Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/384a4405-d74a-4304-80cb-9fc1d67f0253.roa
File:                     384a4405-d74a-4304-80cb-9fc1d67f0253.roa (raw, json)
Hash identifier:          /7BGrIWLF03JfB4K0PgGAa5aKNm68qVcItTC226zSXw=
Subject key identifier:   F5:2A:D9:77:F0:10:E1:79:1A:FD:BA:BA:4E:6B:A7:27:7E:74:BC:E4
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4936FD6398C2C3C3BA6744C9C327D057988CBEE8
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/384a4405-d74a-4304-80cb-9fc1d67f0253.roa
Signing time:             Thu 17 Aug 2023 00:00:00 +0000
ROA not before:           Thu 17 Aug 2023 00:00:00 +0000
ROA not after:            Thu 21 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:36:fd:63:98:c2:c3:c3:ba:67:44:c9:c3:27:d0:57:98:8c:be:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 17 00:00:00 2023 GMT
            Not After : Sep 21 23:59:59 2023 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:f3:72:17:f5:c2:78:83:67:e3:a1:55:e2:95:
                    4d:1d:5d:9f:44:0b:06:3b:24:40:2b:4d:11:99:88:
                    2e:d0:3c:54:8f:99:e5:3c:f4:74:53:69:f2:1d:15:
                    4d:96:4c:cc:38:16:be:59:91:3a:f0:66:28:ad:4c:
                    72:75:71:e9:ac:bc:4b:bb:68:40:00:0b:1d:1f:18:
                    d7:95:8b:0c:76:fd:dd:fd:42:6d:82:b9:14:85:ab:
                    fa:4a:58:e3:e8:03:86:8f:c1:28:81:ad:e4:31:ed:
                    dc:13:93:92:78:f9:c1:7a:d1:8b:de:52:f3:b6:50:
                    8b:e8:63:a7:6c:97:2a:2b:75:53:00:fa:82:7f:b4:
                    63:10:4e:76:6c:09:7e:e8:fa:69:33:78:df:aa:21:
                    71:7e:1a:69:32:50:2a:f9:52:c6:41:53:7d:1d:96:
                    93:96:ed:fb:d0:a3:95:74:c4:46:21:0d:39:dd:f3:
                    47:b8:5f:4b:b9:6a:80:46:07:27:b5:7e:2b:10:59:
                    58:0d:b2:a9:b2:a1:6b:21:c6:a3:ec:ea:56:08:e9:
                    86:77:0d:8a:07:22:de:e8:b2:17:f7:44:61:3c:ce:
                    3c:02:1b:ed:a3:d6:3c:d1:c2:3d:c5:f2:fa:5d:a7:
                    fa:8e:ae:91:c2:b3:fd:9d:ea:3c:ec:a1:32:1c:3b:
                    99:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:2A:D9:77:F0:10:E1:79:1A:FD:BA:BA:4E:6B:A7:27:7E:74:BC:E4
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/384a4405-d74a-4304-80cb-9fc1d67f0253.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:cf:25:00:a4:a8:a4:4e:10:a8:3a:aa:b1:92:58:ed:e4:da:
         3c:87:da:14:68:ea:e4:b7:6c:10:77:0d:d2:03:08:13:41:b4:
         e7:63:91:57:d6:04:8b:9f:f9:5d:3b:d1:53:44:d5:52:b8:78:
         f6:2b:f0:fa:99:11:bf:a7:37:4f:03:3e:be:dc:bf:5b:e5:63:
         ef:56:e8:49:f8:6b:9d:2e:9b:60:01:03:13:29:8f:49:d6:28:
         16:e3:26:80:04:c0:66:0d:f0:76:34:7d:83:26:9e:06:97:0a:
         33:68:75:b9:e6:fa:d7:b7:d2:9e:d6:92:80:bf:8d:90:06:36:
         ff:27:85:4d:ff:ae:a2:87:a0:df:1a:93:36:59:6f:47:82:06:
         32:9a:19:58:40:b9:7d:b3:18:b0:0a:40:64:39:0a:d3:a0:b8:
         b0:ae:db:89:6d:a4:e9:fa:c3:45:85:fe:80:1a:bb:e7:b1:40:
         5d:fc:f3:61:af:2e:0e:1c:1e:42:a2:54:9e:0c:b5:81:bc:82:
         d3:f2:35:9d:39:6e:2f:d4:9c:0f:a4:5d:34:dd:f8:b4:58:47:
         0e:6c:7b:26:e0:92:ce:33:e2:c7:4e:0c:bc:77:3a:01:8e:77:
         f7:90:73:7d:78:80:49:8d:ad:d3:92:ba:1b:de:97:3f:b7:79:
         15:b1:07:88
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSTb9Y5jCw8O6Z0TJwyfQV5iMvugwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODE3MDAwMDAwWhcNMjMwOTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BiMzNjMWM2Nzg4ZDZmOWE2Nzg1ZTUxNzJiYjgwM2Y4YjBh
NDdlNjA1Yjk0M2RhNzY2NmM2YTY3MmM2N2Q2NjQ5MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCR83IX9cJ4g2fjoVXilU0dXZ9ECwY7JEArTRGZiC7QPFSP
meU89HRTafIdFU2WTMw4Fr5ZkTrwZiitTHJ1cemsvEu7aEAACx0fGNeViwx2/d39
Qm2CuRSFq/pKWOPoA4aPwSiBreQx7dwTk5J4+cF60YveUvO2UIvoY6dslyordVMA
+oJ/tGMQTnZsCX7o+mkzeN+qIXF+GmkyUCr5UsZBU30dlpOW7fvQo5V0xEYhDTnd
80e4X0u5aoBGBye1fisQWVgNsqmyoWshxqPs6lYI6YZ3DYoHIt7oshf3RGE8zjwC
G+2j1jzRwj3F8vpdp/qOrpHCs/2d6jzsoTIcO5lJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU9SrZd/AQ4Xka/bq6TmunJ350vOQwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzM4NGE0NDA1LWQ3NGEtNDMwNC04MGNiLTlmYzFkNjdmMDI1My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAG7PJQCkqKROEKg6qrGSWO3k2jyH
2hRo6uS3bBB3DdIDCBNBtOdjkVfWBIuf+V070VNE1VK4ePYr8PqZEb+nN08DPr7c
v1vlY+9W6En4a50um2ABAxMpj0nWKBbjJoAEwGYN8HY0fYMmngaXCjNodbnm+te3
0p7WkoC/jZAGNv8nhU3/rqKHoN8akzZZb0eCBjKaGVhAuX2zGLAKQGQ5CtOguLCu
24ltpOn6w0WF/oAau+exQF3882GvLg4cHkKiVJ4MtYG8gtPyNZ05bi/UnA+kXTTd
+LRYRw5seybgks4z4sdODLx3OgGOd/eQc314gEmNrdOSuhvelz+3eRWxB4g=
-----END CERTIFICATE-----