Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/43ab8b7a-772d-4635-8f95-b43143ba732a.roa
File:                     43ab8b7a-772d-4635-8f95-b43143ba732a.roa (raw, json)
Hash identifier:          HShQnO/TBzr2v7zHqk44x3x/azOLIuX9BcwLkQxQJ30=
Subject key identifier:   FE:DB:80:FC:96:2E:F1:ED:23:3C:5F:5E:50:BE:45:2F:FD:01:8D:DA
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4D1C4E893F9CB292696690179FA9DAEAE52EAC
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/43ab8b7a-772d-4635-8f95-b43143ba732a.roa
Signing time:             Fri 13 Dec 2024 00:00:00 +0000
ROA not before:           Fri 13 Dec 2024 00:00:00 +0000
ROA not after:            Fri 17 Jan 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:1c:4e:89:3f:9c:b2:92:69:66:90:17:9f:a9:da:ea:e5:2e:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 13 00:00:00 2024 GMT
            Not After : Jan 17 23:59:59 2025 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:f9:7d:7b:0b:e8:3a:c4:21:8f:20:35:9f:13:
                    45:23:95:d4:54:2a:63:1f:3f:34:74:09:de:e4:05:
                    7b:d6:4d:2f:3b:7c:fa:bd:e4:ab:11:c8:74:66:98:
                    b1:6f:d3:0a:7d:93:e6:c3:d7:c8:0f:f7:05:8f:aa:
                    c9:14:22:b3:5d:ca:fc:5a:f6:3f:18:ac:f4:59:7e:
                    ec:cd:7a:30:61:a6:17:a0:96:a4:d6:9d:eb:31:88:
                    65:42:4b:23:72:8f:0b:77:e9:36:8a:3a:ce:94:4f:
                    ea:d9:82:5b:8e:0a:04:b7:e6:40:9f:57:b2:fd:99:
                    d9:c6:ca:fc:3c:fe:2c:dd:15:95:d6:08:60:5c:42:
                    9d:95:e8:89:e0:90:41:3b:b9:18:47:52:0f:e8:9d:
                    29:3f:db:81:ec:8d:c2:dd:9e:ea:82:bb:4c:2c:70:
                    12:d8:c7:b2:0e:a8:68:e3:95:e2:af:88:53:f5:5a:
                    8e:13:a6:09:66:67:08:75:2d:a5:bb:28:60:bd:5e:
                    d9:ea:7c:9b:f0:c1:56:b0:17:72:67:c6:71:07:82:
                    14:25:88:88:e3:b6:23:55:b7:8c:05:50:e5:a1:b8:
                    10:bf:5e:ca:2f:d3:86:58:68:32:45:c1:7e:8f:15:
                    77:dc:40:9f:a7:34:66:4b:83:93:70:32:c6:49:32:
                    7e:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:DB:80:FC:96:2E:F1:ED:23:3C:5F:5E:50:BE:45:2F:FD:01:8D:DA
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/43ab8b7a-772d-4635-8f95-b43143ba732a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:fc:94:e6:f1:3d:34:d7:a7:e0:df:47:3f:4c:fb:a9:19:5e:
         0a:62:9b:eb:6c:ae:c6:fc:7c:b2:c9:13:84:90:92:7f:87:2e:
         92:11:f9:87:d4:4f:9f:d0:d5:1c:dd:64:77:f6:09:33:7b:43:
         ca:03:0d:7a:fc:16:44:5c:0c:d2:85:6d:91:bc:5a:9a:81:c9:
         00:95:52:5a:b3:39:ae:b4:cb:e2:14:b6:ae:f2:60:06:5a:5c:
