Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ffd89ff2-4de6-4517-88fc-12345cabb969.roa
File:                     ffd89ff2-4de6-4517-88fc-12345cabb969.roa (raw, json)
Hash identifier:          8wQ6UX3PvLqSmlPjBLRn5bR5L/40ClfwoWx+uZwm6Q4=
Subject key identifier:   64:95:BD:EF:33:11:4C:1D:98:CB:57:EF:27:D9:CC:19:D4:B1:44:9C
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       592E7BDC4ED0284299D22E2FF0C5087301D72FBD
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ffd89ff2-4de6-4517-88fc-12345cabb969.roa
Signing time:             Fri 10 Jan 2025 00:00:00 +0000
ROA not before:           Fri 10 Jan 2025 00:00:00 +0000
ROA not after:            Fri 14 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da15::/36 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:2e:7b:dc:4e:d0:28:42:99:d2:2e:2f:f0:c5:08:73:01:d7:2f:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan 10 00:00:00 2025 GMT
            Not After : Feb 14 23:59:59 2025 GMT
        Subject: serialNumber=f6724ac8caee547dda79e7d53f84c12cf8dfe6f5ce77d234ad7cd2ca68eec5cc, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:73:e1:b2:29:dc:b8:c3:75:87:fc:8d:7b:14:
                    22:23:70:99:8b:e9:8f:a6:da:d5:4c:2c:65:c2:59:
                    3e:b9:14:db:d3:e5:a5:63:5b:40:ea:21:91:9c:c3:
                    e4:07:6b:33:d7:e5:f0:f1:68:4b:47:fe:28:ae:1d:
                    32:f8:c3:03:ec:20:e6:5d:40:f7:2b:06:21:e0:86:
                    7d:2f:7d:d6:fc:51:21:4d:e6:35:b4:a1:58:58:a9:
                    72:c4:65:e0:37:3e:a7:62:e7:a2:69:d0:d0:43:d7:
                    9d:e3:17:0a:12:b0:47:4a:ac:d3:99:93:66:a1:78:
                    f9:86:e3:ea:d6:54:aa:d8:fb:1d:0e:5f:f1:30:de:
                    50:aa:9c:a4:ea:27:c7:83:0f:d6:94:77:f0:2b:3e:
                    62:71:08:82:01:f6:4f:09:13:5a:51:d5:f8:35:ed:
                    ad:d2:d7:76:13:de:7b:73:cb:97:bf:ac:f0:5a:97:
                    66:00:c4:77:a0:53:ac:bd:7b:6f:16:2c:cc:55:b4:
                    60:62:9d:ae:5c:91:91:86:e2:72:b7:54:80:20:97:
                    62:9c:36:ae:88:53:90:79:5e:3e:98:00:63:3f:26:
                    15:db:50:e3:46:2a:9b:8f:f1:38:67:0d:b0:57:e9:
                    dc:c4:1e:1f:85:5f:23:f7:df:ae:77:f4:22:cd:de:
                    64:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:95:BD:EF:33:11:4C:1D:98:CB:57:EF:27:D9:CC:19:D4:B1:44:9C
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ffd89ff2-4de6-4517-88fc-12345cabb969.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da15::/36

    Signature Algorithm: sha256WithRSAEncryption
         69:19:4c:01:49:e3:e0:1f:3a:a3:fb:a2:08:b9:e2:0a:49:35:
         76:ed:55:4b:34:f2:05:a1:b6:1e:bf:f8:71:a8:d7:3d:90:16:
         1e:f8:3b:30:10:7e:6f:b5:f6:3c:15:20:5a:38:24:f0:ee:6a:
         fd:4e:ba:9f:e8:9c:aa:2c:af:10:cf:83:da:36:70:0c:99:40:
         f6:8b:a6:0f:d3:43:41:92:69:d7:d5:ab:73:74:dd:6a:92:15:
         ec:56:39:df:a2:0d:e3:9d:e3:59:a5:98:e3:f5:c9:5d:b9:37:
         d0:33:30:58:f4:2c:6c:e7:af:62:d9:4a:34:01:5f:45:f9:62:
         a7:47:d1:53:50:2c:75:42:08:29:4b:3d:49:25:62:ab:62:fe:
         a8:02:31:cc:83:fe:98:1c:90:b6:f1:11:94:61:38:16:d9:73:
         a5:b3:f5:32:ce:07:2a:0c:c9:8b:c4:28:7f:26:86:4c:c5:98:
         44:1f:83:28:bf:94:c9:2e:55:ca:21:c2:39:c5:54:8c:3f:39:
         48:52:38:04:d1:35:8b:2d:d5:4e:9f:a9:a9:ef:47:06:6b:da:
         6d:31:5d:67:11:9b:e9:53:d7:eb:34:1b:a8:7a:5d:3e:4a:5f:
         bc:cb:fb:fb:b1:de:23:fb:24:5f:f0:0a:ec:96:09:ff:08:e7:
         78:a8:00:73
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUWS573E7QKEKZ0i4v8MUIcwHXL70wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDExMDAwMDAwMFoX
DTI1MDIxNDIzNTk1OVowejFJMEcGA1UEBRNAZjY3MjRhYzhjYWVlNTQ3ZGRhNzll
N2Q1M2Y4NGMxMmNmOGRmZTZmNWNlNzdkMjM0YWQ3Y2QyY2E2OGVlYzVjYzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsHPhsincuMN1h/yNexQiI3CZi+mP
ptrVTCxlwlk+uRTb0+WlY1tA6iGRnMPkB2sz1+Xw8WhLR/4orh0y+MMD7CDmXUD3
KwYh4IZ9L33W/FEhTeY1tKFYWKlyxGXgNz6nYueiadDQQ9ed4xcKErBHSqzTmZNm
oXj5huPq1lSq2PsdDl/xMN5Qqpyk6ifHgw/WlHfwKz5icQiCAfZPCRNaUdX4Ne2t
0td2E957c8uXv6zwWpdmAMR3oFOsvXtvFizMVbRgYp2uXJGRhuJyt1SAIJdinDau
iFOQeV4+mABjPyYV21DjRiqbj/E4Zw2wV+ncxB4fhV8j99+ud/Qizd5kSwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFGSVve8zEUwdmMtX7yfZzBnUsUScMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2ZmZDg5ZmYyLTRkZTYtNDUxNy04OGZjLTEyMzQ1Y2FiYjk2OS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYEJAbaFQAwDQYJKoZIhvcNAQELBQADggEBAGkZTAFJ4+AfOqP7ogi5
4gpJNXbtVUs08gWhth6/+HGo1z2QFh74OzAQfm+19jwVIFo4JPDuav1Oup/onKos
rxDPg9o2cAyZQPaLpg/TQ0GSadfVq3N03WqSFexWOd+iDeOd41mlmOP1yV25N9Az
MFj0LGznr2LZSjQBX0X5YqdH0VNQLHVCCClLPUklYqti/qgCMcyD/pgckLbxEZRh
OBbZc6Wz9TLOByoMyYvEKH8mhkzFmEQfgyi/lMkuVcohwjnFVIw/OUhSOATRNYst
1U6fqanvRwZr2m0xXWcRm+lT1+s0G6h6XT5KX7zL+/ux3iP7JF/wCuyWCf8I53io
AHM=
-----END CERTIFICATE-----