Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4177d72c-29d2-4f9c-b030-8d17431ef56f.roa
File:                     4177d72c-29d2-4f9c-b030-8d17431ef56f.roa (raw, json)
Hash identifier:          5TSe5bD/5AHhKXNXsW7CQo91Lhqi3djEW108rkGc3lk=
Subject key identifier:   D4:D2:C4:63:17:46:27:06:66:26:34:F4:9F:10:4B:C8:41:2E:31:25
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       32CDC880EAFEDA685ABF24F4B31E51F24ECD1177
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4177d72c-29d2-4f9c-b030-8d17431ef56f.roa
Signing time:             Sun 29 Oct 2023 00:00:00 +0000
ROA not before:           Sun 29 Oct 2023 00:00:00 +0000
ROA not after:            Sun 03 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:cd:c8:80:ea:fe:da:68:5a:bf:24:f4:b3:1e:51:f2:4e:cd:11:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 29 00:00:00 2023 GMT
            Not After : Dec  3 23:59:59 2023 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:1a:23:2c:25:79:af:9e:3b:4b:ea:f8:6e:da:
                    cd:69:81:04:2f:4c:6f:91:61:c1:41:3e:15:33:44:
                    15:2f:75:db:a6:93:b7:4e:d8:2d:e3:ef:ae:ce:a5:
                    40:5d:19:95:1e:47:07:b5:b0:a9:d7:d6:63:a2:46:
                    f5:c5:2d:82:28:f0:b1:54:0a:dc:9a:72:b2:78:96:
                    13:30:09:cf:7f:f8:03:69:16:a7:6d:69:3a:77:ed:
                    74:bb:50:4a:1a:18:1c:20:25:df:16:ba:53:c2:53:
                    0b:77:20:54:95:5a:5f:7e:1b:01:69:3b:cd:8d:0a:
                    f0:86:cf:f8:4d:fe:cb:7d:28:48:73:d4:35:4e:ed:
                    90:69:0d:5e:53:4b:68:3f:ce:94:22:56:6f:39:57:
                    74:f4:cf:fb:d6:93:af:eb:4d:fe:5b:59:5d:d5:20:
                    68:19:64:98:83:8e:21:14:e0:67:5f:19:d4:58:68:
                    1e:86:53:bc:93:06:9e:1e:5b:ae:39:a7:35:92:f6:
                    77:4e:21:c9:e4:b8:57:c0:a7:7a:4d:79:3a:94:ef:
                    70:08:39:d5:97:90:cd:52:bb:62:a2:f8:ee:27:f7:
                    06:da:e6:1d:5b:b6:bd:44:6d:04:9f:f7:b6:69:60:
                    f6:19:9d:fc:73:5c:b2:94:ca:70:41:59:91:2a:39:
                    2a:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:D2:C4:63:17:46:27:06:66:26:34:F4:9F:10:4B:C8:41:2E:31:25
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4177d72c-29d2-4f9c-b030-8d17431ef56f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:70:4f:5d:49:ec:00:2e:2c:94:ae:13:5f:ae:c0:33:96:26:
         ff:da:c1:00:4c:6f:0c:aa:38:ba:1c:46:8a:92:23:27:0c:09:
         5e:62:96:2d:3d:cc:ab:d8:44:fc:a6:13:24:aa:16:90:83:73:
         5d:59:58:6f:5d:67:8a:a1:01:22:8b:50:95:fb:b6:68:83:9a:
         e2:6d:48:5b:fd:36:00:f4:64:47:59:80:0a:d5:d6:57:86:e8:
         af:3a:8d:fb:57:4c:af:6a:e3:1b:2d:bd:b7:ef:91:a2:7c:52:
         eb:89:e3:f3:8e:d5:34:c8:dd:36:7a:60:a1:d6:c1:94:b7:e0:
         f9:85:9c:7c:a9:dd:27:28:15:6d:e4:59:6a:81:60:1d:85:05:
         f8:aa:b9:84:e4:82:33:ed:f7:48:4f:1f:62:e9:57:97:04:b8:
         57:83:9a:ef:03:e0:3d:7a:fe:3a:17:23:ac:83:5a:5d:cf:6a:
         1e:51:6f:64:4d:23:80:04:2c:74:08:76:24:46:fc:a5:e1:d6:
         90:09:02:43:29:07:e0:30:1c:e3:90:ce:ea:a4:55:39:75:72:
         dd:af:2a:18:a3:94:6e:98:d1:38:73:ad:95:f0:c1:76:7a:5b:
         b0:52:81:bc:a0:00:35:8c:13:26:11:bd:c8:2b:2b:77:07:c2:
         fb:dc:10:c3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMs3IgOr+2mhavyT0sx5R8k7NEXcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDI5MDAwMDAwWhcNMjMxMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BkZTMwMDZjYjM0ZTA4MmY5YmI0MGQ4MDdmOTIzZjIzODlh
ZDVjMWFhOGQwN2Q1NmUzMzFkY2U0NTg2OTRhMDY2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDLGiMsJXmvnjtL6vhu2s1pgQQvTG+RYcFBPhUzRBUvddum
k7dO2C3j767OpUBdGZUeRwe1sKnX1mOiRvXFLYIo8LFUCtyacrJ4lhMwCc9/+ANp
FqdtaTp37XS7UEoaGBwgJd8WulPCUwt3IFSVWl9+GwFpO82NCvCGz/hN/st9KEhz
1DVO7ZBpDV5TS2g/zpQiVm85V3T0z/vWk6/rTf5bWV3VIGgZZJiDjiEU4GdfGdRY
aB6GU7yTBp4eW645pzWS9ndOIcnkuFfAp3pNeTqU73AIOdWXkM1Su2Ki+O4n9wba
5h1btr1EbQSf97ZpYPYZnfxzXLKUynBBWZEqOSpfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU1NLEYxdGJwZmJjT0nxBLyEEuMSUwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzQxNzdkNzJjLTI5ZDItNGY5Yy1iMDMwLThkMTc0MzFlZjU2Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIxwT11J7AAuLJSuE1+uwDOWJv/a
wQBMbwyqOLocRoqSIycMCV5ili09zKvYRPymEySqFpCDc11ZWG9dZ4qhASKLUJX7
tmiDmuJtSFv9NgD0ZEdZgArV1leG6K86jftXTK9q4xstvbfvkaJ8UuuJ4/OO1TTI
3TZ6YKHWwZS34PmFnHyp3ScoFW3kWWqBYB2FBfiquYTkgjPt90hPH2LpV5cEuFeD
mu8D4D16/joXI6yDWl3Pah5Rb2RNI4AELHQIdiRG/KXh1pAJAkMpB+AwHOOQzuqk
VTl1ct2vKhijlG6Y0ThzrZXwwXZ6W7BSgbygADWMEyYRvcgrK3cHwvvcEMM=
-----END CERTIFICATE-----