Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2f98393c-e979-4d00-a9af-b06d8c29c879.roa
File:                     2f98393c-e979-4d00-a9af-b06d8c29c879.roa (raw, json)
Hash identifier:          h9pGvZ/GhIQ2wltkr+ABC0AMmU3uu2rOQcl6L2gRTcI=
Subject key identifier:   A3:86:F0:A4:D7:0C:B8:77:A7:F4:35:53:92:AF:A4:9F:0C:4B:39:4F
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1087A173BBD6C60E33BD964894930DC728536991
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2f98393c-e979-4d00-a9af-b06d8c29c879.roa
Signing time:             Sat 15 Feb 2025 21:53:19 +0000
ROA not before:           Sat 15 Feb 2025 21:53:19 +0000
ROA not after:            Sat 22 Mar 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:87:a1:73:bb:d6:c6:0e:33:bd:96:48:94:93:0d:c7:28:53:69:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb 15 21:53:19 2025 GMT
            Not After : Mar 22 23:59:59 2025 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:36:58:cd:f5:ff:e5:f0:7c:80:d1:74:69:9d:
                    5c:68:74:e1:7a:7d:c9:aa:1d:b0:8a:d8:ec:31:d5:
                    f3:6b:35:20:e0:7a:88:9b:57:c3:41:22:2a:f8:c0:
                    30:da:a7:19:e4:06:b0:1b:0d:cf:97:a1:31:0e:cc:
                    0d:9f:5d:ec:3c:d0:15:17:b0:d3:23:3f:1e:71:e7:
                    6e:9d:ad:db:c2:9e:7d:ea:26:17:2b:d1:66:99:c9:
                    8e:4e:9f:2a:ef:cb:84:1f:77:bc:bd:67:53:a3:af:
                    bd:35:0f:9b:01:73:7a:ce:96:9c:7c:ff:0d:e3:db:
                    b3:f7:30:9b:6d:e5:48:8b:11:f2:89:ac:1b:24:3f:
                    2f:c3:8e:01:d2:4a:06:a0:24:6f:f4:22:fb:95:ff:
                    12:3b:90:1a:b8:75:2a:0d:ca:94:d9:bd:ba:90:52:
                    a4:bd:4e:70:14:0e:1d:96:49:85:65:e3:a2:1b:35:
                    53:b2:6c:8a:62:14:78:be:f4:f4:4b:b1:3b:b1:6d:
                    bb:7d:18:42:60:86:96:77:ff:e7:af:ec:41:0b:22:
                    93:b0:ee:db:0d:e4:48:51:8f:13:65:d2:36:bd:b7:
                    2d:fd:8a:e3:4d:20:b2:60:87:f0:da:b1:92:8d:ad:
                    3d:31:cf:c8:9b:33:03:e6:f8:0b:46:5d:d3:a1:ba:
                    a4:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:86:F0:A4:D7:0C:B8:77:A7:F4:35:53:92:AF:A4:9F:0C:4B:39:4F
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2f98393c-e979-4d00-a9af-b06d8c29c879.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:bd:93:eb:40:06:04:54:d0:aa:ee:97:59:b6:97:0b:78:d6:
         1f:27:b0:2a:cb:d4:e9:4b:6c:55:3a:30:12:da:2e:76:38:bc:
         9a:59:b4:e7:72:59:50:80:1e:91:62:71:62:88:13:ae:24:ed:
         66:08:2d:d7:9c:41:6d:e5:60:98:b3:b1:a0:85:0c:44:e7:11:
         45:ba:50:9a:79:e8:a9:c3:25:27:7f:a4:c3:89:f0:6a:6b:9c:
         85:49:a2:e6:ad:96:ac:3d:e6:23:ea:7c:34:dc:2f:ac:a5:2b:
         8f:ae:ce:01:d7:bf:4c:a4:03:62:07:f8:fd:c5:cf:39:38:58:
         c4:90:14:f2:b9:75:06:b8:51:15:a3:57:23:f8:bb:25:dc:0c:
         3c:9d:31:60:f8:51:55:bc:34:05:85:5e:69:ae:a4:3e:3a:5a:
         23:bd:38:21:44:25:2a:13:2f:6a:e8:09:98:a6:a1:2e:c9:38:
         cf:38:c8:97:c0:f2:9e:6a:3a:7b:c7:0a:72:c5:43:db:a7:72:
         ca:2b:fa:98:46:44:6f:6e:15:a8:9e:f7:a1:c7:aa:c8:d6:6a:
         2d:ea:72:48:80:16:4d:95:bc:54:d9:c9:67:fb:3d:4a:64:03:
         00:66:9c:16:94:c3:03:63:ff:3e:b2:b3:ad:62:4b:83:29:88:
         a3:e6:86:05
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEIehc7vWxg4zvZZIlJMNxyhTaZEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMjE1MjE1MzE5WhcNMjUwMzIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BjYWQ0ZThmNTBjYzRhOGYwMjQ2YTYwMDM3MDlkNzUzYWE4
MmRmZWEwZjY1YTI0M2I4YTkzZmI1MDc1NjE2ZDliMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCnNljN9f/l8HyA0XRpnVxodOF6fcmqHbCK2Owx1fNrNSDg
eoibV8NBIir4wDDapxnkBrAbDc+XoTEOzA2fXew80BUXsNMjPx5x526drdvCnn3q
Jhcr0WaZyY5Onyrvy4Qfd7y9Z1Ojr701D5sBc3rOlpx8/w3j27P3MJtt5UiLEfKJ
rBskPy/DjgHSSgagJG/0IvuV/xI7kBq4dSoNypTZvbqQUqS9TnAUDh2WSYVl46Ib
NVOybIpiFHi+9PRLsTuxbbt9GEJghpZ3/+ev7EELIpOw7tsN5EhRjxNl0ja9ty39
iuNNILJgh/DasZKNrT0xz8ibMwPm+AtGXdOhuqTtAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUo4bwpNcMuHen9DVTkq+knwxLOU8wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzJmOTgzOTNjLWU5NzktNGQwMC1hOWFmLWIwNmQ4YzI5Yzg3OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHS9k+tABgRU0Krul1m2lwt41h8n
sCrL1OlLbFU6MBLaLnY4vJpZtOdyWVCAHpFicWKIE64k7WYILdecQW3lYJizsaCF
DETnEUW6UJp56KnDJSd/pMOJ8GprnIVJouatlqw95iPqfDTcL6ylK4+uzgHXv0yk
A2IH+P3Fzzk4WMSQFPK5dQa4URWjVyP4uyXcDDydMWD4UVW8NAWFXmmupD46WiO9
OCFEJSoTL2roCZimoS7JOM84yJfA8p5qOnvHCnLFQ9uncsor+phGRG9uFaie96HH
qsjWai3qckiAFk2VvFTZyWf7PUpkAwBmnBaUwwNj/z6ys61iS4MpiKPmhgU=
-----END CERTIFICATE-----