Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/27816362-776a-45c9-b89f-0f6f32720ec9.roa
File:                     27816362-776a-45c9-b89f-0f6f32720ec9.roa (raw, json)
Hash identifier:          G5Lr8HMrZam+4hfrNxnDNVbfxDX7emJXEB2wtjCN0OE=
Subject key identifier:   99:33:0A:85:86:E3:23:AE:D1:CE:C8:2F:42:17:2F:BC:DA:44:4A:6D
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       12E710F079AAA2F71FB7DEF62DCB429B54D3B2F8
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/27816362-776a-45c9-b89f-0f6f32720ec9.roa
Signing time:             Thu 06 Mar 2025 23:28:19 +0000
ROA not before:           Thu 06 Mar 2025 23:28:19 +0000
ROA not after:            Thu 10 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:e7:10:f0:79:aa:a2:f7:1f:b7:de:f6:2d:cb:42:9b:54:d3:b2:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar  6 23:28:19 2025 GMT
            Not After : Apr 10 23:59:59 2025 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:d7:1c:6d:02:00:8e:25:15:0d:c0:f3:56:5b:
                    42:48:44:db:ff:42:5b:f1:7a:e7:6d:8a:fd:c0:71:
                    64:db:6f:12:5a:92:e8:62:da:09:52:7b:ef:9b:b7:
                    8d:42:64:3a:a8:b8:c4:9d:4c:7b:a0:bd:0e:b4:0d:
                    59:c3:f2:74:5e:fc:81:53:37:1d:61:c6:42:3d:8a:
                    3d:74:12:4b:dd:23:78:e8:f9:07:0e:2a:b9:51:e8:
                    70:dc:9d:c9:99:ac:af:16:de:7a:33:5a:f3:1e:1f:
                    cc:de:c5:29:5a:c1:06:bc:76:15:24:fc:62:35:4f:
                    c7:76:6c:32:12:da:e7:29:f0:e1:7b:52:e0:9f:50:
                    4b:02:12:44:79:1e:ca:df:d5:28:2e:6c:d4:ed:14:
                    49:54:9c:82:af:4f:66:e3:88:a8:76:b0:eb:79:3e:
                    6b:41:4b:64:55:0a:c7:44:34:1e:b2:18:6d:47:4d:
                    ac:1a:45:14:97:98:46:a9:90:10:5b:41:2e:cc:4a:
                    70:23:79:57:b6:34:c9:e3:9f:c1:9a:b3:a7:6b:12:
                    aa:bc:75:2f:4d:2f:9a:bf:06:77:e0:b2:8b:d7:00:
                    0b:7d:65:6a:67:88:8b:c7:57:7c:f1:67:66:ee:06:
                    36:cf:9a:fb:6f:8f:e7:68:49:5b:57:4e:3e:2e:3c:
                    b8:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:33:0A:85:86:E3:23:AE:D1:CE:C8:2F:42:17:2F:BC:DA:44:4A:6D
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/27816362-776a-45c9-b89f-0f6f32720ec9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:e1:e9:50:dc:62:7c:ce:50:1b:02:bd:8d:2e:22:36:12:df:
         f2:1b:a4:08:28:0c:13:ce:b6:7a:89:fc:36:1f:7a:d4:ee:a7:
         af:f5:28:ff:57:d4:a0:fd:b1:38:2a:65:3b:e1:04:f8:2e:7a:
         25:f1:5f:2e:5c:60:44:41:5e:51:fa:60:05:49:87:b5:04:16:
         36:4a:b6:59:1d:94:eb:f4:38:88:2e:cf:f8:e5:bb:2b:93:f3:
         74:81:26:6d:99:e4:3c:df:88:06:a3:fc:d9:86:fc:4e:d3:e7:
         bd:7a:c5:7e:b2:be:2c:2f:0c:46:b6:39:f0:93:a4:77:7b:b3:
         3a:84:f9:b3:2d:c5:18:ab:53:46:13:4b:d4:c6:e5:a9:0f:a5:
         ee:8f:49:bd:83:6c:22:1f:35:8b:e0:ef:da:ad:c7:03:16:43:
         b2:89:41:d1:0b:13:27:4c:61:21:7a:8f:49:a0:88:a7:67:4c:
         4e:19:9c:13:25:dd:f5:fd:a4:cf:50:8d:81:a4:97:e2:64:90:
         07:1b:ad:d3:6a:bd:55:86:04:02:60:79:af:cf:d8:ab:65:5c:
         6b:61:e6:e7:75:52:74:73:c7:b2:e7:99:80:5a:5c:30:4a:88:
         97:72:53:1c:4a:0d:96:42:53:48:92:6e:ff:92:5f:76:32:82:
         68:5b:bf:9f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEucQ8Hmqovcft972LctCm1TTsvgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzA2MjMyODE5WhcNMjUwNDEwMjM1OTU5
WjB6MUkwRwYDVQQFE0AzN2ZlY2M3NDk2NjE0ODE1ZDI4OTQ3OTlmNzdkY2NhYmY2
MGU2Y2ExZDI1NzAyMDg0ODBhYWQ5ZTY1Y2QwOTZiMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC01xxtAgCOJRUNwPNWW0JIRNv/Qlvxeudtiv3AcWTbbxJa
kuhi2glSe++bt41CZDqouMSdTHugvQ60DVnD8nRe/IFTNx1hxkI9ij10EkvdI3jo
+QcOKrlR6HDcncmZrK8W3nozWvMeH8zexSlawQa8dhUk/GI1T8d2bDIS2ucp8OF7
UuCfUEsCEkR5Hsrf1SgubNTtFElUnIKvT2bjiKh2sOt5PmtBS2RVCsdENB6yGG1H
TawaRRSXmEapkBBbQS7MSnAjeVe2NMnjn8Gas6drEqq8dS9NL5q/BnfgsovXAAt9
ZWpniIvHV3zxZ2buBjbPmvtvj+doSVtXTj4uPLg/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUmTMKhYbjI67RzsgvQhcvvNpESm0wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzI3ODE2MzYyLTc3NmEtNDVjOS1iODlmLTBmNmYzMjcyMGVjOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKvh6VDcYnzOUBsCvY0uIjYS3/Ib
pAgoDBPOtnqJ/DYfetTup6/1KP9X1KD9sTgqZTvhBPgueiXxXy5cYERBXlH6YAVJ
h7UEFjZKtlkdlOv0OIguz/jluyuT83SBJm2Z5DzfiAaj/NmG/E7T5716xX6yviwv
DEa2OfCTpHd7szqE+bMtxRirU0YTS9TG5akPpe6PSb2DbCIfNYvg79qtxwMWQ7KJ
QdELEydMYSF6j0mgiKdnTE4ZnBMl3fX9pM9QjYGkl+JkkAcbrdNqvVWGBAJgea/P
2KtlXGth5ud1UnRzx7LnmYBaXDBKiJdyUxxKDZZCU0iSbv+SX3Yygmhbv58=
-----END CERTIFICATE-----