Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4e07025f-b8a9-48f3-b40f-8ca16434e7a9.roa
File:                     4e07025f-b8a9-48f3-b40f-8ca16434e7a9.roa (raw, json)
Hash identifier:          Ziv0L0SvAIBFV3Uju0e7AIPLF2+2ujmrkxBrbTVEbWs=
Subject key identifier:   D4:AF:19:78:4F:34:5E:7B:9F:BA:71:B5:2D:25:54:7B:AC:01:BD:D9
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7A486BFDABD91EC2DDFA98E1D474B3D58A7C35E4
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4e07025f-b8a9-48f3-b40f-8ca16434e7a9.roa
Signing time:             Thu 16 Nov 2023 00:00:00 +0000
ROA not before:           Thu 16 Nov 2023 00:00:00 +0000
ROA not after:            Thu 21 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:48:6b:fd:ab:d9:1e:c2:dd:fa:98:e1:d4:74:b3:d5:8a:7c:35:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 16 00:00:00 2023 GMT
            Not After : Dec 21 23:59:59 2023 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:05:0c:b6:c3:f1:00:c0:c6:9a:8f:39:24:4e:
                    cc:11:6f:2b:bc:a5:8d:fc:bf:30:23:46:85:74:df:
                    70:1f:03:80:1f:73:b8:98:b5:0e:69:4c:5a:30:d4:
                    b4:a3:f0:b8:33:ac:64:c5:12:21:c8:cd:1e:d9:74:
                    11:cf:e5:f9:46:07:1e:be:3b:a2:25:86:95:f5:1e:
                    fa:a2:ab:78:78:bc:6e:dc:af:8d:2c:33:f5:a4:d2:
                    38:ec:00:84:0e:5b:1d:b8:58:a9:98:10:b7:bc:c9:
                    f0:59:d7:42:b8:f8:7e:04:de:c2:a1:6d:eb:63:66:
                    18:52:30:40:0c:46:d3:46:30:05:9f:ea:ab:e6:77:
                    a2:0a:a6:72:dc:04:90:d0:9e:df:7e:9d:46:61:b5:
                    3a:d5:dd:de:af:01:19:f8:ce:9f:8d:98:4a:94:93:
                    57:f6:d3:39:b8:8c:99:22:34:1e:d4:4d:5c:f7:e2:
                    aa:8b:f7:f5:88:8a:71:12:d4:80:8f:db:45:88:15:
                    b0:88:9a:69:57:c4:8a:f0:79:34:93:ff:4a:5f:43:
                    58:05:68:06:af:be:69:a5:b0:b1:8f:92:50:83:52:
                    96:3a:3f:08:24:48:76:69:e6:f7:23:be:65:45:98:
                    23:1d:2b:6a:5e:5f:52:10:86:e0:ca:d7:6b:5e:95:
                    a8:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:AF:19:78:4F:34:5E:7B:9F:BA:71:B5:2D:25:54:7B:AC:01:BD:D9
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4e07025f-b8a9-48f3-b40f-8ca16434e7a9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:dd:b7:29:61:fb:52:16:8a:fe:71:20:09:35:16:6b:43:e4:
         d6:85:30:09:de:6a:9d:76:d9:17:bf:87:cd:64:d4:12:22:f0:
         88:5c:e4:e6:7d:43:10:78:c8:3e:0c:aa:0d:0d:97:c5:bb:55:
         b5:31:41:2b:49:7d:9d:e9:b5:f9:cd:ed:6f:bb:4b:e4:d3:3d:
         1e:97:f4:99:61:48:a1:e6:da:7d:70:76:03:2e:da:54:3a:34:
         08:ed:b3:e5:58:de:43:58:dc:92:79:28:40:6b:78:f1:c0:db:
         06:58:08:0a:55:e4:58:5f:99:40:7e:12:d4:3e:43:7e:8e:8e:
         11:6b:35:52:0d:53:7c:39:a9:c0:ef:44:46:bf:dd:5e:85:c0:
         ad:3a:69:a8:29:64:5e:1c:3f:0d:93:92:18:ea:b4:d4:f5:44:
         85:b9:37:5a:73:0d:7a:fb:6c:c4:ae:c0:95:a3:50:73:c3:b6:
         f0:b9:40:05:d8:c4:f1:18:6f:d1:e2:e7:77:f9:20:4a:16:c6:
         c7:f7:d4:32:65:a1:4f:4f:19:c7:5a:72:7e:fe:98:72:eb:c6:
         d5:6f:cd:9b:03:64:07:86:35:27:61:43:eb:21:35:7c:cd:d3:
         9e:9d:7b:f5:db:bc:b8:37:ce:fa:9f:3c:fb:68:14:f2:cf:0c:
         20:1d:2a:e9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUekhr/avZHsLd+pjh1HSz1Yp8NeQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTE2MDAwMDAwWhcNMjMxMjIxMjM1OTU5
WjB6MUkwRwYDVQQFE0AzN2E1ZWQ5Y2U4ODI2ZjFiMWU2ODA4NzZhYzJiYTdkZDk1
YThlZThlMWNjNzBhNWQ2MmNiMDYxNWE2MGNjMDRhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCjBQy2w/EAwMaajzkkTswRbyu8pY38vzAjRoV033AfA4Af
c7iYtQ5pTFow1LSj8LgzrGTFEiHIzR7ZdBHP5flGBx6+O6IlhpX1Hvqiq3h4vG7c
r40sM/Wk0jjsAIQOWx24WKmYELe8yfBZ10K4+H4E3sKhbetjZhhSMEAMRtNGMAWf
6qvmd6IKpnLcBJDQnt9+nUZhtTrV3d6vARn4zp+NmEqUk1f20zm4jJkiNB7UTVz3
4qqL9/WIinES1ICP20WIFbCImmlXxIrweTST/0pfQ1gFaAavvmmlsLGPklCDUpY6
PwgkSHZp5vcjvmVFmCMdK2peX1IQhuDK12telaiTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU1K8ZeE80XnufunG1LSVUe6wBvdkwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzRlMDcwMjVmLWI4YTktNDhmMy1iNDBmLThjYTE2NDM0ZTdhOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABTdtylh+1IWiv5xIAk1FmtD5NaF
MAneap122Re/h81k1BIi8Ihc5OZ9QxB4yD4Mqg0Nl8W7VbUxQStJfZ3ptfnN7W+7
S+TTPR6X9JlhSKHm2n1wdgMu2lQ6NAjts+VY3kNY3JJ5KEBrePHA2wZYCApV5Fhf
mUB+EtQ+Q36OjhFrNVINU3w5qcDvREa/3V6FwK06aagpZF4cPw2TkhjqtNT1RIW5
N1pzDXr7bMSuwJWjUHPDtvC5QAXYxPEYb9Hi53f5IEoWxsf31DJloU9PGcdacn7+
mHLrxtVvzZsDZAeGNSdhQ+shNXzN056de/XbvLg3zvqfPPtoFPLPDCAdKuk=
-----END CERTIFICATE-----