Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5d584abe-eee8-4452-8fd5-4dd1b13d49d2.roa
File:                     5d584abe-eee8-4452-8fd5-4dd1b13d49d2.roa (raw, json)
Hash identifier:          obeRg2LC/M66G43OUYJbcs6WxXsBxuZIVhUZyOzMJn0=
Subject key identifier:   E7:9B:45:24:61:9B:99:5D:DB:B2:4B:2C:C2:CC:2A:B9:B4:81:BD:FC
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2017FE09F08803623958A6803E2D6302368FDCDD
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5d584abe-eee8-4452-8fd5-4dd1b13d49d2.roa
Signing time:             Wed 15 Jan 2025 00:00:00 +0000
ROA not before:           Wed 15 Jan 2025 00:00:00 +0000
ROA not after:            Wed 19 Feb 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:17:fe:09:f0:88:03:62:39:58:a6:80:3e:2d:63:02:36:8f:dc:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jan 15 00:00:00 2025 GMT
            Not After : Feb 19 23:59:59 2025 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:62:14:e0:a6:6e:13:1d:1e:5b:c9:5b:5e:69:
                    61:6f:fb:95:d6:bc:f5:6e:77:5f:55:7a:a6:33:ea:
                    99:ca:08:16:10:5b:e7:37:81:19:fb:87:71:f1:3e:
                    cb:56:80:4a:dd:9f:40:c8:4d:6e:bd:8e:c0:2a:a5:
                    16:8b:9c:8f:27:b5:bf:d5:f9:fd:18:b1:26:65:d9:
                    26:ab:ef:de:ba:9a:99:eb:5f:e0:96:61:5f:60:00:
                    0a:d2:e8:ee:6d:ee:a4:38:37:dc:1c:73:dd:61:ee:
                    72:65:f0:46:22:0c:a7:16:ed:48:51:08:95:91:95:
                    f0:8d:83:c0:58:c6:d7:87:90:ad:96:fc:b2:0a:dd:
                    22:33:61:4b:b5:78:97:22:1b:c4:31:8f:1f:ec:b1:
                    3e:6c:16:d0:8a:fc:35:53:e0:34:63:c9:d0:4b:bf:
                    c0:8f:17:51:1c:4b:f5:60:34:92:87:9f:f2:5c:d6:
                    63:b1:84:37:57:fd:33:7c:93:12:83:2b:fd:18:3e:
                    5e:e2:86:b0:25:5e:f6:7e:23:61:e5:e3:75:21:b7:
                    94:00:f7:85:fa:5f:64:0a:3a:4e:72:34:af:ce:0e:
                    99:37:3d:b1:e2:66:58:e8:40:bc:e4:e2:ee:a4:33:
                    b1:6f:11:62:f0:1a:33:60:f1:bf:1a:98:bc:88:3a:
                    31:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:9B:45:24:61:9B:99:5D:DB:B2:4B:2C:C2:CC:2A:B9:B4:81:BD:FC
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5d584abe-eee8-4452-8fd5-4dd1b13d49d2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:d3:81:fd:9f:89:1e:19:0b:ef:8b:f9:b9:1a:a7:ed:a4:68:
         f9:42:01:bc:a1:23:4b:f9:13:7e:54:91:c2:ed:f3:4c:b7:65:
         dc:1d:b2:ff:7f:13:8a:8f:fb:38:dc:2a:dc:60:fb:b4:2f:b9:
         bc:72:5c:6e:23:0c:89:0a:b3:c8:dd:54:71:ed:6e:60:a1:46:
         28:3e:95:0a:fe:d7:7b:9f:0d:78:89:9e:63:16:59:b2:4b:26:
         49:8f:c5:31:e9:f8:7f:b0:09:dd:bc:10:8d:b1:9e:4d:e7:56:
         f1:49:28:21:c0:ea:33:ef:9f:07:3a:d9:46:8f:4a:56:5d:c5:
         1e:e4:f1:23:c4:08:9c:55:2d:73:ea:fc:ea:2a:c4:9f:2b:bf:
         58:0b:1a:e5:99:b9:fd:da:5f:13:73:1a:9e:31:62:c6:c0:80:
         5b:2f:1a:68:07:fc:6f:1b:3e:ea:f3:af:78:2e:c6:60:1a:0c:
         85:47:56:61:e3:ce:86:61:bb:b5:39:de:8d:55:76:69:5e:a8:
         89:e7:e3:b3:56:68:fd:a1:25:f0:0a:00:2a:2f:09:39:e8:7c:
         3d:b4:07:76:f4:ee:11:33:8d:82:5e:87:47:9e:a6:d0:7e:16:
         9a:17:08:f4:b0:78:1a:ac:d6:65:ab:8b:c2:c6:88:45:80:a6:
         32:de:09:49
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIBf+CfCIA2I5WKaAPi1jAjaP3N0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMTE1MDAwMDAwWhcNMjUwMjE5MjM1OTU5
WjB6MUkwRwYDVQQFE0A5OGUxN2M0N2VlZGI1ZjAwZmFmMWNjMjljZmJjMmZmYjJl
NzU0OGE3YWIyMGI5MTFiN2I2NTJlOGFjYTZlNDVmMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDQYhTgpm4THR5byVteaWFv+5XWvPVud19VeqYz6pnKCBYQ
W+c3gRn7h3HxPstWgErdn0DITW69jsAqpRaLnI8ntb/V+f0YsSZl2Sar7966mpnr
X+CWYV9gAArS6O5t7qQ4N9wcc91h7nJl8EYiDKcW7UhRCJWRlfCNg8BYxteHkK2W
/LIK3SIzYUu1eJciG8Qxjx/ssT5sFtCK/DVT4DRjydBLv8CPF1EcS/VgNJKHn/Jc
1mOxhDdX/TN8kxKDK/0YPl7ihrAlXvZ+I2Hl43Uht5QA94X6X2QKOk5yNK/ODpk3
PbHiZljoQLzk4u6kM7FvEWLwGjNg8b8amLyIOjGRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU55tFJGGbmV3bsksswswqubSBvfwwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzVkNTg0YWJlLWVlZTgtNDQ1Mi04ZmQ1LTRkZDFiMTNkNDlkMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKTTgf2fiR4ZC++L+bkap+2kaPlC
AbyhI0v5E35UkcLt80y3Zdwdsv9/E4qP+zjcKtxg+7QvubxyXG4jDIkKs8jdVHHt
bmChRig+lQr+13ufDXiJnmMWWbJLJkmPxTHp+H+wCd28EI2xnk3nVvFJKCHA6jPv
nwc62UaPSlZdxR7k8SPECJxVLXPq/OoqxJ8rv1gLGuWZuf3aXxNzGp4xYsbAgFsv
GmgH/G8bPurzr3guxmAaDIVHVmHjzoZhu7U53o1VdmleqInn47NWaP2hJfAKACov
CTnofD20B3b07hEzjYJeh0eeptB+FpoXCPSweBqs1mWri8LGiEWApjLeCUk=
-----END CERTIFICATE-----