Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/17819617-aa3c-4b74-8c34-fd3374a665bb.roa
File:                     17819617-aa3c-4b74-8c34-fd3374a665bb.roa (raw, json)
Hash identifier:          0wLVrXjeTYd+WBkSE9Sw+aQq1FZFig6EHp82TzkAr4I=
Subject key identifier:   9C:C5:DB:A1:F3:5F:6F:D7:F2:F8:B0:DE:7A:02:6F:5D:20:B6:47:40
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7D77B1C5ED800B5A710B0922D32B14AD30FBF653
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/17819617-aa3c-4b74-8c34-fd3374a665bb.roa
Signing time:             Fri 08 Sep 2023 00:00:00 +0000
ROA not before:           Fri 08 Sep 2023 00:00:00 +0000
ROA not after:            Fri 13 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:77:b1:c5:ed:80:0b:5a:71:0b:09:22:d3:2b:14:ad:30:fb:f6:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep  8 00:00:00 2023 GMT
            Not After : Oct 13 23:59:59 2023 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:87:c4:7e:df:13:a8:c8:80:64:fa:6b:bc:6f:
                    26:b1:22:f8:4c:1e:a7:2f:35:56:01:88:4a:e6:c8:
                    11:00:65:db:a9:44:cf:d3:ed:4f:b0:39:2a:9c:c9:
                    66:d5:ce:5b:c5:10:31:a3:70:9f:e5:f9:b3:4e:ff:
                    7e:d0:f0:c1:15:dd:d4:77:e3:10:7e:31:2e:4b:3a:
                    78:06:54:5a:15:a1:ad:f1:e4:c2:57:cb:98:1e:84:
                    33:74:1e:61:1f:87:9a:bb:6b:40:86:f6:6f:76:f9:
                    63:7a:ad:a5:62:d7:74:c3:5e:8c:5e:88:03:81:1c:
                    f0:8e:21:3e:53:75:bf:15:df:9f:1d:0d:60:ca:fb:
                    18:9f:55:1f:17:b0:fc:08:94:78:36:92:9a:d2:fb:
                    67:4a:5e:76:c1:a0:d7:55:57:18:e8:19:25:63:9a:
                    0f:b9:20:61:61:e9:ca:2a:9b:75:14:76:2f:d6:a8:
                    75:40:88:c4:cc:30:4d:ed:2d:dd:47:20:e8:e8:d1:
                    bd:23:9f:79:3d:e2:2c:48:b7:b1:1e:07:6e:43:a5:
                    c5:e6:3f:3a:e0:94:3a:cf:fa:96:10:5d:64:06:29:
                    3a:93:82:22:3f:a5:72:cb:81:01:ce:39:bb:86:dd:
                    c6:e6:de:d0:7b:cb:29:c5:31:c4:75:cc:5f:94:07:
                    45:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:C5:DB:A1:F3:5F:6F:D7:F2:F8:B0:DE:7A:02:6F:5D:20:B6:47:40
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/17819617-aa3c-4b74-8c34-fd3374a665bb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:ce:b1:e8:c3:54:68:d5:54:cc:c1:19:2a:54:9c:f1:44:98:
         5e:22:a6:7b:5f:66:93:ce:28:a1:26:8e:33:57:ee:03:95:f5:
         58:90:0d:43:4e:40:f8:40:e8:46:6f:2f:33:00:f7:e2:22:22:
         7e:96:01:e1:8f:38:b2:7f:4b:a5:4f:4a:d7:57:70:de:c5:3f:
         78:40:39:c7:65:9a:d5:8d:47:7c:7b:70:02:48:d4:04:c4:8d:
         42:bb:c4:05:7a:69:ab:34:a7:ae:30:fe:fa:19:f6:20:04:b8:
         07:9b:b1:43:b0:ee:09:aa:81:e7:ba:79:16:43:f9:60:16:02:
         ef:73:79:9e:71:f1:8f:99:f2:be:d2:7a:02:ee:a7:37:48:04:
         32:de:e7:c1:e2:2e:9c:e1:7a:d6:3b:1c:00:72:eb:12:39:12:
         d9:68:0f:cf:04:fe:f3:ef:a8:a9:f7:cc:3d:6d:e6:45:b3:b6:
         10:47:6d:68:52:7b:49:68:f1:e0:27:4a:71:fe:db:b3:e0:f5:
         81:fa:5f:ab:6e:94:24:e0:fc:b7:5f:0e:71:45:b2:f5:a8:f6:
         67:94:86:bd:7a:68:04:fe:71:4a:ae:d1:0c:a7:02:96:07:e6:
         27:71:fa:a5:e6:3d:f6:44:75:00:1b:66:e0:30:77:e1:db:02:
         16:72:04:f2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfXexxe2AC1pxCwki0ysUrTD79lMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTA4MDAwMDAwWhcNMjMxMDEzMjM1OTU5
WjB6MUkwRwYDVQQFE0AxNTcxYzIxOTYyODU0NGJlZjI3ZmZmZGRmNzZjYTk0ZGJm
YjVlNGM5ZjRmMzE4NTk2NDVmNDEzMDg1NzM5MDQ2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1h8R+3xOoyIBk+mu8byaxIvhMHqcvNVYBiErmyBEAZdup
RM/T7U+wOSqcyWbVzlvFEDGjcJ/l+bNO/37Q8MEV3dR34xB+MS5LOngGVFoVoa3x
5MJXy5gehDN0HmEfh5q7a0CG9m92+WN6raVi13TDXoxeiAOBHPCOIT5Tdb8V358d
DWDK+xifVR8XsPwIlHg2kprS+2dKXnbBoNdVVxjoGSVjmg+5IGFh6coqm3UUdi/W
qHVAiMTMME3tLd1HIOjo0b0jn3k94ixIt7EeB25DpcXmPzrglDrP+pYQXWQGKTqT
giI/pXLLgQHOObuG3cbm3tB7yynFMcR1zF+UB0WDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUnMXbofNfb9fy+LDeegJvXSC2R0AwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzE3ODE5NjE3LWFhM2MtNGI3NC04YzM0LWZkMzM3NGE2NjViYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFXOsejDVGjVVMzBGSpUnPFEmF4i
pntfZpPOKKEmjjNX7gOV9ViQDUNOQPhA6EZvLzMA9+IiIn6WAeGPOLJ/S6VPStdX
cN7FP3hAOcdlmtWNR3x7cAJI1ATEjUK7xAV6aas0p64w/voZ9iAEuAebsUOw7gmq
gee6eRZD+WAWAu9zeZ5x8Y+Z8r7SegLupzdIBDLe58HiLpzhetY7HABy6xI5Etlo
D88E/vPvqKn3zD1t5kWzthBHbWhSe0lo8eAnSnH+27Pg9YH6X6tulCTg/LdfDnFF
svWo9meUhr16aAT+cUqu0QynApYH5idx+qXmPfZEdQAbZuAwd+HbAhZyBPI=
-----END CERTIFICATE-----