Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/394b78c5-4642-4bf1-a419-58c4c02906b9.roa
File:                     394b78c5-4642-4bf1-a419-58c4c02906b9.roa (raw, json)
Hash identifier:          yUuezoO5/EnHOzWnkPbt32/d8QwEwhyyrpz7VOBIxF0=
Subject key identifier:   53:0C:CB:DD:ED:D1:FE:C0:B0:97:F5:7F:30:4A:F2:BA:B2:33:DA:AC
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       01D30226AB294B38357988A296A8B563A38E0647
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/394b78c5-4642-4bf1-a419-58c4c02906b9.roa
Signing time:             Sat 29 Mar 2025 03:18:17 +0000
ROA not before:           Sat 29 Mar 2025 03:18:17 +0000
ROA not after:            Sat 03 May 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:d3:02:26:ab:29:4b:38:35:79:88:a2:96:a8:b5:63:a3:8e:06:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 29 03:18:17 2025 GMT
            Not After : May  3 23:59:59 2025 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:1e:b6:6b:d0:40:40:ab:68:d8:e8:d5:ac:f8:
                    92:9d:7a:8f:51:43:7c:51:1f:3f:05:7e:23:9b:57:
                    0a:a3:40:50:60:52:f5:62:75:b0:c6:0c:10:75:4f:
                    e3:2e:f3:e1:03:ad:d3:64:dc:5a:c6:94:f0:2d:fd:
                    3a:ef:67:2f:a4:24:21:aa:f9:59:00:0f:ce:b0:e2:
                    c7:8e:21:3f:62:ae:15:a4:0a:3c:d5:3c:bd:d7:56:
                    de:7e:04:1c:b5:7b:25:25:d6:67:06:60:b4:7b:5c:
                    ed:97:e2:ba:8d:ba:eb:c7:a4:9f:64:81:42:b5:36:
                    11:ee:10:0b:06:96:9b:84:bb:73:f1:54:c5:e3:89:
                    6e:7c:7a:af:9c:10:14:e2:56:0f:96:31:cd:42:d8:
                    64:0b:06:f7:91:08:15:16:e9:54:29:74:64:34:8d:
                    47:32:7d:fe:0b:4b:73:af:8d:ca:ba:42:8e:56:c0:
                    52:04:f5:e1:e9:f0:2e:ac:34:a5:f2:b3:fb:4c:44:
                    c4:10:b2:e4:a2:f0:8f:39:c8:aa:38:23:d4:7c:49:
                    68:9a:03:af:a5:cb:43:b2:7a:d1:4f:6e:af:64:63:
                    11:56:40:ce:6b:5f:e4:f7:a8:1d:71:5f:c9:31:eb:
                    56:18:26:02:e8:92:d3:88:93:d0:ae:82:d4:27:bb:
                    b8:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:0C:CB:DD:ED:D1:FE:C0:B0:97:F5:7F:30:4A:F2:BA:B2:33:DA:AC
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/394b78c5-4642-4bf1-a419-58c4c02906b9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:2d:b7:53:34:b9:0c:53:34:3e:3f:e6:b1:d0:d9:49:4d:5a:
         c2:50:8b:c3:ea:69:49:89:27:a3:5f:35:47:db:0a:9a:70:4c:
         e7:69:c3:65:18:c8:d6:14:02:99:a1:1e:1c:75:bb:01:6f:69:
         c5:7c:02:d4:85:37:67:02:1e:55:9d:cb:ff:c2:79:49:04:27:
         71:5a:2f:fb:ea:bf:30:61:e3:09:9d:5c:ea:1b:bc:75:7d:c6:
         e6:0a:7e:3b:6d:ec:e6:67:36:a0:6d:7a:f5:25:6f:f7:7a:47:
         a6:11:5b:4a:a5:c1:06:42:f1:27:91:af:d0:b6:d2:27:f4:12:
         38:5d:f9:9a:68:f3:8e:5f:a4:9b:52:bd:ce:3e:cf:6f:7b:3c:
         6c:dd:83:8a:17:38:f6:3d:8f:30:db:a4:39:a4:92:a9:51:5c:
         74:31:a7:2c:a8:34:e5:cb:b7:f7:64:87:ff:5f:bd:e7:b2:16:
         78:e5:32:53:78:07:e6:86:ee:20:ee:6b:a2:1e:36:6a:ad:2f:
         81:8f:38:77:bf:e6:61:16:f8:f6:59:05:47:70:16:a4:aa:6e:
         72:79:bd:fe:48:1b:c4:46:f8:c6:7a:e8:f7:14:b8:60:59:12:
         93:17:57:2d:f1:d8:45:08:c7:82:81:03:f1:f6:d0:81:9a:9d:
         e2:29:82:ab
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAdMCJqspSzg1eYiilqi1Y6OOBkcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzI5MDMxODE3WhcNMjUwNTAzMjM1OTU5
WjB6MUkwRwYDVQQFE0AwNDc3MjI5MWIwNDM4ZjMzYzgzNWY4YWNkODlhYmY5NjA2
OWMxN2IyNzdmYjk0ZDI4YTM4ODNmMzVlN2U5ZGIwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDwHrZr0EBAq2jY6NWs+JKdeo9RQ3xRHz8FfiObVwqjQFBg
UvVidbDGDBB1T+Mu8+EDrdNk3FrGlPAt/TrvZy+kJCGq+VkAD86w4seOIT9irhWk
CjzVPL3XVt5+BBy1eyUl1mcGYLR7XO2X4rqNuuvHpJ9kgUK1NhHuEAsGlpuEu3Px
VMXjiW58eq+cEBTiVg+WMc1C2GQLBveRCBUW6VQpdGQ0jUcyff4LS3Ovjcq6Qo5W
wFIE9eHp8C6sNKXys/tMRMQQsuSi8I85yKo4I9R8SWiaA6+ly0OyetFPbq9kYxFW
QM5rX+T3qB1xX8kx61YYJgLoktOIk9CugtQnu7i9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUUwzL3e3R/sCwl/V/MEryurIz2qwwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzM5NGI3OGM1LTQ2NDItNGJmMS1hNDE5LTU4YzRjMDI5MDZiOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKwtt1M0uQxTND4/5rHQ2UlNWsJQ
i8PqaUmJJ6NfNUfbCppwTOdpw2UYyNYUApmhHhx1uwFvacV8AtSFN2cCHlWdy//C
eUkEJ3FaL/vqvzBh4wmdXOobvHV9xuYKfjtt7OZnNqBtevUlb/d6R6YRW0qlwQZC
8SeRr9C20if0Ejhd+Zpo845fpJtSvc4+z297PGzdg4oXOPY9jzDbpDmkkqlRXHQx
pyyoNOXLt/dkh/9fveeyFnjlMlN4B+aG7iDua6IeNmqtL4GPOHe/5mEW+PZZBUdw
FqSqbnJ5vf5IG8RG+MZ66PcUuGBZEpMXVy3x2EUIx4KBA/H20IGaneIpgqs=
-----END CERTIFICATE-----