27:da:ef:77:ae:7d:a6:1d:ed:47:81:af:
                    5c:8c:37:56:97:d8:fa:51:a1:54:86:90:c7:50:c4:
                    13:03:f4:80:64:f8:52:75:2c:ea:6c:ed:89:91:ea:
                    e5:79:a0:b6:d2:be:2f:bb:28:c0:e0:40:9f:b8:67:
                    2a:30:7c:f4:19:93:9b:68:d7:2c:5d:ac:84:a3:e2:
                    36:62:32:e0:de:52:fd:50:9b:c0:bc:2c:cb:d0:9e:
                    59:49:ee:1d:8b:e3:27:e2:c2:e7:80:2e:ad:b8:c8:
                    2f:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:C5:90:AC:62:47:BF:03:6F:58:09:D5:25:35:E8:52:DB:39:9C:6A
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d845b183-711b-4c94-b81c-1732651903fe.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf8:4800::/40

    Signature Algorithm: sha256WithRSAEncryption
         96:33:86:05:20:1c:7f:f1:54:97:be:9b:b1:88:81:2d:2e:d1:
         a8:c9:52:57:8a:51:51:f6:7d:2c:a2:65:36:c8:83:b1:03:2c:
         5e:e5:03:de:59:48:3d:43:3f:83:d1:8f:5c:67:ce:74:5a:b9:
         86:3f:12:b0:52:78:62:7d:e4:3e:01:1c:46:7e:1b:c3:7c:4c:
         0c:87:d5:d1:d8:d6:5f:e8:ae:ff:fa:f7:c7:7d:03:6f:25:0b:
         80:9d:6d:e9:2c:7f:ed:c5:05:d2:a1:ce:78:2f:b9:f8:f1:04:
         de:31:d5:82:32:59:6e:65:4d:b3:6a:e0:67:da:c1:23:f7:91:
         b4:e5:61:90:53:14:8c:0c:6d:3b:30:e9:88:92:c4:e6:5e:9e:
         74:9b:75:88:4c:ed:92:45:cf:19:fb:92:cf:e5:d7:ee:b0:e1:
         ea:88:df:d0:6c:53:75:b6:73:3d:c2:5f:63:4a:c5:09:9b:20:
         69:81:c5:a1:65:63:53:33:80:4c:46:a3:98:43:36:5b:08:28:
         05:b2:40:b7:18:14:64:85:ce:bd:80:8f:20:ae:c3:f9:12:2e:
         17:dd:3a:c9:8b:69:91:07:a1:07:cb:ab:2e:98:df:b9:14:b5:
         18:b4:52:1b:d5:80:37:c4:77:08:ec:dc:1e:7a:d3:90:05:a1:
         9a:62:27:f7
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUQFukBmvqHsSqmrHr9ewXLH4rZXwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDExMDAwMDAwMFoX
DTI1MDIxNDIzNTk1OVowejFJMEcGA1UEBRNAZDIzMTJmYzFlM2U3MzZmMWJjZmEz
OWE5OWEyOGNjNTU5OTVmNTZjZWY3ZTNkMjQwMjg5OWNlNzgyZTNiMTgwYzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlayLI/yqeVus2AVGWJkY2U9MUfJg
WvkW0yPR2rc/sGO37H7WIX8Pdi2rj8xt2N2iCAh1jUD0KXaro+bpZqh3bidXWsfL
DRgw1513hr70WALIv8NP0KMZvvVrwzfbmcAXqxlYUUrTg1D7GP9sIFIq/I3XTPaa
suYa8rxHdtQU3eqcZTVn7LzEzW3iveIjrp57dAT1IYgPOgwn2u93rn2mHe1Hga9c
jDdWl9j6UaFUhpDHUMQTA/SAZPhSdSzqbO2JkerleaC20r4vuyjA4ECfuGcqMHz0
GZObaNcsXayEo+I2YjLg3lL9UJvAvCzL0J5ZSe4di+Mn4sLngC6tuMgvDQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFLXFkKxiR78Db1gJ1SU16FLbOZxqMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2Q4NDViMTgzLTcxMWItNGM5NC1iODFjLTE3MzI2NTE5MDNmZS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba+EgwDQYJKoZIhvcNAQELBQADggEBAJYzhgUgHH/xVJe+m7GI
gS0u0ajJUleKUVH2fSyiZTbIg7EDLF7lA95ZSD1DP4PRj1xnznRauYY/ErBSeGJ9
5D4BHEZ+G8N8TAyH1dHY1l/orv/698d9A28lC4Cdbeksf+3FBdKhzngvufjxBN4x
1YIyWW5lTbNq4GfawSP3kbTlYZBTFIwMbTsw6YiSxOZennSbdYhM7ZJFzxn7ks/l
1+6w4eqI39BsU3W2cz3CX2NKxQmbIGmBxaFlY1MzgExGo5hDNlsIKAWyQLcYFGSF
zr2AjyCuw/kSLhfdOsmLaZEHoQfLqy6Y37kUtRi0UhvVgDfEdwjs3B5605AFoZpi
J/c=
-----END CERTIFICATE-----