         38:d0:9e:9a:d5:7c:23:07:dc:a0:32:28:94:f1:83:57:94:1f:
         79:be:87:56:01:c9:16:83:85:51:5a:96:79:77:bf:76:ba:4e:
         f7:99:61:97:04:19:6b:d5:8f:9b:f5:dc:b5:88:5b:67:06:22:
         19:35:65:1e:1e:b8:57:fe:01:7d:bc:d6:e0:ec:df:33:ee:43:
         a7:0a:01:af:be:ff:0f:be:f8:46:58:ea:f0:3a:b7:ba:7a:09:
         cd:bc:02:fb:0b:e7:e3:ca:ce:50:06:ef:0e:1a:3a:31:ef:44:
         3b:03:a8:5e:38:fa:1b:b3:ac:9d:d1:84:cf:09:97:42:4d:66:
         02:93:b1:c5:18:48:e3:c0:95:21:b9:61:2d:04:c5:13:e5:40:
         5c:98:a9:58:da:bc:5a:df:ad:bb:73:c1:a7:c4:35:89:f3:bd:
         f4:d0:53:19
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgITTRxOiT+cspJpZpAXn6na6uUurDANBgkqhkiG9w0BAQsF
ADA9MTswOQYDVQQDEzIyNzhhYWI4NzhmMjY2MmNlMTRlOTA1ZTE4ZWJjYjc1MjJm
OTJiMzY4NGJjNDg2NWI0ZDAeFw0yNDEyMTMwMDAwMDBaFw0yNTAxMTcyMzU5NTla
MHoxSTBHBgNVBAUTQDIzZTU4NTQwMjgzMjc0YjNlZDdkMWM0MjFmYmQ3ZTk0MDA3
NDhlYmQ4OGRmNWY2YTM5MDk0OGRiYjVlMDFhMzAxLTArBgNVBAMTJGMwY2UyM2Vh
LTQzZmMtNGJlNC1iZWVlLWMwMTQ3ODEyMmEwZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJr5fXsL6DrEIY8gNZ8TRSOV1FQqYx8/NHQJ3uQFe9ZNLzt8
+r3kqxHIdGaYsW/TCn2T5sPXyA/3BY+qyRQis13K/Fr2Pxis9Fl+7M16MGGmF6CW
pNad6zGIZUJLI3KPC3fpNoo6zpRP6tmCW44KBLfmQJ9Xsv2Z2cbK/Dz+LN0VldYI
YFxCnZXoieCQQTu5GEdSD+idKT/bgeyNwt2e6oK7TCxwEtjHsg6oaOOV4q+IU/Va
jhOmCWZnCHUtpbsoYL1e2ep8m/DBVrAXcmfGcQeCFCWIiOO2I1W3jAVQ5aG4EL9e
yi/ThlhoMkXBfo8Vd9xAn6c0ZkuDk3Ayxkkyfi0CAwEAAaOCArEwggKtMB0GA1Ud
DgQWBBT+24D8li7x7SM8X15QvkUv/QGN2jAfBgNVHSMEGDAWgBRVqN1F2UQT+dGS
9Sxjzoz7xhSWuDAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHg
BggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2Fy
aW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMv
MDM1NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzE0MzNlYmZmLWRm
ZDYtNGM1Yy1iN2ZmLTk5Yzg1MTM5ZDRhOC8yNzhhYWI4NzhmMjY2MmNlMTRlOTA1
ZTE4ZWJjYjc1MjJmOTJiMzY4NGJjNDg2NWI0ZC5jZXIwgZ4GCCsGAQUFBwELBIGR
MIGOMIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8xNmYxZmZlZS03NDYxLTQ2NzQtYmIwNS1mZGRl
ZmE5YTAyYzYvNDNhYjhiN2EtNzcyZC00NjM1LThmOTUtYjQzMTQzYmE3MzJhLnJv
YTCBiAYDVR0fBIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0
LTIuYW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUt
ZmRkZWZhOWEwMmM2L0ptTE9GT2tGNFk2OHQxSXZrck5vUzhTR1cwMC5jcmwwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAMckeDANBgkqhkiG9w0BAQsFAAOCAQEApfyU5vE9NNen4N9HP0z7qRleCmKb
62yuxvx8sskThJCSf4cukhH5h9RPn9DVHN1kd/YJM3tDygMNevwWRFwM0oVtkbxa
moHJAJVSWrM5rrTL4hS2rvJgBlpcONCemtV8IwfcoDIolPGDV5Qfeb6HVgHJFoOF
UVqWeXe/drpO95lhlwQZa9WPm/XctYhbZwYiGTVlHh64V/4BfbzW4OzfM+5DpwoB
r77/D774Rljq8Dq3unoJzbwC+wvn48rOUAbvDho6Me9EOwOoXjj6G7OsndGEzwmX
Qk1mApOxxRhI48CVIblhLQTFE+VAXJipWNq8Wt+tu3PBp8Q1ifO99NBTGQ==
-----END CERTIFICATE-----