Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ec29fd3d-a5fc-4181-b573-9bd7520ac8cb.roa
File:                     ec29fd3d-a5fc-4181-b573-9bd7520ac8cb.roa (raw, json)
Hash identifier:          n9h1RQXkh6HbcVAnwN8cIZpQ+a2oHHUVnhQZG5kUpFw=
Subject key identifier:   08:B3:95:7E:46:C4:41:A8:5B:F9:5B:AF:35:84:89:9B:C1:B2:B6:A9
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       593FBB2D79127A44C3136565B4B1B99F5AD9571D
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ec29fd3d-a5fc-4181-b573-9bd7520ac8cb.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da17::/36 maxlen: 36
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:3f:bb:2d:79:12:7a:44:c3:13:65:65:b4:b1:b9:9f:5a:d9:57:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=d8e3d182502e7a52e101a00935db42e3bc598a41ebe5c859cad0255c1edc4d50, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:42:76:25:d2:28:aa:98:ec:0f:25:e3:bd:0f:
                    4c:48:07:02:f4:02:45:60:ed:fe:dd:58:03:b7:1c:
                    a4:74:61:70:e0:bc:42:fe:a0:cd:08:54:3f:90:86:
                    1d:63:8f:13:3d:13:43:f9:6b:85:1e:f3:f9:2d:e7:
                    78:44:fc:94:a2:a1:10:35:61:76:8c:35:63:b8:76:
                    ab:8c:19:eb:3b:1f:e2:d5:20:b5:50:ce:33:4d:0d:
                    b1:5f:6d:25:02:87:42:c8:4d:78:ba:fc:85:a7:1f:
                    f4:d6:55:21:fd:ee:ef:e6:fd:9a:81:08:db:58:b4:
                    d4:60:ab:53:49:fb:97:7b:35:6a:81:f4:13:95:7a:
                    da:6d:1a:2e:56:b1:89:89:f7:17:c1:67:b5:7a:de:
                    fd:01:98:81:5b:ae:35:57:48:88:2c:74:fe:37:1f:
                    91:77:e8:e6:a3:0e:91:2d:5a:61:97:ce:81:ec:16:
                    2c:e0:85:15:27:e2:d8:de:49:6b:09:4c:8d:16:9e:
                    e8:59:ae:10:e1:2e:d3:e5:e7:e7:6f:02:4b:a6:3f:
                    77:41:0f:48:9b:19:bd:61:ff:e2:64:c6:c7:e3:ab:
                    73:2e:93:00:a4:4f:e6:d6:bf:00:1f:7b:30:7e:d8:
                    a8:c7:56:7a:53:94:6a:d0:f5:b2:1e:6c:cf:38:b9:
                    99:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:B3:95:7E:46:C4:41:A8:5B:F9:5B:AF:35:84:89:9B:C1:B2:B6:A9
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ec29fd3d-a5fc-4181-b573-9bd7520ac8cb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da17::/36

    Signature Algorithm: sha256WithRSAEncryption
         65:32:b8:c4:8b:59:4b:31:ae:c6:47:38:77:14:5b:47:8e:c3:
         fe:dd:67:c1:7b:73:ef:36:81:bb:8e:a6:62:01:ed:53:52:b2:
         6b:20:64:e2:dd:05:e2:72:45:20:92:c3:55:1e:64:9b:ef:3b:
         8c:de:fc:f4:ca:da:c8:44:c4:e7:00:33:45:b5:90:a3:31:d8:
         e9:91:0e:99:89:dd:a1:23:b3:a2:13:c2:0a:d5:07:9a:23:44:
         fc:2d:42:f5:37:5d:cf:46:49:a9:e8:35:fe:51:9c:c1:de:0c:
         08:39:16:15:45:e2:35:8d:34:b7:ac:5f:a6:41:df:df:ce:82:
         19:c9:e8:12:05:70:ec:80:f4:f0:93:ed:09:87:5c:f3:ba:d6:
         2d:73:6a:ef:18:03:4e:55:eb:12:c0:e0:3e:5d:57:3e:23:ac:
         a2:6c:30:6a:38:e8:5b:04:06:32:f1:75:b0:1e:ca:8c:c2:52:
         90:b7:9c:29:39:e5:aa:27:ff:6d:e5:12:2a:b8:33:c2:6d:21:
         2f:d0:c5:39:64:94:8d:13:6d:13:5a:7d:99:2a:a1:8b:2c:c3:
         88:a4:67:72:2b:5a:b8:fa:55:5e:4a:59:fc:8f:ed:e2:49:02:
         57:13:a0:61:ab:ed:76:f5:c9:0b:88:2d:62:b5:f2:1c:a0:77:
         35:0d:ba:68
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUWT+7LXkSekTDE2VltLG5n1rZVx0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNAZDhlM2QxODI1MDJlN2E1MmUxMDFh
MDA5MzVkYjQyZTNiYzU5OGE0MWViZTVjODU5Y2FkMDI1NWMxZWRjNGQ1MDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4EJ2JdIoqpjsDyXjvQ9MSAcC9AJF
YO3+3VgDtxykdGFw4LxC/qDNCFQ/kIYdY48TPRND+WuFHvP5Led4RPyUoqEQNWF2
jDVjuHarjBnrOx/i1SC1UM4zTQ2xX20lAodCyE14uvyFpx/01lUh/e7v5v2agQjb
WLTUYKtTSfuXezVqgfQTlXrabRouVrGJifcXwWe1et79AZiBW641V0iILHT+Nx+R
d+jmow6RLVphl86B7BYs4IUVJ+LY3klrCUyNFp7oWa4Q4S7T5efnbwJLpj93QQ9I
mxm9Yf/iZMbH46tzLpMApE/m1r8AH3swftiox1Z6U5Rq0PWyHmzPOLmZAQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFAizlX5GxEGoW/lbrzWEiZvBsrapMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2VjMjlmZDNkLWE1ZmMtNDE4MS1iNTczLTliZDc1MjBhYzhjYi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYEJAbaFwAwDQYJKoZIhvcNAQELBQADggEBAGUyuMSLWUsxrsZHOHcU
W0eOw/7dZ8F7c+82gbuOpmIB7VNSsmsgZOLdBeJyRSCSw1UeZJvvO4ze/PTK2shE
xOcAM0W1kKMx2OmRDpmJ3aEjs6ITwgrVB5ojRPwtQvU3Xc9GSanoNf5RnMHeDAg5
FhVF4jWNNLesX6ZB39/OghnJ6BIFcOyA9PCT7QmHXPO61i1zau8YA05V6xLA4D5d
Vz4jrKJsMGo46FsEBjLxdbAeyozCUpC3nCk55aon/23lEiq4M8JtIS/QxTlklI0T
bRNafZkqoYssw4ikZ3IrWrj6VV5KWfyP7eJJAlcToGGr7Xb1yQuILWK18hygdzUN
umg=
-----END CERTIFICATE-----