Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4f8a301e-7ad5-4cde-8163-4cf2810cfa5a.roa
File:                     4f8a301e-7ad5-4cde-8163-4cf2810cfa5a.roa (raw, json)
Hash identifier:          LMDxgETWn/oq4z/83kSY+DaoUd18BdffeIAWSoEHbsA=
Subject key identifier:   29:66:FE:84:4C:E5:0B:1E:8F:EE:77:42:E5:39:2A:91:82:82:E9:63
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2C482E56DF81996FE97F24FDC7A74DE548C1DAFB
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4f8a301e-7ad5-4cde-8163-4cf2810cfa5a.roa
Signing time:             Thu 23 May 2024 00:00:00 +0000
ROA not before:           Thu 23 May 2024 00:00:00 +0000
ROA not after:            Thu 27 Jun 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:48:2e:56:df:81:99:6f:e9:7f:24:fd:c7:a7:4d:e5:48:c1:da:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: May 23 00:00:00 2024 GMT
            Not After : Jun 27 23:59:59 2024 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:7e:7a:a2:18:52:ff:7d:52:f1:e9:6a:fe:6f:
                    42:2f:b9:a0:9a:e3:17:01:34:91:0f:e1:8b:be:3a:
                    75:fb:6d:29:15:8d:06:9c:c9:75:b6:35:ad:40:af:
                    fa:8f:4a:f8:64:f6:97:a0:fe:8d:9f:2f:05:d6:e4:
                    f9:e1:ad:1a:f7:e6:cb:b7:aa:bb:22:bb:f8:e9:81:
                    0e:6f:6b:60:61:b6:b1:26:fd:b6:9d:53:08:a1:6e:
                    25:8f:c3:2c:f6:9e:d1:db:61:1e:d9:02:35:66:00:
                    64:2e:09:4a:cc:15:51:66:f9:d6:80:c9:0d:0e:66:
                    71:7e:e6:78:d5:da:d6:1d:57:df:de:ed:cd:77:9b:
                    5c:45:cd:6e:96:5e:ca:f3:9e:92:8b:26:76:94:62:
                    e5:48:34:b8:7c:50:9e:65:f9:3e:ec:e6:8c:79:75:
                    9c:93:96:d5:83:52:b2:bb:71:26:74:e4:8a:df:58:
                    3a:84:b8:14:16:0e:29:0f:46:ad:ef:f4:a2:6c:53:
                    ba:00:f8:fc:26:07:15:70:dc:50:8f:20:31:6b:5d:
                    6c:8d:9f:ec:60:91:ec:ce:6d:5c:eb:fa:ac:15:6d:
                    1e:8a:14:eb:8b:fc:a3:2a:9d:b6:9f:5e:be:54:1e:
                    87:02:45:f1:f5:65:5f:37:de:f9:83:d3:31:a7:b2:
                    e0:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:66:FE:84:4C:E5:0B:1E:8F:EE:77:42:E5:39:2A:91:82:82:E9:63
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4f8a301e-7ad5-4cde-8163-4cf2810cfa5a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:02:2a:be:05:a3:ea:c3:a3:05:8f:fa:ea:1b:44:69:ba:ca:
         3f:05:e7:5e:71:6c:9b:09:3d:10:f6:2f:26:3d:ae:74:1b:cb:
         e7:3a:f2:d2:9e:a3:d6:ac:28:72:ab:0a:f4:9f:4f:15:b9:7f:
         6a:dc:45:c9:62:ae:7d:26:73:d8:1e:ff:b5:a3:d3:7c:f4:f0:
         68:c0:d2:48:3b:ae:91:83:75:f6:13:1c:c9:c8:47:da:f2:88:
         90:87:dc:8c:5d:17:b4:31:28:f0:55:06:81:52:47:38:8a:70:
         ca:25:ca:0d:88:1f:e5:b1:2a:9c:51:4c:0e:c7:42:34:5f:16:
         4a:6e:ce:58:0e:4a:d7:0c:45:76:fe:4a:60:8d:f1:b9:45:9a:
         c6:ff:73:e6:05:df:34:43:d5:8c:0f:02:52:11:72:cd:ff:bc:
         2a:f9:e0:7f:64:d2:40:e7:b5:74:6c:4e:10:b9:0c:16:66:2c:
         25:b4:f0:52:45:d9:9e:4e:68:a2:6e:48:0f:fc:23:06:fa:fd:
         35:5e:e2:2b:3b:03:6e:8c:7e:db:a1:1c:50:2d:1c:8f:34:5d:
         30:6f:39:3a:26:b9:21:c8:96:66:4a:ba:31:b5:1f:06:54:a8:
         78:f7:cb:11:cb:97:fd:6b:21:17:81:a6:f0:7d:dd:4c:6b:88:
         70:5a:a5:c5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULEguVt+BmW/pfyT9x6dN5UjB2vswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNTIzMDAwMDAwWhcNMjQwNjI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A2YmFhZDkyMzdiOTYyMGY2Yjc1ODA1NzE1MGJjZjcwMmUw
OGNmMGQ4ZTA5YmM2MjIyMzNkNDE0ZmE3NWNlNGQ4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCsfnqiGFL/fVLx6Wr+b0IvuaCa4xcBNJEP4Yu+OnX7bSkV
jQacyXW2Na1Ar/qPSvhk9peg/o2fLwXW5PnhrRr35su3qrsiu/jpgQ5va2BhtrEm
/badUwihbiWPwyz2ntHbYR7ZAjVmAGQuCUrMFVFm+daAyQ0OZnF+5njV2tYdV9/e
7c13m1xFzW6WXsrznpKLJnaUYuVINLh8UJ5l+T7s5ox5dZyTltWDUrK7cSZ05Irf
WDqEuBQWDikPRq3v9KJsU7oA+PwmBxVw3FCPIDFrXWyNn+xgkezObVzr+qwVbR6K
FOuL/KMqnbafXr5UHocCRfH1ZV833vmD0zGnsuDdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUKWb+hEzlCx6P7ndC5TkqkYKC6WMwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzRmOGEzMDFlLTdhZDUtNGNkZS04MTYzLTRjZjI4MTBjZmE1YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAMCKr4Fo+rDowWP+uobRGm6yj8F
515xbJsJPRD2LyY9rnQby+c68tKeo9asKHKrCvSfTxW5f2rcRclirn0mc9ge/7Wj
03z08GjA0kg7rpGDdfYTHMnIR9ryiJCH3IxdF7QxKPBVBoFSRziKcMolyg2IH+Wx
KpxRTA7HQjRfFkpuzlgOStcMRXb+SmCN8blFmsb/c+YF3zRD1YwPAlIRcs3/vCr5
4H9k0kDntXRsThC5DBZmLCW08FJF2Z5OaKJuSA/8Iwb6/TVe4is7A26MftuhHFAt
HI80XTBvOTomuSHIlmZKujG1HwZUqHj3yxHLl/1rIReBpvB93UxriHBapcU=
-----END CERTIFICATE-----