Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f37abb36-5149-4944-8faa-1e2f0ea2950e.roa
File:                     f37abb36-5149-4944-8faa-1e2f0ea2950e.roa (raw, json)
Hash identifier:          RQB8Tde7xS+TBHYaSE2qQMKLtnfkkuKshWFTUQdnCk8=
Subject key identifier:   F9:4B:3D:DC:05:CC:0B:C3:06:E6:DF:00:07:AE:52:60:FD:04:C2:1D
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       351A7883C513A427F517CEEBFAD6A9BF6A201784
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f37abb36-5149-4944-8faa-1e2f0ea2950e.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da61:c800::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:1a:78:83:c5:13:a4:27:f5:17:ce:eb:fa:d6:a9:bf:6a:20:17:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=a6a613b3d4f0d0e3208f4cc83b8fc5a5cfdc14e6912edf8affa2ebe55a649660, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:87:84:fe:c0:f1:97:35:f2:6d:47:a1:4c:8a:
                    81:ee:68:bb:56:cf:92:3b:27:e6:74:80:71:db:71:
                    e8:cf:92:f8:e6:56:55:30:2a:b7:f0:9b:ac:30:72:
                    13:6d:72:9d:c1:48:0d:64:f4:a0:a5:06:48:e9:7a:
                    50:97:0f:f1:6e:eb:dc:0c:98:d2:86:98:f9:42:10:
                    a7:d5:05:46:6a:88:0d:7e:26:c4:71:0f:0c:5e:e7:
                    aa:f5:fb:60:a2:9a:75:0d:df:24:a9:f8:83:cd:95:
                    21:2c:b7:1d:58:f8:c7:d1:49:58:72:e6:57:cf:e6:
                    34:b5:ec:59:fa:b2:fd:d2:3c:76:02:35:9f:c4:fc:
                    75:a6:d7:4a:de:ba:a8:e7:11:fe:25:b4:0e:3e:29:
                    87:07:cb:7e:bb:d2:ab:81:f8:75:96:b7:2e:c4:36:
                    d2:91:34:05:ab:29:8c:cf:e2:a3:3a:14:40:cd:ec:
                    16:e6:6e:d6:8a:05:02:43:dc:ae:0c:0a:fc:d3:1c:
                    5e:24:73:98:83:6d:16:3c:c0:2a:d5:de:d0:7f:57:
                    08:4b:0a:02:7d:7e:df:fb:9b:0e:47:e8:7d:da:78:
                    fb:67:83:9e:01:41:ea:9c:5e:7d:ac:5b:6c:fc:01:
                    69:3d:6f:f1:82:c7:e2:1a:16:09:f6:3a:99:40:18:
                    fe:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:4B:3D:DC:05:CC:0B:C3:06:E6:DF:00:07:AE:52:60:FD:04:C2:1D
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f37abb36-5149-4944-8faa-1e2f0ea2950e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da61:c800::/40

    Signature Algorithm: sha256WithRSAEncryption
         63:9b:15:c4:fd:35:f0:4e:69:f4:99:b4:b9:9c:59:23:fe:79:
         2e:8c:14:99:1e:8c:70:55:48:39:6b:0b:31:30:fa:f8:df:a9:
         ee:75:54:f6:90:82:13:ba:69:0d:46:dd:e8:49:3d:cb:62:55:
         73:b9:ce:15:47:0e:4f:bc:b0:d4:80:42:bf:7a:04:a0:75:1d:
         bc:c7:60:c0:be:d6:bb:fd:22:c2:34:58:a4:bb:78:35:3a:56:
         8d:48:de:9f:b5:90:bf:01:f2:3f:fd:5e:44:fe:bd:45:02:39:
         99:9b:6e:b9:5b:0e:33:3e:19:e0:b7:b0:88:be:c6:5e:04:e8:
         fd:ac:77:1a:da:e0:08:a9:39:5d:f8:5d:99:c1:30:ec:a3:71:
         96:e7:44:36:66:42:0f:5f:a2:13:64:79:d1:46:78:29:4b:b4:
         da:a2:a7:87:81:be:ef:d4:9f:69:8f:44:08:6b:7f:7d:6c:17:
         42:dd:af:a9:44:77:7f:bc:1e:fc:96:18:1f:e0:9a:94:99:61:
         7a:51:8b:f0:f1:c5:7b:eb:b5:b7:de:b6:0f:a1:8a:02:f1:9c:
         c4:8e:e6:f9:8b:03:0b:be:fd:ec:75:d3:37:5d:a0:fe:71:2d:
         2e:d6:64:1e:65:2a:e3:3d:20:17:73:57:ec:33:16:07:97:45:
         6e:19:be:d2
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUNRp4g8UTpCf1F87r+tapv2ogF4QwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNAYTZhNjEzYjNkNGYwZDBlMzIwOGY0
Y2M4M2I4ZmM1YTVjZmRjMTRlNjkxMmVkZjhhZmZhMmViZTU1YTY0OTY2MDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlIeE/sDxlzXybUehTIqB7mi7Vs+S
OyfmdIBx23Hoz5L45lZVMCq38JusMHITbXKdwUgNZPSgpQZI6XpQlw/xbuvcDJjS
hpj5QhCn1QVGaogNfibEcQ8MXueq9ftgopp1Dd8kqfiDzZUhLLcdWPjH0UlYcuZX
z+Y0texZ+rL90jx2AjWfxPx1ptdK3rqo5xH+JbQOPimHB8t+u9Krgfh1lrcuxDbS
kTQFqymMz+KjOhRAzewW5m7WigUCQ9yuDAr80xxeJHOYg20WPMAq1d7Qf1cISwoC
fX7f+5sOR+h92nj7Z4OeAUHqnF59rFts/AFpPW/xgsfiGhYJ9jqZQBj++wIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFPlLPdwFzAvDBubfAAeuUmD9BMIdMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2YzN2FiYjM2LTUxNDktNDk0NC04ZmFhLTFlMmYwZWEyOTUwZS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaYcgwDQYJKoZIhvcNAQELBQADggEBAGObFcT9NfBOafSZtLmc
WSP+eS6MFJkejHBVSDlrCzEw+vjfqe51VPaQghO6aQ1G3ehJPctiVXO5zhVHDk+8
sNSAQr96BKB1HbzHYMC+1rv9IsI0WKS7eDU6Vo1I3p+1kL8B8j/9XkT+vUUCOZmb
brlbDjM+GeC3sIi+xl4E6P2sdxra4AipOV34XZnBMOyjcZbnRDZmQg9fohNkedFG
eClLtNqip4eBvu/Un2mPRAhrf31sF0Ldr6lEd3+8HvyWGB/gmpSZYXpRi/DxxXvr
tbfetg+higLxnMSO5vmLAwu+/ex10zddoP5xLS7WZB5lKuM9IBdzV+wzFgeXRW4Z
vtI=
-----END CERTIFICATE-----