Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ec40eb60-4cf6-48e4-b0a8-80630ca1e584.roa
File:                     ec40eb60-4cf6-48e4-b0a8-80630ca1e584.roa (raw, json)
Hash identifier:          6oI4V3snHzDcGWHEOIogal0DWwkejHDSa51FFILHvrY=
Subject key identifier:   3E:EA:7D:C5:1A:5E:EB:7D:87:FB:83:5B:49:5A:56:12:EB:C1:35:65
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       406B6F3F0355092C20874B672DEE69A8F72FA382
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ec40eb60-4cf6-48e4-b0a8-80630ca1e584.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da00:40e0::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:6b:6f:3f:03:55:09:2c:20:87:4b:67:2d:ee:69:a8:f7:2f:a3:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=5211a31b497b3c67f6c5f2bc1b3d20c28519e4454d28f77df370cd4f537f9c8d, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:ca:ed:83:ca:8f:1c:ab:ef:d9:89:e0:7d:21:
                    4c:ed:f0:59:56:94:33:53:ce:61:62:52:e6:33:96:
                    e7:22:8a:d7:88:dd:87:40:fc:cc:e5:e3:61:e8:47:
                    b9:9f:aa:cd:fa:f1:70:20:c3:15:f5:05:7a:54:51:
                    e7:37:d7:ec:cb:ac:f7:33:02:de:42:9c:07:02:ec:
                    3a:ef:91:b9:01:70:c8:f5:86:9a:c3:bd:77:05:0e:
                    b7:17:8f:46:ec:04:c9:52:2c:9a:97:4a:d4:1a:5c:
                    88:d4:81:4d:d3:cb:de:1c:2e:83:a5:19:20:3a:4d:
                    8f:8c:08:8d:84:d6:e7:13:c7:ee:60:a0:aa:0e:b0:
                    d0:0e:1e:37:d9:2a:67:64:68:71:d4:06:a6:c0:21:
                    3b:d0:ae:a7:91:7d:a3:3a:37:fd:99:18:db:2d:5a:
                    97:7a:20:30:d0:5f:65:dd:e4:48:1e:32:b8:26:a1:
                    e5:e5:70:e1:f3:dd:43:7c:43:36:c0:e8:a1:d3:d7:
                    0a:5b:df:8f:9e:2b:5f:ff:19:88:0f:76:9c:2a:bc:
                    21:e3:c9:f3:1d:7e:78:15:c9:97:50:ee:fa:b9:28:
                    54:f3:26:fa:9b:e2:62:ec:30:0f:fc:0e:24:48:1c:
                    bb:37:f1:da:80:90:a7:77:f9:46:e7:0d:3a:e1:a9:
                    3e:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:EA:7D:C5:1A:5E:EB:7D:87:FB:83:5B:49:5A:56:12:EB:C1:35:65
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ec40eb60-4cf6-48e4-b0a8-80630ca1e584.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da00:40e0::/48

    Signature Algorithm: sha256WithRSAEncryption
         81:88:e0:29:aa:b9:90:be:5d:6b:c9:d2:dd:a8:62:75:a9:e0:
         9f:82:a8:70:bd:1c:c6:e0:3f:59:ed:6e:18:d8:f2:a1:23:89:
         ab:f8:f5:59:87:4b:97:8a:e8:c2:32:83:3e:b0:4d:9e:3d:55:
         18:1e:f0:fe:0d:a7:d6:fc:fe:db:47:cf:52:81:0f:63:7d:2a:
         58:be:26:03:b0:c2:38:29:27:49:9f:bb:64:f0:b6:f7:99:94:
         c9:bc:32:2f:74:3e:75:02:0a:81:d8:1b:5a:c2:64:84:cd:c0:
         b6:06:ae:f5:c4:97:76:12:ad:2b:7a:88:6b:19:fb:18:ba:06:
         b5:a8:f4:39:7f:71:44:84:a3:f6:fe:68:6f:d1:ce:59:ea:92:
         2e:f5:2d:1a:e7:c3:66:cf:6c:59:a5:19:62:6c:52:5f:05:00:
         3b:72:cf:36:3d:e6:6a:a0:8e:94:10:a6:8d:b8:94:89:40:99:
         7e:15:50:a2:12:d5:a9:e2:f3:08:8a:6a:4e:74:dc:b0:91:9f:
         3d:ef:ae:91:1c:73:71:61:c9:c6:e3:f4:e6:96:64:10:b6:85:
         b6:67:f3:6c:fa:e4:23:6a:ae:5d:f1:b0:64:89:8a:89:d6:fe:
         c9:00:a0:97:fb:8a:ff:26:e5:18:37:ec:62:5d:8b:51:d7:e6:
         d6:da:74:43
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUQGtvPwNVCSwgh0tnLe5pqPcvo4IwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNANTIxMWEzMWI0OTdiM2M2N2Y2YzVm
MmJjMWIzZDIwYzI4NTE5ZTQ0NTRkMjhmNzdkZjM3MGNkNGY1MzdmOWM4ZDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMrtg8qPHKvv2YngfSFM7fBZVpQz
U85hYlLmM5bnIorXiN2HQPzM5eNh6Ee5n6rN+vFwIMMV9QV6VFHnN9fsy6z3MwLe
QpwHAuw675G5AXDI9Yaaw713BQ63F49G7ATJUiyal0rUGlyI1IFN08veHC6DpRkg
Ok2PjAiNhNbnE8fuYKCqDrDQDh432SpnZGhx1AamwCE70K6nkX2jOjf9mRjbLVqX
eiAw0F9l3eRIHjK4JqHl5XDh891DfEM2wOih09cKW9+Pnitf/xmID3acKrwh48nz
HX54FcmXUO76uShU8yb6m+Ji7DAP/A4kSBy7N/HagJCnd/lG5w064ak+2QIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFD7qfcUaXut9h/uDW0laVhLrwTVlMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2VjNDBlYjYwLTRjZjYtNDhlNC1iMGE4LTgwNjMwY2ExZTU4NC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAbaAEDgMA0GCSqGSIb3DQEBCwUAA4IBAQCBiOApqrmQvl1rydLd
qGJ1qeCfgqhwvRzG4D9Z7W4Y2PKhI4mr+PVZh0uXiujCMoM+sE2ePVUYHvD+DafW
/P7bR89SgQ9jfSpYviYDsMI4KSdJn7tk8Lb3mZTJvDIvdD51AgqB2BtawmSEzcC2
Bq71xJd2Eq0reohrGfsYuga1qPQ5f3FEhKP2/mhv0c5Z6pIu9S0a58Nmz2xZpRli
bFJfBQA7cs82PeZqoI6UEKaNuJSJQJl+FVCiEtWp4vMIimpOdNywkZ89766RHHNx
YcnG4/TmlmQQtoW2Z/Ns+uQjaq5d8bBkiYqJ1v7JAKCX+4r/JuUYN+xiXYtR1+bW
2nRD
-----END CERTIFICATE-----