Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/23369ee1-1997-45d2-bec5-c7fdde81e9a4.roa
File:                     23369ee1-1997-45d2-bec5-c7fdde81e9a4.roa (raw, json)
Hash identifier:          PTyBB+LSvxplbrWOMvZSR1uA1ymTP0ecDcI1kZKie5w=
Subject key identifier:   DC:4E:7A:42:AF:B7:DF:00:E9:86:C1:04:76:D4:C5:65:57:AA:0B:7C
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       20D78F421661A5F6CC63245B9B1573240D1A443E
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/23369ee1-1997-45d2-bec5-c7fdde81e9a4.roa
Signing time:             Wed 05 Mar 2025 18:13:22 +0000
ROA not before:           Wed 05 Mar 2025 18:13:22 +0000
ROA not after:            Wed 09 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:d7:8f:42:16:61:a5:f6:cc:63:24:5b:9b:15:73:24:0d:1a:44:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar  5 18:13:22 2025 GMT
            Not After : Apr  9 23:59:59 2025 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:fd:e6:54:48:86:7b:6f:ea:b3:63:7e:b8:6f:
                    f2:2f:2b:5e:7f:22:51:0a:f7:53:12:88:99:44:dc:
                    73:96:1b:20:85:97:31:f9:81:f8:b0:d1:ed:51:fb:
                    36:56:ee:71:c7:f4:51:5d:a2:b7:c7:72:59:80:74:
                    cc:44:fb:49:51:b1:ce:69:c5:89:d1:bd:91:d7:1e:
                    08:87:c1:31:f5:b1:06:bc:ac:6c:56:fa:14:56:9b:
                    f7:e7:1b:c3:8f:6a:ef:13:32:a4:9d:a9:91:26:46:
                    71:0a:ff:f0:a7:e9:be:65:a5:98:7b:6b:a1:13:03:
                    85:bb:17:08:39:9b:6b:91:19:8e:7d:98:95:6d:61:
                    23:81:bb:3c:7a:8b:97:96:a2:f1:aa:39:91:36:65:
                    25:69:8c:e5:4e:30:dc:df:13:81:4f:c2:25:30:cc:
                    24:db:49:c4:26:6a:a6:a6:95:63:4e:80:e5:a4:1f:
                    6f:88:bb:53:4d:84:4b:76:c4:1a:e1:62:ff:38:00:
                    ad:4b:18:03:e6:6c:4c:3e:ae:c4:93:2f:0b:0a:43:
                    8b:5f:6e:33:19:f1:69:6b:9d:8d:f1:35:0f:2d:7a:
                    7a:f2:64:00:c1:4b:d6:1e:62:9b:4b:37:17:e2:fb:
                    d3:4d:a5:8a:35:11:4d:17:f3:96:4c:5a:f4:73:33:
                    02:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:4E:7A:42:AF:B7:DF:00:E9:86:C1:04:76:D4:C5:65:57:AA:0B:7C
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/23369ee1-1997-45d2-bec5-c7fdde81e9a4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:7b:aa:75:7f:7a:a0:44:40:39:6b:12:d5:f3:b0:03:b7:cc:
         30:99:5b:c3:41:fb:ad:eb:ab:10:46:c4:1a:b9:ee:ab:02:15:
         39:f7:50:26:ba:3f:c5:db:86:63:66:23:6f:99:82:8b:51:12:
         8a:65:c2:c1:25:97:cc:5f:57:24:75:c1:72:dd:80:41:5c:56:
         9f:fa:84:5e:c9:b5:15:9e:7a:7c:fd:c9:0e:2f:d8:c0:15:01:
         b7:a3:b7:00:8c:5e:35:9f:51:ca:ec:49:9c:c3:60:9d:c6:88:
         b6:d7:cf:77:55:d2:6b:3b:50:27:f0:d1:a9:68:35:30:49:46:
         71:f2:08:70:dd:e9:b3:1a:48:8d:2c:d2:e9:e9:bc:09:83:f7:
         3c:fc:0b:3f:6d:d5:71:f1:d2:93:70:c8:10:dc:2a:49:63:ee:
         c9:66:ad:fd:3d:34:7e:2a:3c:42:cc:7a:8c:94:ab:5a:1e:a7:
         85:25:61:4e:48:24:bf:1f:0e:72:2a:d0:47:7e:8f:15:fa:e1:
         64:fd:9d:3d:9c:04:7c:0f:47:ef:f1:b1:8d:3b:16:42:cf:11:
         b1:8f:db:ec:51:44:eb:69:4e:81:2d:23:47:73:9e:78:75:dd:
         0f:2e:dc:5c:24:95:ae:d0:b0:d5:d1:52:91:84:0f:7c:c3:c7:
         01:6b:5d:78
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUINePQhZhpfbMYyRbmxVzJA0aRD4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzA1MTgxMzIyWhcNMjUwNDA5MjM1OTU5
WjB6MUkwRwYDVQQFE0AxODlmNDIyNDdhYzFkOGYwMmEwNjJjZTk4ZDAxMjM4OTVh
Njk1MzU2NjI1ZmJhMGExMTc0MDk3MjJkY2JiNTEwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC4/eZUSIZ7b+qzY364b/IvK15/IlEK91MSiJlE3HOWGyCF
lzH5gfiw0e1R+zZW7nHH9FFdorfHclmAdMxE+0lRsc5pxYnRvZHXHgiHwTH1sQa8
rGxW+hRWm/fnG8OPau8TMqSdqZEmRnEK//Cn6b5lpZh7a6ETA4W7Fwg5m2uRGY59
mJVtYSOBuzx6i5eWovGqOZE2ZSVpjOVOMNzfE4FPwiUwzCTbScQmaqamlWNOgOWk
H2+Iu1NNhEt2xBrhYv84AK1LGAPmbEw+rsSTLwsKQ4tfbjMZ8WlrnY3xNQ8tenry
ZADBS9YeYptLNxfi+9NNpYo1EU0X85ZMWvRzMwK9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU3E56Qq+33wDphsEEdtTFZVeqC3wwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzIzMzY5ZWUxLTE5OTctNDVkMi1iZWM1LWM3ZmRkZTgxZTlhNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIt7qnV/eqBEQDlrEtXzsAO3zDCZ
W8NB+63rqxBGxBq57qsCFTn3UCa6P8XbhmNmI2+ZgotREoplwsEll8xfVyR1wXLd
gEFcVp/6hF7JtRWeenz9yQ4v2MAVAbejtwCMXjWfUcrsSZzDYJ3GiLbXz3dV0ms7
UCfw0aloNTBJRnHyCHDd6bMaSI0s0unpvAmD9zz8Cz9t1XHx0pNwyBDcKklj7slm
rf09NH4qPELMeoyUq1oep4UlYU5IJL8fDnIq0Ed+jxX64WT9nT2cBHwPR+/xsY07
FkLPEbGP2+xRROtpToEtI0dznnh13Q8u3Fwkla7QsNXRUpGED3zDxwFrXXg=
-----END CERTIFICATE-----