Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4ea17e97-f0cd-4d3d-99e2-9494a5e72fe6.roa
File:                     4ea17e97-f0cd-4d3d-99e2-9494a5e72fe6.roa (raw, json)
Hash identifier:          1zdbSTWGnWrJb7Rgki+vjFTrfvEe0U595eAIayXCBHc=
Subject key identifier:   93:8E:62:C8:0E:9F:16:3E:5F:51:AE:8B:13:50:45:B0:65:D4:2B:B1
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       43FC76437A38F92B6240364C300296F255F7EACC
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4ea17e97-f0cd-4d3d-99e2-9494a5e72fe6.roa
Signing time:             Sat 26 Oct 2024 00:00:00 +0000
ROA not before:           Sat 26 Oct 2024 00:00:00 +0000
ROA not after:            Sat 30 Nov 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:fc:76:43:7a:38:f9:2b:62:40:36:4c:30:02:96:f2:55:f7:ea:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 26 00:00:00 2024 GMT
            Not After : Nov 30 23:59:59 2024 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:b8:bc:20:b7:86:88:84:35:cd:ba:3d:9a:46:
                    45:c7:5e:ca:83:46:71:ff:c9:b2:ca:7b:24:bd:c4:
                    de:d3:fe:5e:e9:39:0f:28:18:1e:86:a3:fe:7e:af:
                    84:44:98:f7:c1:95:3f:4a:17:6b:49:38:16:d7:cd:
                    49:51:70:4a:04:f2:3d:ee:33:e6:b5:51:8d:7b:59:
                    80:3a:76:f3:ae:b1:7c:41:0f:cc:ba:e3:53:fc:db:
                    14:bf:b8:3a:45:9c:2d:c5:e7:5a:ae:a8:23:ab:46:
                    1f:e6:81:11:fa:5d:dd:af:ed:70:1d:3a:10:1c:4e:
                    1d:fd:f5:52:b5:09:a2:9c:b0:f2:b8:a8:6e:ad:f4:
                    d6:84:0d:ee:4c:1b:ba:8f:21:e9:63:d1:a3:e0:58:
                    1a:38:49:29:e9:91:f9:49:45:4c:3f:37:47:93:c4:
                    79:83:ad:27:09:41:0d:9d:18:07:6a:3c:e6:b4:c1:
                    16:2b:6e:68:5b:8e:8f:63:1a:e7:cf:63:45:4c:87:
                    52:b1:84:ab:08:d4:3e:56:de:98:2c:1d:c8:14:0c:
                    81:bc:ce:f6:98:3d:86:2d:73:b2:db:29:3d:5c:50:
                    07:78:bc:90:75:38:ec:62:39:9e:4d:17:8d:4c:81:
                    69:0d:2f:4d:8d:05:29:14:7c:19:4a:2f:d2:9e:9e:
                    0f:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:8E:62:C8:0E:9F:16:3E:5F:51:AE:8B:13:50:45:B0:65:D4:2B:B1
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4ea17e97-f0cd-4d3d-99e2-9494a5e72fe6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:19:74:d9:51:26:c1:ab:8f:a0:d1:c4:54:d1:90:51:25:ca:
         61:84:6c:e8:50:81:d3:0d:9a:a0:0b:55:28:9d:24:c9:89:69:
         8a:a5:d9:0e:e9:1e:b8:f4:fc:cb:94:63:6b:ea:57:1e:70:ce:
         54:af:56:f9:11:bf:2c:e0:d9:77:1f:19:69:fa:63:26:5f:b3:
         d4:27:d9:34:0d:0e:db:5f:74:fa:9a:52:c4:80:5c:a8:f8:a2:
         ca:0e:e4:0f:39:c6:c9:db:f2:a4:e8:59:3b:49:b5:aa:f2:ca:
         8c:74:a3:d5:43:6e:2d:f8:34:81:fe:42:8a:db:d1:62:56:a5:
         73:cc:77:8c:79:df:bc:6f:ee:a3:9e:2c:54:f6:67:c3:1a:2f:
         22:a1:4a:bf:63:f1:6f:5e:80:b5:a2:71:d8:50:12:98:bf:33:
         e9:62:aa:d4:f2:7e:64:90:fa:1e:ca:6a:60:cd:74:ab:f9:71:
         7a:92:c9:e2:a7:f9:a3:ff:3a:9b:cd:ee:7e:2e:fb:b0:8d:48:
         3f:8d:ff:39:d5:62:68:1b:a2:52:bb:44:aa:bb:c0:45:57:2b:
         0d:6f:51:db:00:5a:f1:1b:44:52:d6:d3:a1:d4:69:23:c2:eb:
         30:bc:0a:17:35:b5:45:fe:74:4b:53:ab:fd:bb:a3:86:c5:1b:
         96:d7:9d:e2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQ/x2Q3o4+StiQDZMMAKW8lX36swwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMDI2MDAwMDAwWhcNMjQxMTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AwMzIzMDBiMTk4OWNmNTBiYTlhYzUwYTdhMTg2YjdkMWNh
YjI1ZjMwMGU4ZTlhMzVjNWNiYTgzMmI1NGRhZTUzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDAuLwgt4aIhDXNuj2aRkXHXsqDRnH/ybLKeyS9xN7T/l7p
OQ8oGB6Go/5+r4REmPfBlT9KF2tJOBbXzUlRcEoE8j3uM+a1UY17WYA6dvOusXxB
D8y641P82xS/uDpFnC3F51quqCOrRh/mgRH6Xd2v7XAdOhAcTh399VK1CaKcsPK4
qG6t9NaEDe5MG7qPIelj0aPgWBo4SSnpkflJRUw/N0eTxHmDrScJQQ2dGAdqPOa0
wRYrbmhbjo9jGufPY0VMh1KxhKsI1D5W3pgsHcgUDIG8zvaYPYYtc7LbKT1cUAd4
vJB1OOxiOZ5NF41MgWkNL02NBSkUfBlKL9Keng/XAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUk45iyA6fFj5fUa6LE1BFsGXUK7EwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzRlYTE3ZTk3LWYwY2QtNGQzZC05OWUyLTk0OTRhNWU3MmZlNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGMZdNlRJsGrj6DRxFTRkFElymGE
bOhQgdMNmqALVSidJMmJaYql2Q7pHrj0/MuUY2vqVx5wzlSvVvkRvyzg2XcfGWn6
YyZfs9Qn2TQNDttfdPqaUsSAXKj4osoO5A85xsnb8qToWTtJtaryyox0o9VDbi34
NIH+Qorb0WJWpXPMd4x537xv7qOeLFT2Z8MaLyKhSr9j8W9egLWicdhQEpi/M+li
qtTyfmSQ+h7KamDNdKv5cXqSyeKn+aP/OpvN7n4u+7CNSD+N/znVYmgbolK7RKq7
wEVXKw1vUdsAWvEbRFLW06HUaSPC6zC8Chc1tUX+dEtTq/27o4bFG5bXneI=
-----END CERTIFICATE-----