Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/da917d8a-5f87-4b60-9a74-a3a380e8de88.roa
File:                     da917d8a-5f87-4b60-9a74-a3a380e8de88.roa (raw, json)
Hash identifier:          JeIQCyrjIX/Bh7CzJD2mjtLwycDELPhqVlUQEk6+3ME=
Subject key identifier:   0B:8A:2C:9D:93:32:61:39:BB:97:40:7E:8F:4F:03:BB:7C:D3:AC:44
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       2C307A2FD4848BAF39775FCAD6B68BA549E64A9C
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/da917d8a-5f87-4b60-9a74-a3a380e8de88.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daff:c020::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:30:7a:2f:d4:84:8b:af:39:77:5f:ca:d6:b6:8b:a5:49:e6:4a:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=663682e22b8c2ccb82e8220f1a13a23de2b349797bb95cf32311998f80a64189, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:f1:25:94:27:dc:a3:49:82:a4:77:38:44:53:
                    6c:68:04:5a:7b:87:a6:ae:29:3a:e4:b6:9f:18:16:
                    4c:e4:4b:9d:67:8e:03:23:51:be:b1:83:d7:a5:95:
                    f0:1e:02:49:8c:f4:0f:a7:a2:bc:fd:c7:0d:d6:5d:
                    fe:f0:14:e5:ad:92:86:6f:d3:1f:0a:97:b8:74:be:
                    8a:11:7d:09:53:51:eb:c9:fa:af:1f:f2:5d:10:08:
                    b4:4e:7b:c4:85:66:5e:bd:46:39:5c:31:f8:c7:04:
                    51:d0:c9:bf:df:b0:8d:9f:13:da:f7:a4:2b:9c:10:
                    e4:85:23:52:1c:ff:a2:45:92:6a:df:e1:df:d1:a7:
                    3a:de:bd:de:dd:dc:3b:60:52:23:3a:e0:a4:cd:17:
                    92:e1:91:08:8b:56:4d:4c:c2:6d:18:f9:cb:97:c1:
                    6f:7d:04:79:50:06:e3:2b:9e:9d:ea:2e:ea:e4:0d:
                    e0:8e:d3:eb:3b:2c:41:0b:2a:62:ee:e4:06:57:59:
                    02:25:d3:e0:a3:02:38:ea:87:0b:49:df:b9:bf:3e:
                    21:11:b8:af:1b:8a:09:a2:21:8d:fb:d2:67:f0:59:
                    c3:5a:13:6b:25:86:27:8b:9b:b6:0f:a8:00:5e:61:
                    dd:11:15:bf:f0:b3:08:3c:fb:30:26:d0:d9:36:e0:
                    71:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:8A:2C:9D:93:32:61:39:BB:97:40:7E:8F:4F:03:BB:7C:D3:AC:44
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/da917d8a-5f87-4b60-9a74-a3a380e8de88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daff:c020::/48

    Signature Algorithm: sha256WithRSAEncryption
         99:95:b5:65:3c:bd:8d:11:41:a9:e6:04:a8:8c:25:b9:ad:e6:
         37:63:db:38:3f:83:5f:6a:4d:cb:fb:70:ac:2e:1b:7f:9a:eb:
         8a:b5:c1:c2:cd:18:13:af:af:df:c1:dc:c9:87:b0:af:76:6d:
         4f:6f:5d:30:3a:8f:92:6d:ae:22:35:2f:7c:99:a2:a5:e6:f9:
         bc:31:59:63:a8:51:5e:ec:0d:a8:13:85:d9:d9:64:56:44:61:
         ce:79:58:05:73:e2:fb:3b:bf:24:4d:8c:27:8b:df:6c:52:05:
         17:be:81:4c:19:60:6d:f0:d6:b6:fa:5e:bc:ea:0c:a8:b3:d7:
         be:ef:7f:2f:4c:88:df:78:7e:76:ea:8f:4f:1b:28:e1:90:5b:
         e0:aa:ef:c1:36:de:76:db:62:b6:71:55:2b:b1:c3:12:d4:d0:
         86:4e:27:4b:53:cc:f4:61:0b:27:f5:01:75:42:47:38:ea:08:
         27:db:4f:f5:74:1d:2c:0b:ec:9d:18:52:2c:73:b5:b6:fb:d5:
         c9:db:fd:95:c3:5d:1d:8e:a1:f1:c7:b7:b4:b1:96:d2:d8:af:
         2d:6f:12:a0:26:16:1e:db:0e:ea:b5:ac:7b:e5:17:71:3b:bc:
         78:0a:8d:b6:72:ac:71:aa:bd:ce:01:66:ca:49:a1:1b:19:dd:
         f6:a6:fe:6b
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIULDB6L9SEi685d1/K1raLpUnmSpwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNANjYzNjgyZTIyYjhjMmNjYjgyZTgy
MjBmMWExM2EyM2RlMmIzNDk3OTdiYjk1Y2YzMjMxMTk5OGY4MGE2NDE4OTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9PEllCfco0mCpHc4RFNsaARae4em
rik65LafGBZM5EudZ44DI1G+sYPXpZXwHgJJjPQPp6K8/ccN1l3+8BTlrZKGb9Mf
Cpe4dL6KEX0JU1HryfqvH/JdEAi0TnvEhWZevUY5XDH4xwRR0Mm/37CNnxPa96Qr
nBDkhSNSHP+iRZJq3+Hf0ac63r3e3dw7YFIjOuCkzReS4ZEIi1ZNTMJtGPnLl8Fv
fQR5UAbjK56d6i7q5A3gjtPrOyxBCypi7uQGV1kCJdPgowI46ocLSd+5vz4hEbiv
G4oJoiGN+9Jn8FnDWhNrJYYni5u2D6gAXmHdERW/8LMIPPswJtDZNuBxTQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFAuKLJ2TMmE5u5dAfo9PA7t806xEMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2RhOTE3ZDhhLTVmODctNGI2MC05YTc0LWEzYTM4MGU4ZGU4OC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAba/8AgMA0GCSqGSIb3DQEBCwUAA4IBAQCZlbVlPL2NEUGp5gSo
jCW5reY3Y9s4P4Nfak3L+3CsLht/muuKtcHCzRgTr6/fwdzJh7Cvdm1Pb10wOo+S
ba4iNS98maKl5vm8MVljqFFe7A2oE4XZ2WRWRGHOeVgFc+L7O78kTYwni99sUgUX
voFMGWBt8Na2+l686gyos9e+738vTIjfeH526o9PGyjhkFvgqu/BNt5222K2cVUr
scMS1NCGTidLU8z0YQsn9QF1Qkc46ggn20/1dB0sC+ydGFIsc7W2+9XJ2/2Vw10d
jqHxx7e0sZbS2K8tbxKgJhYe2w7qtax75RdxO7x4Co22cqxxqr3OAWbKSaEbGd32
pv5r
-----END CERTIFICATE-----