Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f593232f-0244-4a16-ab0c-ae29ea60c65f.roa
File:                     f593232f-0244-4a16-ab0c-ae29ea60c65f.roa (raw, json)
Hash identifier:          HkWNpTxkbiU7uBXgNM8FNKHtet/qKSy3HQFhE080A5M=
Subject key identifier:   EA:9D:B5:68:E7:D1:90:56:1D:7E:79:F9:7D:C1:7B:E0:4D:0E:08:95
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       151AD0941AB927C9D211833622241C8BCCD1B19A
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f593232f-0244-4a16-ab0c-ae29ea60c65f.roa
Signing time:             Fri 10 Jan 2025 00:00:00 +0000
ROA not before:           Fri 10 Jan 2025 00:00:00 +0000
ROA not after:            Fri 14 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da68:f000::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:1a:d0:94:1a:b9:27:c9:d2:11:83:36:22:24:1c:8b:cc:d1:b1:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan 10 00:00:00 2025 GMT
            Not After : Feb 14 23:59:59 2025 GMT
        Subject: serialNumber=e76d7f0f004e4e6b195726344a9831f56b67653bb53ccd35a26b0a4a8e8f38bd, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:a5:d0:23:2c:5d:a6:d9:d0:68:97:cb:65:58:
                    51:b8:b1:75:f4:a2:bf:aa:96:bc:6f:78:ed:9c:a8:
                    db:37:da:35:69:eb:f4:2b:a7:aa:4c:00:42:b6:c0:
                    e7:c7:df:02:03:fe:75:f1:55:75:e0:40:15:6c:02:
                    0e:68:85:32:d8:19:c7:bc:05:ee:0f:32:29:c1:0d:
                    19:a2:5f:23:59:74:98:aa:bc:75:e3:f2:3e:15:40:
                    27:8d:6b:cd:f9:81:31:ec:9d:21:49:1c:de:cd:e4:
                    b8:0d:8f:68:67:3c:71:1f:32:d0:0a:9e:22:10:c0:
                    09:35:5d:68:fd:54:b2:12:51:f0:50:06:3e:60:46:
                    30:c0:8c:cf:33:7e:2b:ff:88:85:5a:2a:3c:14:ec:
                    18:a4:34:28:41:d6:f3:50:09:81:4d:90:a8:36:3a:
                    ad:d8:8e:6f:78:18:79:6e:ab:26:74:63:7c:a7:10:
                    3f:02:27:a0:a3:1a:14:f4:3a:16:9e:47:d1:ef:e2:
                    7e:74:4f:70:33:74:a2:c1:03:e3:66:29:e1:e0:d8:
                    88:3e:a4:82:58:47:f5:3b:a5:b6:4d:5c:be:b5:48:
                    90:49:e1:d9:f3:88:2e:86:16:d0:e1:7e:1c:eb:56:
                    9a:16:0a:26:c0:2d:5a:4c:08:73:28:6f:33:76:19:
                    ea:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:9D:B5:68:E7:D1:90:56:1D:7E:79:F9:7D:C1:7B:E0:4D:0E:08:95
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f593232f-0244-4a16-ab0c-ae29ea60c65f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da68:f000::/40

    Signature Algorithm: sha256WithRSAEncryption
         94:1e:7d:06:44:4b:f6:02:09:71:7a:64:c2:b4:19:5e:f2:b0:
         07:1a:22:dd:cc:58:59:82:1a:cd:80:5c:b2:de:e7:b4:f2:9c:
         e8:89:00:c7:97:d7:60:d6:96:de:86:48:1c:8e:b9:a3:bb:2c:
         2d:da:9b:95:33:1e:e3:df:70:99:20:6d:c1:c5:fe:57:0a:da:
         99:14:1c:e6:07:f8:73:0f:50:a5:cd:3a:64:b7:ac:00:60:69:
         5f:03:0a:a2:1b:76:7f:8d:77:13:3a:31:cf:bc:19:66:de:72:
         84:26:57:d0:43:dd:e8:0e:c8:79:f7:aa:1b:fa:4f:65:cb:bc:
         44:7f:fa:e7:e2:61:10:8f:69:bc:19:6d:4d:01:db:a7:3e:d1:
         a8:f2:ea:e7:c7:8f:e1:e9:09:2a:27:b3:4d:71:f3:32:a5:5b:
         d1:5b:65:f3:b3:b7:ac:71:dc:7e:61:b9:93:c1:79:4d:b0:12:
         9c:3a:ee:78:1e:a2:51:a5:8f:eb:90:78:77:02:08:f3:e3:77:
         62:fe:98:f0:40:b6:8e:b3:c4:6d:14:08:b1:9e:e6:40:85:e1:
         29:60:d9:1e:f2:b2:02:c3:80:bc:d7:f7:3f:71:62:93:fc:c5:
         98:76:93:c0:41:0f:d6:52:5d:29:89:ba:30:6e:c4:66:b6:2f:
         70:32:cb:77
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUFRrQlBq5J8nSEYM2IiQci8zRsZowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDExMDAwMDAwMFoX
DTI1MDIxNDIzNTk1OVowejFJMEcGA1UEBRNAZTc2ZDdmMGYwMDRlNGU2YjE5NTcy
NjM0NGE5ODMxZjU2YjY3NjUzYmI1M2NjZDM1YTI2YjBhNGE4ZThmMzhiZDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuaXQIyxdptnQaJfLZVhRuLF19KK/
qpa8b3jtnKjbN9o1aev0K6eqTABCtsDnx98CA/518VV14EAVbAIOaIUy2BnHvAXu
DzIpwQ0Zol8jWXSYqrx14/I+FUAnjWvN+YEx7J0hSRzezeS4DY9oZzxxHzLQCp4i
EMAJNV1o/VSyElHwUAY+YEYwwIzPM34r/4iFWio8FOwYpDQoQdbzUAmBTZCoNjqt
2I5veBh5bqsmdGN8pxA/AiegoxoU9DoWnkfR7+J+dE9wM3SiwQPjZinh4NiIPqSC
WEf1O6W2TVy+tUiQSeHZ84guhhbQ4X4c61aaFgomwC1aTAhzKG8zdhnqjwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFOqdtWjn0ZBWHX55+X3Be+BNDgiVMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2Y1OTMyMzJmLTAyNDQtNGExNi1hYjBjLWFlMjllYTYwYzY1Zi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaaPAwDQYJKoZIhvcNAQELBQADggEBAJQefQZES/YCCXF6ZMK0
GV7ysAcaIt3MWFmCGs2AXLLe57TynOiJAMeX12DWlt6GSByOuaO7LC3am5UzHuPf
cJkgbcHF/lcK2pkUHOYH+HMPUKXNOmS3rABgaV8DCqIbdn+NdxM6Mc+8GWbecoQm
V9BD3egOyHn3qhv6T2XLvER/+ufiYRCPabwZbU0B26c+0ajy6ufHj+HpCSons01x
8zKlW9FbZfOzt6xx3H5huZPBeU2wEpw67ngeolGlj+uQeHcCCPPjd2L+mPBAto6z
xG0UCLGe5kCF4Slg2R7ysgLDgLzX9z9xYpP8xZh2k8BBD9ZSXSmJujBuxGa2L3Ay
y3c=
-----END CERTIFICATE-----