Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/102fa135-e119-4477-8c9e-096766a1cda6.roa
File:                     102fa135-e119-4477-8c9e-096766a1cda6.roa (raw, json)
Hash identifier:          NHPEHx05wVR4gaY/j+jtY+82vZ2nhs8c9a0WQYinRWQ=
Subject key identifier:   DE:54:AC:CD:11:83:FE:46:79:1C:52:27:D8:4D:21:BC:76:2D:68:80
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2ABC41ECE4D84B90D33A3302E91057CBBA260232
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/102fa135-e119-4477-8c9e-096766a1cda6.roa
Signing time:             Sat 23 Mar 2024 00:00:00 +0000
ROA not before:           Sat 23 Mar 2024 00:00:00 +0000
ROA not after:            Sat 27 Apr 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:bc:41:ec:e4:d8:4b:90:d3:3a:33:02:e9:10:57:cb:ba:26:02:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 23 00:00:00 2024 GMT
            Not After : Apr 27 23:59:59 2024 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:bc:cd:a8:a4:8e:1b:cc:d2:7d:ab:ef:9f:f4:
                    4c:07:23:16:7c:e7:29:0d:08:90:fb:e9:30:33:6e:
                    b7:6e:d4:5c:b4:13:a0:01:8a:a6:c4:9e:2d:9a:f7:
                    da:77:ac:0d:ef:48:31:61:82:a2:9f:ec:13:88:db:
                    87:c9:26:27:a2:c9:a1:77:b9:98:62:b3:3d:71:8b:
                    2b:3a:c7:61:cf:3e:f2:0b:60:2d:23:f6:31:bf:40:
                    e5:50:95:e1:f8:19:d9:d0:29:f2:34:e5:1a:07:98:
                    c2:2e:cf:95:6b:1a:19:5c:6d:26:d1:a5:86:c4:ed:
                    5b:14:0d:c7:92:69:48:c2:7e:90:78:67:5f:01:1d:
                    1b:3f:0f:21:e4:60:74:3c:30:cb:26:ae:6b:2d:4d:
                    b9:55:aa:ae:45:52:df:55:2b:a5:be:e3:5c:2a:2d:
                    0d:86:ed:2c:42:59:3d:5f:eb:db:f1:14:82:33:67:
                    56:3c:6c:27:14:08:ca:58:56:0c:f5:17:7f:77:09:
                    25:43:e1:94:aa:32:9f:22:fb:23:7c:8a:26:5a:14:
                    96:1a:22:72:2b:52:a6:d6:ff:8a:6c:14:c9:cc:de:
                    a0:7a:7e:2b:16:d2:72:d2:58:90:26:20:fc:a3:fb:
                    9c:99:2f:9f:55:e1:d0:c4:81:1b:cf:fc:da:08:97:
                    af:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:54:AC:CD:11:83:FE:46:79:1C:52:27:D8:4D:21:BC:76:2D:68:80
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/102fa135-e119-4477-8c9e-096766a1cda6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:35:bd:97:1b:9d:88:fd:04:3f:cb:db:a3:52:b7:25:13:fe:
         48:ce:72:b5:53:92:4c:57:ea:d1:16:de:15:64:8f:8f:ca:50:
         7e:75:47:61:5b:a8:29:cc:6b:82:73:ce:97:2d:5e:68:9d:85:
         63:83:1f:ce:f3:bc:73:53:0f:4f:d3:99:c3:3e:d5:ac:0f:14:
         5a:73:47:2b:4c:e1:b8:7d:45:d0:65:9b:92:02:04:21:08:65:
         4b:ae:f7:89:b4:e0:27:e8:45:9d:fc:93:52:b7:f0:cf:45:71:
         31:a4:98:0c:fc:70:bd:d8:4b:12:c7:f6:74:f3:e7:c7:c5:35:
         7c:26:c3:17:ce:53:ea:ed:c9:5f:f6:fe:6a:72:41:06:8b:8f:
         bd:59:1e:bb:db:5b:84:07:1f:dd:a2:c8:5c:6f:ec:30:7e:47:
         1c:92:02:ad:4b:a7:1c:8d:6a:89:29:09:3e:e8:1f:15:54:11:
         fd:08:a2:8f:45:0b:d2:33:6b:62:c3:1f:ee:e3:94:99:28:c1:
         1e:d8:14:25:95:91:93:5b:f1:e4:bd:ac:dc:4d:c2:f9:db:4a:
         b7:66:1b:5d:9b:72:38:91:8c:5d:bb:62:9d:17:7a:ec:c1:06:
         84:16:39:5b:ab:c1:6a:17:45:7e:f4:fe:fd:39:a7:cb:59:fc:
         26:13:17:bd
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKrxB7OTYS5DTOjMC6RBXy7omAjIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMzIzMDAwMDAwWhcNMjQwNDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BhODAxNmU5NTczZWY2MDFiNzczODA2ZGE5ZDVmMmY4Yzc5
ZjQ0MjkxODRkMWQ3NDE0ODM0ZWJhNzU2MmQ4ZjgwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDvM2opI4bzNJ9q++f9EwHIxZ85ykNCJD76TAzbrdu1Fy0
E6ABiqbEni2a99p3rA3vSDFhgqKf7BOI24fJJieiyaF3uZhisz1xiys6x2HPPvIL
YC0j9jG/QOVQleH4GdnQKfI05RoHmMIuz5VrGhlcbSbRpYbE7VsUDceSaUjCfpB4
Z18BHRs/DyHkYHQ8MMsmrmstTblVqq5FUt9VK6W+41wqLQ2G7SxCWT1f69vxFIIz
Z1Y8bCcUCMpYVgz1F393CSVD4ZSqMp8i+yN8iiZaFJYaInIrUqbW/4psFMnM3qB6
fisW0nLSWJAmIPyj+5yZL59V4dDEgRvP/NoIl6/xAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU3lSszRGD/kZ5HFIn2E0hvHYtaIAwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzEwMmZhMTM1LWUxMTktNDQ3Ny04YzllLTA5Njc2NmExY2RhNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFM1vZcbnYj9BD/L26NStyUT/kjO
crVTkkxX6tEW3hVkj4/KUH51R2FbqCnMa4JzzpctXmidhWODH87zvHNTD0/TmcM+
1awPFFpzRytM4bh9RdBlm5ICBCEIZUuu94m04CfoRZ38k1K38M9FcTGkmAz8cL3Y
SxLH9nTz58fFNXwmwxfOU+rtyV/2/mpyQQaLj71ZHrvbW4QHH92iyFxv7DB+RxyS
Aq1LpxyNaokpCT7oHxVUEf0Ioo9FC9Iza2LDH+7jlJkowR7YFCWVkZNb8eS9rNxN
wvnbSrdmG12bcjiRjF27Yp0XeuzBBoQWOVurwWoXRX70/v05p8tZ/CYTF70=
-----END CERTIFICATE-----