Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2bcbd7ae-e70e-4f2e-bbdf-164cbee5fa29.roa
File:                     2bcbd7ae-e70e-4f2e-bbdf-164cbee5fa29.roa (raw, json)
Hash identifier:          hvNQVNjz5A/eXz3xI10xPEOTMSVaDxCW9qphFRNs5i0=
Subject key identifier:   37:7C:AF:7E:3B:18:29:DE:C5:AB:3A:1D:1F:73:F5:67:BB:B0:72:CE
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       09D29CA99B115CF53363577F6C16C75651EAA1F4
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2bcbd7ae-e70e-4f2e-bbdf-164cbee5fa29.roa
Signing time:             Sun 16 Mar 2025 02:43:19 +0000
ROA not before:           Sun 16 Mar 2025 02:43:19 +0000
ROA not after:            Sun 20 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:d2:9c:a9:9b:11:5c:f5:33:63:57:7f:6c:16:c7:56:51:ea:a1:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 16 02:43:19 2025 GMT
            Not After : Apr 20 23:59:59 2025 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:1e:43:7d:da:e3:55:f9:50:48:85:03:39:9c:
                    cd:f3:ce:05:4d:54:f8:f4:43:ca:92:a6:51:f0:29:
                    f6:cd:63:ee:e5:e2:e7:b8:ae:04:e0:70:3c:ae:2a:
                    26:c1:48:dd:87:a9:9f:08:cd:5c:f2:ec:f1:d7:b3:
                    28:c3:15:4c:31:3b:43:1a:91:46:3f:65:15:4b:db:
                    09:81:f8:c7:e7:b0:88:48:43:99:45:3f:1c:bb:5f:
                    30:58:3f:c7:8d:ab:c4:5e:4c:58:a6:41:32:59:c1:
                    6f:4f:7f:9b:20:b4:3b:57:cd:9c:e1:94:30:c7:91:
                    87:17:83:50:75:59:e2:35:85:2d:b4:32:99:83:c1:
                    81:60:b0:19:80:ff:d2:fe:77:bd:63:ad:70:35:4b:
                    48:47:1c:6d:51:2f:d6:7f:b0:57:4c:03:97:bb:fa:
                    70:35:bb:fa:25:2f:61:5d:00:a7:69:83:f3:b5:1e:
                    60:4a:94:86:19:a7:39:07:26:c2:cd:87:94:f2:c8:
                    1b:2f:ae:51:a5:3d:50:87:ca:29:11:62:f1:3d:7e:
                    72:5a:a7:b0:c6:16:1f:aa:fa:cb:bf:fd:76:d6:86:
                    ff:d3:ac:da:91:51:01:c3:33:01:5d:c1:0a:4f:ed:
                    6b:e8:47:80:71:31:85:64:8b:d4:81:b5:eb:b2:0f:
                    2b:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:7C:AF:7E:3B:18:29:DE:C5:AB:3A:1D:1F:73:F5:67:BB:B0:72:CE
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2bcbd7ae-e70e-4f2e-bbdf-164cbee5fa29.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:9b:17:ca:00:16:d3:ac:92:9c:e3:f6:e5:a3:57:d8:1a:1d:
         bb:d1:a9:43:b9:18:19:c4:8b:65:d4:17:6a:be:7f:04:4c:6d:
         01:ef:b9:bb:c4:03:e8:49:5f:86:38:de:e1:39:ea:13:73:31:
         8d:4b:ac:63:37:50:85:4a:dd:22:89:57:0b:20:bd:f2:9f:3e:
         22:8e:a7:88:d1:f9:6f:ad:2f:21:94:7b:59:bb:64:46:2c:d9:
         ad:d1:ad:55:60:ea:0f:8f:31:e3:b2:ab:4c:8e:f0:cb:72:60:
         d9:8d:56:4d:ec:1e:b9:66:7e:0b:7b:25:30:4b:76:3f:8d:5b:
         e1:6c:57:0f:3b:77:1c:5b:84:98:84:6e:c6:11:2f:24:56:d9:
         a4:a2:49:eb:1b:04:72:91:2c:a5:99:a5:b0:62:68:c0:c8:f9:
         0a:f6:a6:b2:85:fd:bd:2f:be:dc:62:7d:b6:7c:ce:2d:89:85:
         7c:ea:77:ee:30:19:a6:73:c1:b4:d0:b2:d3:f1:59:f8:ab:5b:
         93:a4:7e:9a:3e:93:fe:4b:77:0d:9b:a9:7c:0f:4a:75:c3:ba:
         5c:1a:a8:b0:bc:54:d3:d1:b2:3b:52:3a:e3:3e:25:34:d8:b4:
         83:eb:01:d9:48:9d:43:71:83:b1:18:75:b9:b6:f7:a8:84:5c:
         f5:b8:91:2e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCdKcqZsRXPUzY1d/bBbHVlHqofQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzE2MDI0MzE5WhcNMjUwNDIwMjM1OTU5
WjB6MUkwRwYDVQQFE0BmNTJiOGI1MDVlMzM2YWVmM2EyMzMyNjMyMTdhOGU0ZjA0
NDhhYjhkNGE4OTVjNGNjMDYyZmJlNTYwMjc2ZjkzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDPHkN92uNV+VBIhQM5nM3zzgVNVPj0Q8qSplHwKfbNY+7l
4ue4rgTgcDyuKibBSN2HqZ8IzVzy7PHXsyjDFUwxO0MakUY/ZRVL2wmB+MfnsIhI
Q5lFPxy7XzBYP8eNq8ReTFimQTJZwW9Pf5sgtDtXzZzhlDDHkYcXg1B1WeI1hS20
MpmDwYFgsBmA/9L+d71jrXA1S0hHHG1RL9Z/sFdMA5e7+nA1u/olL2FdAKdpg/O1
HmBKlIYZpzkHJsLNh5TyyBsvrlGlPVCHyikRYvE9fnJap7DGFh+q+su//XbWhv/T
rNqRUQHDMwFdwQpP7WvoR4BxMYVki9SBteuyDyuHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUN3yvfjsYKd7FqzodH3P1Z7uwcs4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzJiY2JkN2FlLWU3MGUtNGYyZS1iYmRmLTE2NGNiZWU1ZmEyOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFObF8oAFtOskpzj9uWjV9gaHbvR
qUO5GBnEi2XUF2q+fwRMbQHvubvEA+hJX4Y43uE56hNzMY1LrGM3UIVK3SKJVwsg
vfKfPiKOp4jR+W+tLyGUe1m7ZEYs2a3RrVVg6g+PMeOyq0yO8MtyYNmNVk3sHrlm
fgt7JTBLdj+NW+FsVw87dxxbhJiEbsYRLyRW2aSiSesbBHKRLKWZpbBiaMDI+Qr2
prKF/b0vvtxifbZ8zi2JhXzqd+4wGaZzwbTQstPxWfirW5Okfpo+k/5Ldw2bqXwP
SnXDulwaqLC8VNPRsjtSOuM+JTTYtIPrAdlInUNxg7EYdbm296iEXPW4kS4=
-----END CERTIFICATE-----