Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f7ec8552-7ddb-4978-bb8c-fc97d0625b4c.roa
File:                     f7ec8552-7ddb-4978-bb8c-fc97d0625b4c.roa (raw, json)
Hash identifier:          AlPPCIcFwJjigMfr1Crq1KFyuy/Ow5Q1EUGvC8ZmU1I=
Subject key identifier:   A7:72:24:7B:57:45:36:1A:5A:CB:F4:E7:1D:18:13:C1:A8:7A:31:70
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       7F52B2FCB0CEA5602754FB9F568CF285EF3E22BD
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f7ec8552-7ddb-4978-bb8c-fc97d0625b4c.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da38:4020::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:52:b2:fc:b0:ce:a5:60:27:54:fb:9f:56:8c:f2:85:ef:3e:22:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=f3653f7ab337b90192db779039784705e22bfa11e75591c1ddcff46ba3078a02, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:6b:6d:28:cb:ee:63:85:bd:3c:3b:60:32:ae:
                    43:2a:0a:da:42:b3:1b:a2:39:28:ee:96:d3:2f:7d:
                    78:a2:31:cb:e7:66:91:5f:6b:a2:38:f9:31:b7:ed:
                    ba:b9:bf:9d:dc:0a:6a:45:a9:63:6b:14:a5:30:5b:
                    37:14:25:56:7d:ef:7d:35:e2:79:40:fc:07:92:bf:
                    af:c8:4d:39:8f:2d:6b:24:a0:e3:46:15:e7:78:c7:
                    5b:40:cd:6b:f6:e8:b1:bc:b8:ea:8f:3d:2c:af:dd:
                    c2:72:28:0f:c5:fc:12:7b:67:63:be:9c:dc:d0:58:
                    8f:16:08:d6:74:45:5d:7e:c0:ce:78:9a:8c:01:e4:
                    2b:ae:23:9a:22:95:d4:5d:c4:a4:4e:91:61:2d:8d:
                    b5:ac:6b:b4:09:4c:01:84:4e:d9:dc:b8:e2:72:74:
                    d0:c9:1b:a7:42:10:e4:61:3f:a6:26:ab:e0:a6:75:
                    2d:a3:ef:26:5c:a1:8f:06:0d:2d:62:39:62:d5:fc:
                    66:63:4f:a0:b3:c1:af:69:6f:cc:7c:59:41:8e:f0:
                    95:e5:93:32:40:f6:f5:13:15:1b:68:b7:fc:ab:1c:
                    9e:80:a0:c3:e4:89:99:36:99:c1:03:d1:44:18:64:
                    e1:b6:43:51:cf:c8:ab:8d:e9:f3:a0:71:49:52:9d:
                    95:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:72:24:7B:57:45:36:1A:5A:CB:F4:E7:1D:18:13:C1:A8:7A:31:70
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f7ec8552-7ddb-4978-bb8c-fc97d0625b4c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da38:4020::/48

    Signature Algorithm: sha256WithRSAEncryption
         a4:d8:1b:98:8a:88:de:96:5d:66:fb:76:cf:0f:5c:a7:57:d6:
         ab:db:ad:33:53:3f:04:9d:ac:92:86:46:b4:b1:95:ad:3e:ce:
         db:63:9e:24:4e:12:33:25:69:18:51:8f:9b:9c:8b:4f:01:d6:
         d3:9c:d4:d0:69:be:76:ef:c5:c7:85:0f:7d:5e:5a:f7:1d:8a:
         fb:de:99:0c:72:85:8f:2f:06:eb:88:26:da:13:e3:71:d1:31:
         f0:7a:ac:33:f9:3b:43:bf:e4:08:03:55:0b:64:b0:1d:c2:ae:
         7e:50:be:f6:66:97:53:46:3a:6d:ec:ca:5f:da:ac:49:ab:f8:
         d3:d2:08:db:29:58:30:f2:4d:d8:1c:53:97:5c:70:80:5f:ec:
         25:7e:98:79:f9:b2:de:3c:4c:01:f8:2e:c9:01:75:b5:7b:53:
         46:e5:24:59:5c:e7:79:5c:7c:93:a4:08:4a:ea:93:7e:f6:48:
         98:5f:3e:2d:ac:b8:32:ba:06:d4:61:7d:10:4f:eb:2d:22:1b:
         96:c5:50:e2:cb:73:74:68:34:a8:70:4b:6a:0a:38:be:ba:fe:
         76:2f:a9:c5:d1:ea:6e:e4:ae:a9:65:43:31:5e:a2:65:c2:b3:
         d6:8e:4f:f7:4f:68:6f:b2:f3:44:da:9e:c1:39:46:48:13:fd:
         21:9a:d5:c0
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUf1Ky/LDOpWAnVPufVozyhe8+Ir0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNAZjM2NTNmN2FiMzM3YjkwMTkyZGI3
NzkwMzk3ODQ3MDVlMjJiZmExMWU3NTU5MWMxZGRjZmY0NmJhMzA3OGEwMjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2ttKMvuY4W9PDtgMq5DKgraQrMb
ojko7pbTL314ojHL52aRX2uiOPkxt+26ub+d3ApqRaljaxSlMFs3FCVWfe99NeJ5
QPwHkr+vyE05jy1rJKDjRhXneMdbQM1r9uixvLjqjz0sr93CcigPxfwSe2djvpzc
0FiPFgjWdEVdfsDOeJqMAeQrriOaIpXUXcSkTpFhLY21rGu0CUwBhE7Z3LjicnTQ
yRunQhDkYT+mJqvgpnUto+8mXKGPBg0tYjli1fxmY0+gs8GvaW/MfFlBjvCV5ZMy
QPb1ExUbaLf8qxyegKDD5ImZNpnBA9FEGGThtkNRz8irjenzoHFJUp2VzwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFKdyJHtXRTYaWsv05x0YE8GoejFwMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2Y3ZWM4NTUyLTdkZGItNDk3OC1iYjhjLWZjOTdkMDYyNWI0Yy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAbaOEAgMA0GCSqGSIb3DQEBCwUAA4IBAQCk2BuYiojell1m+3bP
D1ynV9ar260zUz8EnayShka0sZWtPs7bY54kThIzJWkYUY+bnItPAdbTnNTQab52
78XHhQ99Xlr3HYr73pkMcoWPLwbriCbaE+Nx0THweqwz+TtDv+QIA1ULZLAdwq5+
UL72ZpdTRjpt7Mpf2qxJq/jT0gjbKVgw8k3YHFOXXHCAX+wlfph5+bLePEwB+C7J
AXW1e1NG5SRZXOd5XHyTpAhK6pN+9kiYXz4trLgyugbUYX0QT+stIhuWxVDiy3N0
aDSocEtqCji+uv52L6nF0epu5K6pZUMxXqJlwrPWjk/3T2hvsvNE2p7BOUZIE/0h
mtXA
-----END CERTIFICATE-----