Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/46dee838-0fc2-45b4-a9a3-7a73b8b8105d.roa
File:                     46dee838-0fc2-45b4-a9a3-7a73b8b8105d.roa (raw, json)
Hash identifier:          ZxXRw45p+K6NcHQDBj/TtDqvV7tUFgPoy1MFVQlpDpo=
Subject key identifier:   0B:7B:14:B4:31:BD:1D:CD:34:2D:A4:C1:E8:3A:7D:DA:40:C6:47:E4
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5AC4AD2747C49A675A47FF91696684CEA9721CF9
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/46dee838-0fc2-45b4-a9a3-7a73b8b8105d.roa
Signing time:             Mon 04 Mar 2024 00:00:00 +0000
ROA not before:           Mon 04 Mar 2024 00:00:00 +0000
ROA not after:            Mon 08 Apr 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:c4:ad:27:47:c4:9a:67:5a:47:ff:91:69:66:84:ce:a9:72:1c:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar  4 00:00:00 2024 GMT
            Not After : Apr  8 23:59:59 2024 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:a9:fb:4c:b8:90:88:da:d8:bf:1f:62:63:ca:
                    35:0c:15:e3:85:f8:8b:8c:35:dc:fd:9f:c6:31:83:
                    49:da:61:d9:e9:05:89:4a:82:e2:29:db:7b:6c:ff:
                    98:53:3e:27:5c:1c:2f:97:ee:f5:f9:2e:89:02:ce:
                    8c:c1:28:47:4a:90:2f:ae:1d:bc:98:0d:4d:68:1d:
                    52:7d:01:f7:ac:13:85:35:77:7c:85:dd:dc:69:20:
                    bf:e6:1d:3c:b5:29:87:fc:17:37:3a:d0:8a:51:2d:
                    8d:f6:2f:21:80:e9:04:4a:ed:85:e2:bb:8f:56:0d:
                    48:2b:6b:9d:fa:6e:d8:ef:39:29:bb:f1:6e:b0:16:
                    1f:60:bb:60:a5:c5:54:a1:b0:77:a7:c5:d2:6b:f3:
                    42:84:b7:c1:96:75:62:f9:80:a3:26:f8:d5:d3:1e:
                    32:cd:47:58:7a:e0:36:7c:71:72:83:48:3a:08:ef:
                    b5:d4:1e:d3:c0:a7:e5:f4:e3:4f:b2:93:e2:84:e2:
                    85:36:12:ee:53:ec:df:fe:bd:2c:e5:aa:24:74:7e:
                    95:94:b7:73:e7:08:57:c1:5c:0c:32:27:be:cc:88:
                    4b:db:22:3a:bf:f9:e2:07:26:48:9c:9d:64:d9:21:
                    93:96:d4:e1:57:18:17:ec:f8:7b:44:c2:3c:c5:24:
                    c2:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:7B:14:B4:31:BD:1D:CD:34:2D:A4:C1:E8:3A:7D:DA:40:C6:47:E4
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/46dee838-0fc2-45b4-a9a3-7a73b8b8105d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:ff:69:f7:26:65:e8:50:ce:8c:94:e9:e1:e0:f5:35:75:6a:
         4f:59:4f:73:22:0f:cc:a4:8e:b2:8e:6a:b4:d8:b0:f0:f9:ab:
         dc:95:47:22:db:a7:b3:22:79:38:c7:14:8d:56:07:75:91:53:
         41:82:ce:12:44:1d:3c:34:29:34:73:b3:4a:c5:4f:16:06:27:
         54:b8:62:52:d6:2e:5e:4f:4f:17:e2:a4:2d:2f:c6:19:0f:91:
         e1:4b:1b:7a:4f:4e:e4:81:1e:71:e1:50:de:cc:a3:00:16:59:
         83:77:eb:12:2e:d2:d4:72:54:70:24:ab:4b:c3:ce:7d:2a:f1:
         48:0d:25:3d:a7:07:98:7a:e6:95:54:1e:f3:91:5f:3f:cc:d0:
         e1:c2:f8:29:44:c8:1e:e3:83:e5:e3:09:bb:b2:a9:eb:ed:48:
         cf:83:81:01:71:8f:3d:0e:98:5a:47:ac:90:ad:8a:67:7f:9d:
         02:fd:66:89:86:68:49:73:bc:10:85:f5:07:a8:77:f6:b2:86:
         f3:04:87:64:26:72:c3:d7:f1:e2:a7:ca:62:03:4c:25:4c:75:
         67:26:23:58:6d:43:d5:19:39:7f:98:88:f9:33:af:65:bf:f6:
         3a:f1:0c:e4:10:75:19:1e:12:cb:30:74:48:6b:c2:42:8d:71:
         7f:3a:b7:6b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWsStJ0fEmmdaR/+RaWaEzqlyHPkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMzA0MDAwMDAwWhcNMjQwNDA4MjM1OTU5
WjB6MUkwRwYDVQQFE0BhMzgxMTNkMDA4MThjMzA0MDY1YjM3ODY1YjZmNjhjMGJk
ZjVmYjljYTg0NTA1ZWM0MzhhNTQxOWIyMzA1ZmQwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCsqftMuJCI2ti/H2JjyjUMFeOF+IuMNdz9n8Yxg0naYdnp
BYlKguIp23ts/5hTPidcHC+X7vX5LokCzozBKEdKkC+uHbyYDU1oHVJ9AfesE4U1
d3yF3dxpIL/mHTy1KYf8Fzc60IpRLY32LyGA6QRK7YXiu49WDUgra536btjvOSm7
8W6wFh9gu2ClxVShsHenxdJr80KEt8GWdWL5gKMm+NXTHjLNR1h64DZ8cXKDSDoI
77XUHtPAp+X040+yk+KE4oU2Eu5T7N/+vSzlqiR0fpWUt3PnCFfBXAwyJ77MiEvb
Ijq/+eIHJkicnWTZIZOW1OFXGBfs+HtEwjzFJMKdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUC3sUtDG9Hc00LaTB6Dp92kDGR+QwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzQ2ZGVlODM4LTBmYzItNDViNC1hOWEzLTdhNzNiOGI4MTA1ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAB7/afcmZehQzoyU6eHg9TV1ak9Z
T3MiD8ykjrKOarTYsPD5q9yVRyLbp7MieTjHFI1WB3WRU0GCzhJEHTw0KTRzs0rF
TxYGJ1S4YlLWLl5PTxfipC0vxhkPkeFLG3pPTuSBHnHhUN7MowAWWYN36xIu0tRy
VHAkq0vDzn0q8UgNJT2nB5h65pVUHvORXz/M0OHC+ClEyB7jg+XjCbuyqevtSM+D
gQFxjz0OmFpHrJCtimd/nQL9ZomGaElzvBCF9Qeod/ayhvMEh2QmcsPX8eKnymID
TCVMdWcmI1htQ9UZOX+YiPkzr2W/9jrxDOQQdRkeEsswdEhrwkKNcX86t2s=
-----END CERTIFICATE-----