Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4dc8bf95-ee2d-4217-9b09-4dd76eb63afe.roa
File:                     4dc8bf95-ee2d-4217-9b09-4dd76eb63afe.roa (raw, json)
Hash identifier:          9atFCumxyCzygq7yB0GlfHH1wEVIV73GMYxk5iQLVgc=
Subject key identifier:   6C:13:C6:A7:8A:59:2E:8C:85:82:3E:BA:EC:3C:B7:CA:12:05:57:F2
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2A4C4877CCFC4DD45447D4758B8ADB145513319E
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4dc8bf95-ee2d-4217-9b09-4dd76eb63afe.roa
Signing time:             Tue 19 Dec 2023 00:00:00 +0000
ROA not before:           Tue 19 Dec 2023 00:00:00 +0000
ROA not after:            Tue 23 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:4c:48:77:cc:fc:4d:d4:54:47:d4:75:8b:8a:db:14:55:13:31:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 19 00:00:00 2023 GMT
            Not After : Jan 23 23:59:59 2024 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:f4:d4:69:8f:2b:8b:8f:dd:ee:3f:2c:db:72:
                    7b:5a:b1:e0:9e:ff:a0:1d:f9:e1:69:10:1e:e7:06:
                    a9:cb:e9:99:da:d4:39:c6:d4:f3:39:00:16:0c:c3:
                    5e:4c:a1:73:00:c1:b4:ad:75:84:87:ab:c5:57:84:
                    20:97:69:2e:f8:21:22:21:fc:6f:0c:67:f7:b9:fa:
                    a8:32:38:31:df:b5:39:24:59:ec:09:a7:20:08:1e:
                    09:c7:44:30:60:10:d4:99:25:70:7a:7d:f5:e8:08:
                    42:b1:e2:ce:a3:fa:6f:15:86:b1:b4:2c:d9:6a:a5:
                    6a:d9:c9:64:92:5f:3e:e6:98:02:f3:44:fd:63:e9:
                    ee:41:38:dc:c3:14:75:7a:81:f5:9f:07:66:65:60:
                    4b:33:fd:dd:08:cc:13:4b:0d:fa:1e:e1:69:b3:2c:
                    17:b9:b7:e1:69:34:dd:dd:25:b0:3f:6d:ab:7b:0d:
                    bf:fa:a0:c3:18:5f:c2:d5:60:5c:23:9c:b0:d8:52:
                    99:4d:7b:4a:97:7e:00:c3:d8:a3:2b:8b:72:da:24:
                    14:39:38:06:93:60:4b:f2:10:45:7c:68:87:a4:c0:
                    68:ca:e0:32:f9:ce:7d:c9:bc:8e:1a:dd:7b:53:cb:
                    05:56:8b:44:1f:c7:f5:f5:c4:57:14:81:c0:83:f5:
                    97:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:13:C6:A7:8A:59:2E:8C:85:82:3E:BA:EC:3C:B7:CA:12:05:57:F2
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4dc8bf95-ee2d-4217-9b09-4dd76eb63afe.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:39:9e:f8:cb:00:75:03:7e:36:44:af:a6:ed:ee:75:39:8e:
         9a:c9:86:cb:91:06:6d:82:04:b8:73:15:d7:57:0e:6a:d1:6c:
         c5:f7:80:76:bf:7f:32:00:99:95:23:fe:e2:fe:cc:a1:0a:a6:
         55:6b:03:7d:ae:11:eb:df:85:29:99:c8:85:7d:8e:cf:ba:e4:
         4d:b7:2b:b7:fe:7d:ec:db:28:d6:78:a7:63:88:a6:f7:75:8a:
         0d:50:b6:70:f2:ff:e8:f3:7f:9d:bf:30:ae:2d:ae:a4:56:22:
         d3:a1:a4:8e:d8:53:c9:0c:ce:70:7b:d6:58:b4:97:02:81:3b:
         11:e2:37:a4:d5:fd:a1:5b:d6:eb:1f:d6:41:e1:e4:a8:70:db:
         d5:43:d3:65:4c:5d:07:59:b7:e9:3e:dd:4c:45:00:f2:63:d2:
         2c:83:14:f6:87:73:05:10:1d:94:80:b3:46:f6:14:1b:57:21:
         b1:15:e2:5e:55:3c:87:32:29:1e:1c:45:20:88:8c:f8:28:bf:
         ee:11:f9:48:74:c6:c2:01:94:55:90:c0:2d:25:ab:30:1e:14:
         32:3f:14:eb:41:d0:88:cd:f2:a5:1d:a3:99:78:34:66:91:6a:
         b2:eb:d9:d5:4e:96:1e:63:f5:e6:37:cb:8b:e7:0d:45:63:f0:
         88:39:b8:c2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKkxId8z8TdRUR9R1i4rbFFUTMZ4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjE5MDAwMDAwWhcNMjQwMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BkYjMyYzhmMDI2MDAzNjhkZTQ3YTM1MzUzZWY4N2FhNmVm
YjQzNzY4NjVhN2E5MmRhM2VlOTNmOTZkZjY2M2UzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC29NRpjyuLj93uPyzbcntaseCe/6Ad+eFpEB7nBqnL6Zna
1DnG1PM5ABYMw15MoXMAwbStdYSHq8VXhCCXaS74ISIh/G8MZ/e5+qgyODHftTkk
WewJpyAIHgnHRDBgENSZJXB6ffXoCEKx4s6j+m8VhrG0LNlqpWrZyWSSXz7mmALz
RP1j6e5BONzDFHV6gfWfB2ZlYEsz/d0IzBNLDfoe4WmzLBe5t+FpNN3dJbA/bat7
Db/6oMMYX8LVYFwjnLDYUplNe0qXfgDD2KMri3LaJBQ5OAaTYEvyEEV8aIekwGjK
4DL5zn3JvI4a3XtTywVWi0Qfx/X1xFcUgcCD9ZcrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUbBPGp4pZLoyFgj667Dy3yhIFV/IwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzRkYzhiZjk1LWVlMmQtNDIxNy05YjA5LTRkZDc2ZWI2M2FmZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIM5nvjLAHUDfjZEr6bt7nU5jprJ
hsuRBm2CBLhzFddXDmrRbMX3gHa/fzIAmZUj/uL+zKEKplVrA32uEevfhSmZyIV9
js+65E23K7f+fezbKNZ4p2OIpvd1ig1QtnDy/+jzf52/MK4trqRWItOhpI7YU8kM
znB71li0lwKBOxHiN6TV/aFb1usf1kHh5Khw29VD02VMXQdZt+k+3UxFAPJj0iyD
FPaHcwUQHZSAs0b2FBtXIbEV4l5VPIcyKR4cRSCIjPgov+4R+Uh0xsIBlFWQwC0l
qzAeFDI/FOtB0IjN8qUdo5l4NGaRarLr2dVOlh5j9eY3y4vnDUVj8Ig5uMI=
-----END CERTIFICATE-----