Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/60ad156a-cbee-4f76-bc10-3c1bde42bbdb.roa
File:                     60ad156a-cbee-4f76-bc10-3c1bde42bbdb.roa (raw, json)
Hash identifier:          pPA0ipqKTfdukrmEA/y4YW8mOd4ACE+6UNDQK0CbIZo=
Subject key identifier:   6A:29:DF:B7:25:2A:30:A4:B3:9F:FE:19:AF:60:EE:40:A3:13:AF:E6
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       6EA1663D42355B9881B3D5D578E4A61C5BAF6CF1
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/60ad156a-cbee-4f76-bc10-3c1bde42bbdb.roa
Signing time:             Thu 06 Mar 2025 05:53:20 +0000
ROA not before:           Thu 06 Mar 2025 05:53:20 +0000
ROA not after:            Thu 10 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:a1:66:3d:42:35:5b:98:81:b3:d5:d5:78:e4:a6:1c:5b:af:6c:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar  6 05:53:20 2025 GMT
            Not After : Apr 10 23:59:59 2025 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:f9:e5:2c:a2:ae:1d:8a:e1:ef:b3:82:81:7a:
                    90:96:4b:49:ac:46:8e:90:ad:b8:fc:39:d9:72:cb:
                    f3:11:d8:5a:20:89:bc:93:3e:66:fd:36:16:68:ab:
                    04:10:4c:46:51:70:26:d0:db:e3:81:df:46:10:85:
                    5f:29:8b:1a:df:3e:f7:1f:de:5b:a5:a9:be:40:78:
                    01:f9:da:8f:21:4b:68:64:32:a1:6a:d2:f7:8f:7e:
                    4d:27:16:ff:64:04:3c:77:3b:ae:4a:33:c6:53:93:
                    a6:07:9a:ac:11:1d:ce:31:d2:ce:58:3c:a1:16:fe:
                    6e:01:3c:c3:dd:d5:d6:2e:f8:d7:c7:1d:ee:f8:ef:
                    b9:13:ec:16:54:30:c1:1f:e7:94:28:f0:af:00:ab:
                    8a:29:14:89:78:43:40:c8:ec:8f:c4:06:b2:a9:9d:
                    9d:e9:a8:70:86:8c:d4:6f:c3:ba:7f:6f:19:f7:e1:
                    25:b0:6b:65:7c:86:de:d7:b7:51:1a:94:cd:50:9c:
                    4a:c1:3f:33:d8:57:db:28:4f:5f:75:9d:95:d7:65:
                    0b:3f:7b:6d:51:47:2a:38:f1:83:8b:35:ed:12:d8:
                    7c:95:8f:ea:bb:d5:42:3b:dd:32:19:88:73:90:f9:
                    01:ce:bc:d1:98:46:5f:51:c2:66:e9:d9:8b:fa:fa:
                    29:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:29:DF:B7:25:2A:30:A4:B3:9F:FE:19:AF:60:EE:40:A3:13:AF:E6
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/60ad156a-cbee-4f76-bc10-3c1bde42bbdb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:28:83:25:09:73:57:93:e2:83:f9:45:28:43:d4:ce:9d:49:
         ff:c9:7b:3f:96:35:5f:4e:48:3c:1a:13:03:f8:af:5a:2f:cb:
         1a:88:01:50:cc:8b:a9:cf:25:c8:ac:f1:99:10:9b:6c:e0:75:
         29:fd:21:29:dc:db:6a:db:da:54:50:da:77:43:57:dc:18:69:
         34:a6:61:c7:09:3a:3c:f2:ef:3f:64:46:56:72:b6:7d:30:e5:
         5c:bc:e7:b6:68:f5:a1:bc:24:78:fc:35:5d:6c:06:08:f1:62:
         d0:ad:e5:b7:15:cc:f4:d8:f2:87:ef:21:17:4f:57:29:06:d4:
         e8:a2:9e:9e:8a:d7:9b:f4:4c:e8:35:d6:a0:7d:43:fa:a8:87:
         90:5a:a8:1f:b6:e2:95:3d:2c:77:59:69:b7:50:e6:0b:c2:f1:
         0e:76:c1:ef:10:52:62:0d:06:74:28:02:98:40:03:94:6b:97:
         73:c1:dc:29:4c:b1:a9:df:0e:f7:20:68:e7:33:ea:da:02:b7:
         e8:57:92:d4:92:d7:7e:fd:0d:8a:79:db:63:b4:c3:25:4f:b5:
         33:08:b7:3b:db:50:ea:2b:d0:78:96:75:ee:16:ad:ee:e3:3e:
         42:fc:a0:28:eb:42:98:76:b0:a4:3f:2b:32:7e:cf:93:94:ef:
         2b:df:4d:03
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbqFmPUI1W5iBs9XVeOSmHFuvbPEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzA2MDU1MzIwWhcNMjUwNDEwMjM1OTU5
WjB6MUkwRwYDVQQFE0AyNzIwMzEwNzhlMmZiMmFlZTM1M2RhYmFkYzZhMmYwZmRm
ZjdiNzM1MDdjNWU4YTg5ZTM4Y2Y2YjVlOWM3MTQxMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCt+eUsoq4diuHvs4KBepCWS0msRo6Qrbj8Odlyy/MR2Fog
ibyTPmb9NhZoqwQQTEZRcCbQ2+OB30YQhV8pixrfPvcf3lulqb5AeAH52o8hS2hk
MqFq0vePfk0nFv9kBDx3O65KM8ZTk6YHmqwRHc4x0s5YPKEW/m4BPMPd1dYu+NfH
He7477kT7BZUMMEf55Qo8K8Aq4opFIl4Q0DI7I/EBrKpnZ3pqHCGjNRvw7p/bxn3
4SWwa2V8ht7Xt1EalM1QnErBPzPYV9soT191nZXXZQs/e21RRyo48YOLNe0S2HyV
j+q71UI73TIZiHOQ+QHOvNGYRl9Rwmbp2Yv6+imBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUainftyUqMKSzn/4Zr2DuQKMTr+YwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzYwYWQxNTZhLWNiZWUtNGY3Ni1iYzEwLTNjMWJkZTQyYmJkYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABoogyUJc1eT4oP5RShD1M6dSf/J
ez+WNV9OSDwaEwP4r1ovyxqIAVDMi6nPJcis8ZkQm2zgdSn9ISnc22rb2lRQ2ndD
V9wYaTSmYccJOjzy7z9kRlZytn0w5Vy857Zo9aG8JHj8NV1sBgjxYtCt5bcVzPTY
8ofvIRdPVykG1Oiinp6K15v0TOg11qB9Q/qoh5BaqB+24pU9LHdZabdQ5gvC8Q52
we8QUmINBnQoAphAA5Rrl3PB3ClMsanfDvcgaOcz6toCt+hXktSS1379DYp522O0
wyVPtTMItzvbUOor0HiWde4Wre7jPkL8oCjrQph2sKQ/KzJ+z5OU7yvfTQM=
-----END CERTIFICATE-----