Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/03425bfb-6403-499d-9f86-08b55faaec06.roa
File:                     03425bfb-6403-499d-9f86-08b55faaec06.roa (raw, json)
Hash identifier:          rNQhA40dc/y8g7xebTgjH0x6vPqfQCgyVgtm+z5+2CM=
Subject key identifier:   4F:68:0B:B9:FC:64:3F:1E:D3:89:9B:F6:A3:5F:DF:42:78:33:01:DF
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3FEAB562ECE3EC76629F593CFE8D30302B1C0648
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/03425bfb-6403-499d-9f86-08b55faaec06.roa
Signing time:             Fri 10 Nov 2023 00:00:00 +0000
ROA not before:           Fri 10 Nov 2023 00:00:00 +0000
ROA not after:            Fri 15 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:ea:b5:62:ec:e3:ec:76:62:9f:59:3c:fe:8d:30:30:2b:1c:06:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 10 00:00:00 2023 GMT
            Not After : Dec 15 23:59:59 2023 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:f0:ed:d7:35:79:2e:6e:4d:cd:82:13:09:dc:
                    e0:b2:c2:8d:1f:62:12:70:44:12:f0:86:ff:6f:72:
                    71:24:f0:08:21:42:db:1c:16:2a:4a:be:09:c9:82:
                    a9:c9:d9:4d:e2:0a:54:cf:28:91:ef:62:a9:cb:c1:
                    5a:7d:3a:0e:56:ab:63:38:98:95:de:31:e5:df:0b:
                    e8:0c:d0:ef:dc:0b:73:5f:d8:20:64:7a:36:37:f0:
                    9c:35:42:2f:2c:9a:67:93:10:e2:ef:ad:9b:8a:5b:
                    3f:78:d3:9a:74:46:f3:0b:db:79:58:4f:06:8f:a7:
                    92:1e:1d:1b:a9:86:c5:b2:7e:36:81:95:79:e4:d8:
                    b8:fe:c5:3e:61:1e:f5:32:c3:d1:f6:a3:f3:bb:67:
                    55:94:26:d3:6d:62:b7:7f:de:6f:e5:5a:57:eb:bf:
                    16:c4:6b:a5:b6:2e:11:34:4e:8a:27:8a:e0:31:02:
                    c0:16:3f:e9:47:99:e4:e6:68:02:67:d6:be:0a:ee:
                    e0:e8:8b:16:e6:ee:b6:07:f6:01:73:df:31:71:74:
                    41:49:99:1e:34:a0:cb:63:d1:2f:28:ea:77:5e:8b:
                    7a:56:d8:62:95:f8:8c:7c:ea:3d:f3:b0:aa:42:a6:
                    8c:b5:58:01:1c:8a:0d:7e:5f:f2:3f:f6:fc:17:d5:
                    a7:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:68:0B:B9:FC:64:3F:1E:D3:89:9B:F6:A3:5F:DF:42:78:33:01:DF
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/03425bfb-6403-499d-9f86-08b55faaec06.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:13:52:22:f4:52:6e:2d:0f:f0:bf:8b:ed:76:0a:1f:43:0a:
         e8:fe:04:0e:12:5c:b0:78:a8:64:2b:6e:56:20:bc:6f:2e:7a:
         e0:f4:a4:c4:1b:51:b6:f8:e5:b8:48:85:b1:6b:4e:71:17:47:
         c3:78:e3:b6:f5:86:92:a2:51:7b:4c:f3:03:a3:16:da:36:6e:
         2d:02:3c:35:e1:4a:b1:19:22:08:8e:8e:d9:b2:a6:be:3c:92:
         f6:0f:41:18:88:19:ea:2a:33:f7:47:e6:1d:e7:df:b2:90:8e:
         a2:58:df:9d:bb:f6:5d:7b:fd:b9:c7:28:ee:11:af:2c:de:72:
         fb:5e:2f:e2:55:ab:97:51:65:ab:1b:8b:71:a8:f2:87:1f:6a:
         0d:1c:00:6f:31:0f:36:fb:e3:15:61:40:e5:aa:8d:92:b1:f3:
         e1:be:8e:ca:00:11:09:f7:93:ef:6f:4f:1d:b3:96:71:e7:2e:
         95:64:aa:8f:6d:de:db:91:f9:a9:e2:60:4e:10:b8:67:22:39:
         b4:ae:b1:be:7c:b2:f3:2b:d0:20:6a:94:ba:e2:9a:f7:90:77:
         60:69:32:f0:bf:c6:8e:f8:39:62:85:4f:5f:ce:48:3d:1a:2c:
         4c:6b:89:bf:45:35:b3:c2:c6:93:ad:09:3e:0b:92:3b:84:67:
         e0:62:fa:22
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUP+q1Yuzj7HZin1k8/o0wMCscBkgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTEwMDAwMDAwWhcNMjMxMjE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A2YzQzYWQ3OTMwMjc2NzQwOTc3NTg0ZjFmM2FiZTljZTZh
YTY5YzBmMGQwNzAyMmI4N2EwMjM2YmI1ZWJjNjE3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDb8O3XNXkubk3NghMJ3OCywo0fYhJwRBLwhv9vcnEk8Agh
QtscFipKvgnJgqnJ2U3iClTPKJHvYqnLwVp9Og5Wq2M4mJXeMeXfC+gM0O/cC3Nf
2CBkejY38Jw1Qi8smmeTEOLvrZuKWz9405p0RvML23lYTwaPp5IeHRuphsWyfjaB
lXnk2Lj+xT5hHvUyw9H2o/O7Z1WUJtNtYrd/3m/lWlfrvxbEa6W2LhE0TooniuAx
AsAWP+lHmeTmaAJn1r4K7uDoixbm7rYH9gFz3zFxdEFJmR40oMtj0S8o6ndei3pW
2GKV+Ix86j3zsKpCpoy1WAEcig1+X/I/9vwX1af3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUT2gLufxkPx7TiZv2o1/fQngzAd8wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzAzNDI1YmZiLTY0MDMtNDk5ZC05Zjg2LTA4YjU1ZmFhZWMwNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAK8TUiL0Um4tD/C/i+12Ch9DCuj+
BA4SXLB4qGQrblYgvG8ueuD0pMQbUbb45bhIhbFrTnEXR8N447b1hpKiUXtM8wOj
Fto2bi0CPDXhSrEZIgiOjtmypr48kvYPQRiIGeoqM/dH5h3n37KQjqJY35279l17
/bnHKO4RryzecvteL+JVq5dRZasbi3Go8ocfag0cAG8xDzb74xVhQOWqjZKx8+G+
jsoAEQn3k+9vTx2zlnHnLpVkqo9t3tuR+aniYE4QuGciObSusb58svMr0CBqlLri
mveQd2BpMvC/xo74OWKFT1/OSD0aLExrib9FNbPCxpOtCT4LkjuEZ+Bi+iI=
-----END CERTIFICATE-----