Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/58885394-701d-4838-b81d-a6728bbe622a.roa
File:                     58885394-701d-4838-b81d-a6728bbe622a.roa (raw, json)
Hash identifier:          InWL5enNSKoFdcqYILvIK+7iAlsWZtaGaa9XJfwyLG4=
Subject key identifier:   EA:CE:43:64:66:E5:DC:C9:E7:7C:E2:EE:3D:E4:6F:AF:FC:C2:88:F3
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       20567729D9860A9E976E38C6928625F1DC51E0F9
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/58885394-701d-4838-b81d-a6728bbe622a.roa
Signing time:             Tue 25 Mar 2025 08:58:18 +0000
ROA not before:           Tue 25 Mar 2025 08:58:18 +0000
ROA not after:            Tue 29 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:56:77:29:d9:86:0a:9e:97:6e:38:c6:92:86:25:f1:dc:51:e0:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 25 08:58:18 2025 GMT
            Not After : Apr 29 23:59:59 2025 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:5b:e9:b3:58:fd:bc:18:93:e9:c4:f8:27:4e:
                    4a:a4:d8:65:33:19:cd:a9:b4:3f:5b:57:4a:46:36:
                    86:ab:12:0c:8a:88:c2:bd:18:e4:ea:2b:44:59:79:
                    d5:16:27:5e:3c:06:03:c6:23:68:1b:f7:95:67:0c:
                    3d:da:d7:04:06:7a:cf:46:a2:3d:84:b1:29:c0:fe:
                    a3:8b:2f:c0:71:73:e1:d3:da:18:00:10:de:3c:3c:
                    28:0a:00:cf:5b:76:f1:73:81:be:be:99:9b:f0:1d:
                    f3:2c:54:51:4e:35:45:42:30:ee:ce:3e:de:77:ff:
                    5e:26:72:7d:9a:4d:5b:e6:6d:d8:97:be:32:98:03:
                    f6:40:b3:0d:79:8e:e9:c6:7d:bc:f3:82:ed:15:1e:
                    a7:9f:23:2b:20:dd:be:f8:a8:18:9b:8e:a0:8e:b6:
                    80:1d:8f:b2:0d:a0:38:2e:0d:30:99:be:b1:84:6d:
                    79:3d:2f:0a:9a:45:c5:cf:88:d6:62:cf:27:98:ad:
                    42:e2:90:62:81:8f:b2:f2:73:34:95:a5:fa:eb:6d:
                    70:c9:e9:62:34:a7:36:5a:14:9b:ae:ae:75:f9:75:
                    f7:de:31:48:41:cd:c8:d9:f3:d0:bf:47:6f:2f:0e:
                    5a:30:87:a8:07:88:b8:f4:28:7e:6b:ab:31:98:14:
                    8c:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:CE:43:64:66:E5:DC:C9:E7:7C:E2:EE:3D:E4:6F:AF:FC:C2:88:F3
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/58885394-701d-4838-b81d-a6728bbe622a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:2f:52:5c:b0:7d:c2:40:1e:9d:13:01:0b:28:db:44:57:13:
         58:b5:5b:d0:cb:7d:ab:00:3a:9a:70:65:c2:8d:8f:5e:ee:ef:
         36:e7:bc:15:41:63:a7:de:dd:7f:fa:1f:90:c3:c7:76:69:26:
         01:55:42:e9:7a:25:6c:3a:b7:2f:fe:d5:25:19:2c:1b:92:b7:
         86:ed:5c:a0:f9:5b:29:1f:df:62:39:5f:a4:75:53:e2:b9:7f:
         8d:56:b3:28:b6:15:70:ce:c6:be:18:d9:a3:52:02:e9:6f:f2:
         14:79:22:a3:55:ec:4e:d9:f6:cd:a9:a4:ee:12:9e:8e:9a:7b:
         71:9d:3c:30:06:d3:4e:48:51:d0:5a:95:20:9a:bf:19:9c:95:
         b4:03:be:65:32:18:79:8f:31:1a:b3:da:20:2a:a6:a4:bd:f2:
         82:a1:1e:b7:d1:ae:46:ea:9b:d9:aa:a9:c3:0c:ac:a2:b9:41:
         ba:21:d4:9b:9f:87:2b:c0:2e:14:1d:ed:9f:7f:56:0e:f0:0b:
         6f:5d:f0:b9:58:0d:a8:bd:91:ba:29:ff:44:f5:60:eb:22:ec:
         e6:0c:a3:b3:50:ec:69:fe:97:23:43:ba:72:c2:d2:68:2d:ea:
         09:4a:30:e8:08:d5:94:39:6f:5b:4f:fa:ca:4d:22:ca:b7:56:
         4f:34:e4:7f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIFZ3KdmGCp6XbjjGkoYl8dxR4PkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzI1MDg1ODE4WhcNMjUwNDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BhYTdhNzY5ODQzODZkM2ExNjlkZGUxMmFlNTY0ODMzNzlm
MmY3NDc3MzI2ODMzMjk0ZDljZDVkYzI4MGQ2MjEyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCUW+mzWP28GJPpxPgnTkqk2GUzGc2ptD9bV0pGNoarEgyK
iMK9GOTqK0RZedUWJ148BgPGI2gb95VnDD3a1wQGes9Goj2EsSnA/qOLL8Bxc+HT
2hgAEN48PCgKAM9bdvFzgb6+mZvwHfMsVFFONUVCMO7OPt53/14mcn2aTVvmbdiX
vjKYA/ZAsw15junGfbzzgu0VHqefIysg3b74qBibjqCOtoAdj7INoDguDTCZvrGE
bXk9LwqaRcXPiNZizyeYrULikGKBj7LyczSVpfrrbXDJ6WI0pzZaFJuurnX5dffe
MUhBzcjZ89C/R28vDlowh6gHiLj0KH5rqzGYFIybAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU6s5DZGbl3MnnfOLuPeRvr/zCiPMwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzU4ODg1Mzk0LTcwMWQtNDgzOC1iODFkLWE2NzI4YmJlNjIyYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJ8vUlywfcJAHp0TAQso20RXE1i1
W9DLfasAOppwZcKNj17u7zbnvBVBY6fe3X/6H5DDx3ZpJgFVQul6JWw6ty/+1SUZ
LBuSt4btXKD5Wykf32I5X6R1U+K5f41Wsyi2FXDOxr4Y2aNSAulv8hR5IqNV7E7Z
9s2ppO4Sno6ae3GdPDAG005IUdBalSCavxmclbQDvmUyGHmPMRqz2iAqpqS98oKh
HrfRrkbqm9mqqcMMrKK5Qboh1JufhyvALhQd7Z9/Vg7wC29d8LlYDai9kbop/0T1
YOsi7OYMo7NQ7Gn+lyNDunLC0mgt6glKMOgI1ZQ5b1tP+spNIsq3Vk805H8=
-----END CERTIFICATE-----