Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0207c58c-be0c-426f-b66a-aa33238f5a42.roa
File:                     0207c58c-be0c-426f-b66a-aa33238f5a42.roa (raw, json)
Hash identifier:          V+JuUGiNoiPmpvQ/lWlklJo1l9bceQ6tUfiUWTVzAok=
Subject key identifier:   0A:B3:88:D8:6F:CC:53:49:6D:11:CE:79:70:51:4B:A0:5D:8D:4C:0E
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       404507107461DE71874BA18365E1B2696AD934D0
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0207c58c-be0c-426f-b66a-aa33238f5a42.roa
Signing time:             Sat 07 Sep 2024 00:00:00 +0000
ROA not before:           Sat 07 Sep 2024 00:00:00 +0000
ROA not after:            Sat 12 Oct 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:45:07:10:74:61:de:71:87:4b:a1:83:65:e1:b2:69:6a:d9:34:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep  7 00:00:00 2024 GMT
            Not After : Oct 12 23:59:59 2024 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:e6:fd:ac:69:14:f2:3f:00:c4:81:ad:2d:46:
                    e3:b6:a7:0c:09:65:5a:be:a6:c6:82:95:89:88:90:
                    2c:0f:d2:55:c3:1d:ed:39:b4:2d:99:9f:f2:8c:66:
                    7b:dc:68:16:52:dd:51:b3:d8:0f:5a:ea:a6:35:de:
                    a4:85:5e:f2:b9:8f:49:09:64:ac:63:61:46:31:92:
                    9a:ec:5a:ea:fe:cf:69:c9:82:9a:c0:92:5c:88:d9:
                    48:8c:79:7e:45:1c:29:c0:07:fd:95:58:ec:88:a7:
                    87:ee:33:16:46:41:d6:66:29:ac:6e:ab:1b:7e:10:
                    7d:f7:6a:e8:d7:c0:37:b7:42:5e:bb:3a:92:23:0c:
                    04:d5:65:e4:65:4a:e9:5b:fb:01:58:84:29:1f:32:
                    ca:04:37:f8:37:b0:c2:9d:a6:15:1b:34:ef:07:af:
                    0f:c2:82:2a:3f:f2:c5:a7:88:d3:c0:ff:9e:a9:ba:
                    5d:46:7c:62:33:91:d5:f2:e0:7e:17:98:a3:0b:f3:
                    0e:ba:37:7c:92:3c:f3:14:11:f3:e1:8b:5d:d2:79:
                    fc:8b:26:16:99:da:a9:86:32:fe:19:d8:67:4c:9f:
                    d2:88:70:cd:4f:d6:4e:76:b2:3d:0e:c9:e3:75:b8:
                    3e:a9:89:d3:67:0f:4c:c6:82:cf:61:f4:f2:4f:96:
                    b6:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:B3:88:D8:6F:CC:53:49:6D:11:CE:79:70:51:4B:A0:5D:8D:4C:0E
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0207c58c-be0c-426f-b66a-aa33238f5a42.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:62:df:b5:e9:74:48:fd:24:4c:79:9a:3d:ed:b0:00:92:76:
         47:4c:c1:b7:74:57:6f:9c:09:b9:a0:9e:6e:18:7f:96:6c:01:
         56:45:0d:24:7f:27:e0:cb:22:b0:b8:3f:ce:af:97:20:e1:12:
         3e:d2:c5:57:41:0f:d8:ea:2e:f6:07:b4:f9:5e:0c:7d:d7:dd:
         f3:2c:23:9e:f1:fe:70:e9:3d:46:9a:52:8f:7d:ec:de:0f:5b:
         9a:70:73:b1:2d:f6:d4:63:27:c1:93:99:e1:5e:33:d0:e4:45:
         b9:b3:4d:23:91:9a:30:b6:c9:06:2c:20:d5:b2:d7:c4:d8:b9:
         ac:36:ed:43:39:be:36:34:e4:67:89:d1:b2:38:ad:1b:58:37:
         e3:a5:67:db:9f:b6:fe:13:df:bf:6c:dd:cd:c4:80:1c:31:37:
         73:82:33:6d:30:5d:c2:c5:b5:9f:d4:1d:bb:59:79:b7:6b:26:
         c0:eb:21:64:b5:b7:69:6c:29:2c:41:04:57:7b:2e:c2:9f:83:
         ca:04:80:55:c8:5a:0e:ec:23:51:98:aa:00:47:eb:09:7b:d2:
         be:6c:5f:84:49:f5:c2:b5:07:bd:91:5f:3b:ea:d1:30:4d:d5:
         61:24:4a:69:b7:d5:c3:cd:19:76:b2:d3:66:93:cf:72:7e:69:
         1a:53:91:27
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQEUHEHRh3nGHS6GDZeGyaWrZNNAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwOTA3MDAwMDAwWhcNMjQxMDEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A1ZTFkYTQ3OTZkZjcyMWQyYjIzZGUxZDE3ZTIxNzg3MjM1
NjY4OTczN2I5MTMzYWVlZDVkNjJkMGEzN2Q5MDUzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCC5v2saRTyPwDEga0tRuO2pwwJZVq+psaClYmIkCwP0lXD
He05tC2Zn/KMZnvcaBZS3VGz2A9a6qY13qSFXvK5j0kJZKxjYUYxkprsWur+z2nJ
gprAklyI2UiMeX5FHCnAB/2VWOyIp4fuMxZGQdZmKaxuqxt+EH33aujXwDe3Ql67
OpIjDATVZeRlSulb+wFYhCkfMsoEN/g3sMKdphUbNO8Hrw/Cgio/8sWniNPA/56p
ul1GfGIzkdXy4H4XmKML8w66N3ySPPMUEfPhi13SefyLJhaZ2qmGMv4Z2GdMn9KI
cM1P1k52sj0OyeN1uD6pidNnD0zGgs9h9PJPlrb9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUCrOI2G/MU0ltEc55cFFLoF2NTA4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzAyMDdjNThjLWJlMGMtNDI2Zi1iNjZhLWFhMzMyMzhmNWE0Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADFi37XpdEj9JEx5mj3tsACSdkdM
wbd0V2+cCbmgnm4Yf5ZsAVZFDSR/J+DLIrC4P86vlyDhEj7SxVdBD9jqLvYHtPle
DH3X3fMsI57x/nDpPUaaUo997N4PW5pwc7Et9tRjJ8GTmeFeM9DkRbmzTSORmjC2
yQYsINWy18TYuaw27UM5vjY05GeJ0bI4rRtYN+OlZ9uftv4T379s3c3EgBwxN3OC
M20wXcLFtZ/UHbtZebdrJsDrIWS1t2lsKSxBBFd7LsKfg8oEgFXIWg7sI1GYqgBH
6wl70r5sX4RJ9cK1B72RXzvq0TBN1WEkSmm31cPNGXay02aTz3J+aRpTkSc=
-----END CERTIFICATE-----