Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e6407dc4-19e1-4c8f-84db-a0c2389641d8.roa
File:                     e6407dc4-19e1-4c8f-84db-a0c2389641d8.roa (raw, json)
Hash identifier:          TGF7IyxopefS0f1hj6VxrTPfpDAEJx0sIsMl77RSfcA=
Subject key identifier:   B0:DB:0E:55:09:5D:91:1F:3B:55:28:ED:D1:FD:C4:55:CD:9C:55:54
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       7D5E177FCC298F7FEA1EA950971476117026F6C9
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e6407dc4-19e1-4c8f-84db-a0c2389641d8.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da61:6040::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:5e:17:7f:cc:29:8f:7f:ea:1e:a9:50:97:14:76:11:70:26:f6:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=af05c55193d3a2a98f6d42558565cb99e7d91dceeb20e6c3cea59617296fe1a4, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:98:64:47:1e:26:7f:ba:9e:00:b0:82:04:82:
                    7a:9f:5d:93:69:fb:ba:23:33:f0:55:66:75:07:f3:
                    d8:83:75:2a:02:dc:bf:bf:27:af:bf:f3:6b:a8:91:
                    39:25:9e:53:c1:9d:7d:4d:b4:60:d2:c8:f7:4b:1d:
                    7b:d8:5b:82:f1:fd:72:fd:eb:16:f2:8b:a6:fd:e4:
                    56:ce:99:1b:d3:8a:8f:91:81:75:53:89:62:6d:8e:
                    74:0f:1d:79:2a:d3:dc:a4:56:61:52:07:5f:d1:81:
                    b6:4c:8d:de:d5:6e:7c:87:94:43:82:d4:a0:bc:12:
                    84:67:1b:6f:ca:17:48:c2:07:b3:a2:63:6d:66:be:
                    ae:bc:ab:3f:80:ed:e9:d6:4f:d3:02:ed:9b:1a:80:
                    b0:31:87:7b:7a:e8:73:d3:2a:de:89:8d:3f:c7:24:
                    aa:43:40:a0:66:1f:62:df:13:6b:86:c0:55:a0:dc:
                    01:35:c2:d6:ee:5a:9f:90:02:34:fa:4a:06:3a:e8:
                    9a:40:57:da:8a:8f:29:02:1d:66:2b:0d:04:4c:e5:
                    33:ed:04:d9:a1:94:64:1f:b8:e0:f8:2e:0f:1b:8a:
                    f7:61:7b:7b:84:05:25:a7:06:49:a4:fa:eb:8a:6a:
                    89:3e:73:d6:5d:e8:f8:dd:76:4c:a3:31:65:5b:d0:
                    a1:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:DB:0E:55:09:5D:91:1F:3B:55:28:ED:D1:FD:C4:55:CD:9C:55:54
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e6407dc4-19e1-4c8f-84db-a0c2389641d8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da61:6040::/48

    Signature Algorithm: sha256WithRSAEncryption
         4d:c1:69:b7:f0:ed:55:b2:48:b1:79:9a:c9:81:93:ea:f4:85:
         68:64:5c:e3:99:92:5c:62:90:3a:38:04:94:90:8a:ca:48:30:
         f8:ac:41:34:2f:dd:4f:fa:b5:2c:64:eb:a5:a1:d4:fc:46:0c:
         75:fd:77:2d:bf:97:5d:09:cd:6a:3c:61:04:51:f2:ba:c5:42:
         a1:66:29:b3:a8:ec:f7:16:ca:36:6d:40:82:fc:c1:f9:d5:a3:
         0e:18:76:7b:b6:f7:e7:59:19:7d:16:d1:2f:90:99:84:a5:6f:
         64:99:4a:78:bc:f2:f3:e5:7a:66:18:f5:dc:a1:37:a1:3f:9d:
         02:e2:c4:f9:e6:66:4e:f5:5f:0d:54:5d:c2:80:24:be:ae:cd:
         8d:c2:e7:77:40:23:e2:a0:18:d1:d5:30:ae:69:2b:61:93:de:
         6f:f4:78:51:76:da:66:4e:4b:2a:88:7a:84:ae:bd:c1:25:0b:
         34:db:34:8c:0a:e4:30:ba:20:65:5b:ee:71:57:4b:10:35:a5:
         02:d2:07:18:06:73:13:81:1b:7d:60:c5:b1:e9:49:96:06:f6:
         98:93:89:e7:1e:82:f4:eb:30:93:1c:15:93:95:f7:7b:a3:35:
         4c:0e:4a:ee:80:0c:d3:41:2f:f7:91:83:41:85:3f:8a:f2:e3:
         9a:e7:26:0d
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUfV4Xf8wpj3/qHqlQlxR2EXAm9skwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNAYWYwNWM1NTE5M2QzYTJhOThmNmQ0
MjU1ODU2NWNiOTllN2Q5MWRjZWViMjBlNmMzY2VhNTk2MTcyOTZmZTFhNDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzZhkRx4mf7qeALCCBIJ6n12Tafu6
IzPwVWZ1B/PYg3UqAty/vyevv/NrqJE5JZ5TwZ19TbRg0sj3Sx172FuC8f1y/esW
8oum/eRWzpkb04qPkYF1U4libY50Dx15KtPcpFZhUgdf0YG2TI3e1W58h5RDgtSg
vBKEZxtvyhdIwgezomNtZr6uvKs/gO3p1k/TAu2bGoCwMYd7euhz0yreiY0/xySq
Q0CgZh9i3xNrhsBVoNwBNcLW7lqfkAI0+koGOuiaQFfaio8pAh1mKw0ETOUz7QTZ
oZRkH7jg+C4PG4r3YXt7hAUlpwZJpPrrimqJPnPWXej43XZMozFlW9ChhwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFLDbDlUJXZEfO1Uo7dH9xFXNnFVUMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2U2NDA3ZGM0LTE5ZTEtNGM4Zi04NGRiLWEwYzIzODk2NDFkOC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAbaYWBAMA0GCSqGSIb3DQEBCwUAA4IBAQBNwWm38O1VskixeZrJ
gZPq9IVoZFzjmZJcYpA6OASUkIrKSDD4rEE0L91P+rUsZOulodT8Rgx1/Xctv5dd
Cc1qPGEEUfK6xUKhZimzqOz3Fso2bUCC/MH51aMOGHZ7tvfnWRl9FtEvkJmEpW9k
mUp4vPLz5XpmGPXcoTehP50C4sT55mZO9V8NVF3CgCS+rs2Nwud3QCPioBjR1TCu
aSthk95v9HhRdtpmTksqiHqErr3BJQs02zSMCuQwuiBlW+5xV0sQNaUC0gcYBnMT
gRt9YMWx6UmWBvaYk4nnHoL06zCTHBWTlfd7ozVMDkrugAzTQS/3kYNBhT+K8uOa
5yYN
-----END CERTIFICATE-----