Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/fe9e46f2-7ae2-4a38-89eb-91e51e539f45.roa
File:                     fe9e46f2-7ae2-4a38-89eb-91e51e539f45.roa (raw, json)
Hash identifier:          BmQ4f5rBMguF9DCoaYpH6nwnx3bApBDJFMhgp8lfBhI=
Subject key identifier:   48:3F:A3:23:18:BD:09:2E:8F:25:3B:1A:0A:43:FF:DB:6C:0C:BA:39
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       31590163C1FA139D0CFAA94F9115396782038447
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/fe9e46f2-7ae2-4a38-89eb-91e51e539f45.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da17:c00::/38 maxlen: 38
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:59:01:63:c1:fa:13:9d:0c:fa:a9:4f:91:15:39:67:82:03:84:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=82981851ae7f592bfabde7fd6a04f14d7e24bbbd252e78d92f9547333b1f0ebb, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:79:74:63:f9:ca:31:77:ee:7d:1d:83:05:9a:
                    bb:7f:10:b3:7f:09:c3:b5:3d:59:5e:ee:0c:a7:38:
                    b2:2c:6c:4c:e2:c5:97:bd:64:03:01:e5:c4:0a:44:
                    d0:58:59:4c:b2:ad:21:13:52:3d:fb:ca:75:7b:92:
                    bb:5b:87:0a:b6:8c:db:71:80:e6:f2:1d:b0:80:0a:
                    79:47:27:e8:1d:3e:af:2d:24:aa:ca:66:c6:4c:08:
                    fa:37:48:ca:54:7b:7c:e6:6a:f9:27:b9:c8:81:08:
                    4e:d0:90:ba:ad:5a:2a:9c:c7:95:59:99:ac:d0:b8:
                    ab:9f:d6:7b:50:a7:c1:10:39:bf:17:26:67:5f:67:
                    4d:1b:9b:4c:60:f0:ae:53:37:47:0e:e3:14:3b:c5:
                    7f:0d:b0:2a:7d:f2:34:83:c3:ec:d8:94:30:6e:a4:
                    76:f5:82:3e:00:3a:72:56:28:a7:34:e4:3b:b2:b3:
                    fd:f3:5e:fa:04:85:c7:23:6a:17:e1:46:84:2b:06:
                    7a:20:14:a7:92:f9:9e:7d:df:0f:c6:c4:68:1d:6d:
                    c4:e4:48:3e:32:cf:88:c8:c5:29:30:89:4e:e4:87:
                    18:f3:49:b9:f7:36:9f:99:be:2d:b5:1f:7e:52:4d:
                    46:a4:01:a4:f4:fc:cf:36:ef:ef:05:ac:55:96:44:
                    6a:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:3F:A3:23:18:BD:09:2E:8F:25:3B:1A:0A:43:FF:DB:6C:0C:BA:39
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/fe9e46f2-7ae2-4a38-89eb-91e51e539f45.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da17:c00::/38

    Signature Algorithm: sha256WithRSAEncryption
         2d:f6:b4:16:f0:13:0f:ee:fc:7d:61:3f:fd:f6:c1:50:af:23:
         e6:bb:61:ac:52:a4:a7:6c:a4:e6:d3:06:e5:09:92:d8:35:84:
         a2:ae:50:61:e4:c5:ec:d0:9b:c1:33:ff:55:98:88:6b:2d:f8:
         8b:cd:37:1c:08:e5:d6:b3:b6:00:08:dd:1d:c2:43:46:b9:f7:
         62:21:da:61:a1:74:62:f7:3d:47:68:1b:db:0f:80:ff:c7:ff:
         31:37:fc:78:69:df:99:dd:f4:fd:74:63:f4:17:d5:88:f4:cd:
         49:8e:9c:a4:38:e9:29:e9:af:87:15:34:c5:33:4e:5e:7f:c5:
         f6:c8:4a:ce:3e:79:ef:74:43:45:5e:7c:77:40:2b:3c:12:00:
         d2:4e:81:09:a3:79:9e:78:95:c2:e8:73:f0:19:5a:12:71:2e:
         5f:1b:be:8c:e7:bf:5a:93:d7:eb:68:13:b5:62:97:88:7f:fe:
         86:31:29:5e:56:54:e3:92:28:70:98:dc:91:02:69:3e:92:86:
         1f:67:7b:92:0e:64:a9:54:7b:cb:1a:94:c1:06:44:75:69:7c:
         c6:32:8f:67:2f:34:9a:63:a6:47:87:04:46:9b:a4:ac:d2:e7:
         ca:c6:fe:9f:d2:81:11:b0:5d:a6:93:0d:34:56:06:a1:40:85:
         9f:f4:8c:a2
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUMVkBY8H6E50M+qlPkRU5Z4IDhEcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNAODI5ODE4NTFhZTdmNTkyYmZhYmRl
N2ZkNmEwNGYxNGQ3ZTI0YmJiZDI1MmU3OGQ5MmY5NTQ3MzMzYjFmMGViYjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp3l0Y/nKMXfufR2DBZq7fxCzfwnD
tT1ZXu4MpziyLGxM4sWXvWQDAeXECkTQWFlMsq0hE1I9+8p1e5K7W4cKtozbcYDm
8h2wgAp5RyfoHT6vLSSqymbGTAj6N0jKVHt85mr5J7nIgQhO0JC6rVoqnMeVWZms
0Lirn9Z7UKfBEDm/FyZnX2dNG5tMYPCuUzdHDuMUO8V/DbAqffI0g8Ps2JQwbqR2
9YI+ADpyViinNOQ7srP98176BIXHI2oX4UaEKwZ6IBSnkvmefd8PxsRoHW3E5Eg+
Ms+IyMUpMIlO5IcY80m59zafmb4ttR9+Uk1GpAGk9PzPNu/vBaxVlkRqRwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFEg/oyMYvQkujyU7GgpD/9tsDLo5MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2ZlOWU0NmYyLTdhZTItNGEzOC04OWViLTkxZTUxZTUzOWY0NS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYCJAbaFwwwDQYJKoZIhvcNAQELBQADggEBAC32tBbwEw/u/H1hP/32
wVCvI+a7YaxSpKdspObTBuUJktg1hKKuUGHkxezQm8Ez/1WYiGst+IvNNxwI5daz
tgAI3R3CQ0a592Ih2mGhdGL3PUdoG9sPgP/H/zE3/Hhp35nd9P10Y/QX1Yj0zUmO
nKQ46Snpr4cVNMUzTl5/xfbISs4+ee90Q0VefHdAKzwSANJOgQmjeZ54lcLoc/AZ
WhJxLl8bvoznv1qT1+toE7Vil4h//oYxKV5WVOOSKHCY3JECaT6Shh9ne5IOZKlU
e8salMEGRHVpfMYyj2cvNJpjpkeHBEabpKzS58rG/p/SgRGwXaaTDTRWBqFAhZ/0
jKI=
-----END CERTIFICATE-----