Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ff6d0825-64c9-42eb-979c-d2252693e691.roa
File:                     ff6d0825-64c9-42eb-979c-d2252693e691.roa (raw, json)
Hash identifier:          5sNy/ickUft8wdaPtOxCm2s1PPPChDZjkImZrx6l3kc=
Subject key identifier:   88:27:BA:E0:BF:40:73:5C:CB:2A:5E:C7:C0:5B:8B:D9:AC:C2:43:34
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       23E993952688888AFA09A5D4A62FAC22F0FC639F
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ff6d0825-64c9-42eb-979c-d2252693e691.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daff:4010::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:e9:93:95:26:88:88:8a:fa:09:a5:d4:a6:2f:ac:22:f0:fc:63:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=ce1b0d431d850368d06d4a8b6789c3756ec009d17d88dc18168ed36a2a6bf4ec, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:f7:c7:10:b1:90:e1:ce:9d:5e:ce:01:c1:39:
                    5d:f8:1d:29:17:3e:aa:ab:47:57:bd:84:18:32:49:
                    e5:06:98:02:1f:e9:ff:ad:db:1e:75:f7:31:58:62:
                    b5:ea:6c:e6:76:b7:22:76:6b:ac:86:c4:82:2e:76:
                    20:ec:7f:ad:b7:76:0d:91:df:45:db:12:47:a8:7d:
                    b0:8f:60:48:5d:e6:e8:ac:54:18:b6:30:1a:76:fd:
                    14:b0:e0:5c:5b:17:4c:62:fa:eb:9a:e4:75:54:ea:
                    35:92:7e:ec:b3:43:61:54:c7:12:ae:37:e0:d0:81:
                    11:4d:21:cd:96:70:58:82:21:6c:cb:ea:48:c1:f2:
                    be:fa:b4:f9:8c:95:2f:b9:d5:c8:bb:c2:48:09:b5:
                    02:e5:87:cd:27:1f:1f:14:c1:23:8f:1d:94:18:65:
                    1a:82:90:b9:2a:ad:c4:8c:a2:e2:45:f2:57:73:58:
                    1e:57:68:a9:26:a2:d8:29:0d:af:0e:8a:6e:53:60:
                    45:27:19:ec:84:d4:d5:3c:a7:71:48:7b:c8:82:f9:
                    58:45:41:cd:4b:be:3c:94:7b:6f:32:68:fb:c4:e6:
                    a2:20:c4:40:b1:69:70:12:b8:34:70:51:73:ea:30:
                    c1:4c:12:f7:eb:16:76:73:ea:31:de:5c:96:95:9d:
                    db:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:27:BA:E0:BF:40:73:5C:CB:2A:5E:C7:C0:5B:8B:D9:AC:C2:43:34
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ff6d0825-64c9-42eb-979c-d2252693e691.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daff:4010::/48

    Signature Algorithm: sha256WithRSAEncryption
         2e:f2:11:48:48:f0:38:2e:1a:14:6b:f1:dc:b7:fc:83:b3:86:
         3c:e5:20:16:58:2f:e0:20:a7:4e:b2:c5:9d:9b:77:0e:cd:a0:
         f2:bb:79:22:66:83:e1:51:c2:3b:ae:29:9a:7a:8d:98:2d:26:
         57:dd:41:5e:7f:35:2b:5d:ef:5a:c3:12:fc:ad:6f:da:9d:81:
         60:4c:68:37:d5:21:13:94:ff:cc:09:81:b7:94:e1:48:fa:5a:
         06:76:23:83:7f:6d:31:db:1d:80:eb:ce:fd:15:23:3d:65:a5:
         2c:3a:b6:61:d5:6a:ea:d0:20:bf:19:85:0a:7c:04:d6:de:b4:
         de:ed:2c:0a:1b:2d:4b:f7:7a:a5:39:9b:7e:12:d8:cb:a7:35:
         c2:73:74:4c:a7:a3:0d:a0:34:bc:63:db:21:bd:01:e0:92:60:
         05:71:8c:12:48:97:62:cf:dc:dd:31:60:e5:1a:40:c8:6f:80:
         1c:ab:f4:96:5c:2a:43:3a:99:96:cb:bc:a7:9f:12:18:37:67:
         84:80:7a:1d:a0:28:82:b5:1f:b1:ab:ae:db:e8:a3:33:3e:9e:
         d2:b6:3c:3f:4a:11:ab:e2:a4:4b:23:cf:7d:2b:8f:df:57:fb:
         35:de:e9:52:5b:39:fd:28:03:8b:6d:34:f7:e2:0d:1a:05:6b:
         c8:a6:22:b0
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUI+mTlSaIiIr6CaXUpi+sIvD8Y58wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNAY2UxYjBkNDMxZDg1MDM2OGQwNmQ0
YThiNjc4OWMzNzU2ZWMwMDlkMTdkODhkYzE4MTY4ZWQzNmEyYTZiZjRlYzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlvfHELGQ4c6dXs4BwTld+B0pFz6q
q0dXvYQYMknlBpgCH+n/rdsedfcxWGK16mzmdrcidmushsSCLnYg7H+tt3YNkd9F
2xJHqH2wj2BIXeborFQYtjAadv0UsOBcWxdMYvrrmuR1VOo1kn7ss0NhVMcSrjfg
0IERTSHNlnBYgiFsy+pIwfK++rT5jJUvudXIu8JICbUC5YfNJx8fFMEjjx2UGGUa
gpC5Kq3EjKLiRfJXc1geV2ipJqLYKQ2vDopuU2BFJxnshNTVPKdxSHvIgvlYRUHN
S748lHtvMmj7xOaiIMRAsWlwErg0cFFz6jDBTBL36xZ2c+ox3lyWlZ3bxQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFIgnuuC/QHNcyypex8Bbi9mswkM0MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2ZmNmQwODI1LTY0YzktNDJlYi05NzljLWQyMjUyNjkzZTY5MS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAba/0AQMA0GCSqGSIb3DQEBCwUAA4IBAQAu8hFISPA4LhoUa/Hc
t/yDs4Y85SAWWC/gIKdOssWdm3cOzaDyu3kiZoPhUcI7rimaeo2YLSZX3UFefzUr
Xe9awxL8rW/anYFgTGg31SETlP/MCYG3lOFI+loGdiODf20x2x2A6879FSM9ZaUs
OrZh1Wrq0CC/GYUKfATW3rTe7SwKGy1L93qlOZt+EtjLpzXCc3RMp6MNoDS8Y9sh
vQHgkmAFcYwSSJdiz9zdMWDlGkDIb4Acq/SWXCpDOpmWy7ynnxIYN2eEgHodoCiC
tR+xq67b6KMzPp7Stjw/ShGr4qRLI899K4/fV/s13ulSWzn9KAOLbTT34g0aBWvI
piKw
-----END CERTIFICATE-----