Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/61ec415f-b39c-41a2-a8aa-b7fadbbfce12.roa
File:                     61ec415f-b39c-41a2-a8aa-b7fadbbfce12.roa (raw, json)
Hash identifier:          TOBsPJq/9L+24FWNIjf8/n5Y0+C1lM9+WRiXb/Noe58=
Subject key identifier:   E6:F8:BB:68:90:B4:85:A8:59:18:92:FE:B3:45:6C:A1:37:43:EA:75
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       25F8D5175E4DA74750D4AEB34FA4FFAA765065CC
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/61ec415f-b39c-41a2-a8aa-b7fadbbfce12.roa
Signing time:             Tue 10 Dec 2024 00:00:00 +0000
ROA not before:           Tue 10 Dec 2024 00:00:00 +0000
ROA not after:            Tue 14 Jan 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:f8:d5:17:5e:4d:a7:47:50:d4:ae:b3:4f:a4:ff:aa:76:50:65:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 10 00:00:00 2024 GMT
            Not After : Jan 14 23:59:59 2025 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:74:6e:5f:e0:3e:32:cc:04:58:ee:31:bb:94:
                    9b:9d:9c:f7:f1:c2:e4:d7:b9:d9:13:c6:61:e0:cc:
                    2f:e0:f0:d3:11:41:8c:68:7b:4a:27:2e:80:ba:96:
                    68:c0:97:df:77:70:41:76:c8:c7:aa:3f:21:34:53:
                    5c:58:2c:b9:64:af:c7:4d:21:01:ed:22:80:c6:74:
                    37:f9:2c:49:44:64:17:71:5b:4d:03:3a:cc:d5:fd:
                    1f:b1:ba:1c:d8:a0:1e:5c:d8:ca:f4:19:d6:96:c2:
                    b1:ad:b5:d3:70:b1:be:4f:6e:95:94:dd:8f:34:03:
                    fe:57:fd:5e:58:6c:68:ed:03:ed:59:48:d4:03:ed:
                    55:78:0c:91:6e:02:9f:06:ab:5d:f7:82:b8:10:14:
                    b1:b5:03:d6:31:d2:de:3e:8c:5a:4c:bb:92:09:a2:
                    b6:e5:b5:15:c2:9b:8f:01:84:d4:00:23:48:66:15:
                    05:09:b1:33:3b:5b:51:2c:0e:e1:21:db:5a:50:f0:
                    6e:ba:74:57:ab:35:78:28:88:51:d4:4d:a6:b6:0f:
                    2b:1e:08:a9:dc:e9:59:61:eb:b4:9a:5f:90:93:5a:
                    ed:ed:56:c1:ab:2b:4e:3c:db:41:80:0d:c0:4e:d9:
                    ff:d6:2d:75:27:1c:95:de:dd:bd:ee:26:d9:5d:d7:
                    73:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:F8:BB:68:90:B4:85:A8:59:18:92:FE:B3:45:6C:A1:37:43:EA:75
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/61ec415f-b39c-41a2-a8aa-b7fadbbfce12.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:95:2b:72:0b:0f:75:d7:e7:af:84:a5:cc:31:a7:01:95:4c:
         5f:69:77:31:ed:61:c4:54:83:d5:64:e5:f2:26:bb:54:0c:28:
         ca:24:a4:80:c2:12:ea:f2:bd:96:eb:61:a3:98:0f:e7:94:53:
         4a:48:da:0b:0d:7b:92:02:60:c3:0a:bb:44:12:63:97:ca:b2:
         26:d0:57:29:8c:fe:cb:de:d4:3f:75:0a:cb:6d:76:ac:83:c2:
         cc:62:77:6e:40:b5:98:b2:38:a0:db:d0:36:09:cc:81:96:2e:
         b4:c8:ef:8c:b2:41:60:00:b4:91:34:1c:0f:70:7f:15:c8:ff:
         6f:6b:11:66:cd:7c:fc:fb:3d:af:a1:dc:1e:68:63:e2:ea:e6:
         9c:27:b8:fb:75:0f:62:73:88:30:68:bb:8e:ff:4f:aa:b5:1d:
         d6:ab:29:c5:07:d0:21:ea:2a:54:80:14:a2:c2:82:a3:1f:e3:
         be:71:e7:d0:6f:00:d6:be:e6:35:bc:31:0c:74:db:12:4f:ba:
         21:d0:65:61:a2:e1:48:cc:4b:9a:cd:fe:38:1a:52:af:71:a1:
         b7:dc:5a:42:59:21:a5:ea:be:d5:f2:d2:30:50:3d:c1:23:ef:
         9f:a1:e3:44:d8:30:94:88:6f:a5:79:71:29:5d:12:23:42:35:
         82:d0:71:94
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJfjVF15Np0dQ1K6zT6T/qnZQZcwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMjEwMDAwMDAwWhcNMjUwMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BhM2EzMjc0NjgwN2M3Yjc2MmI4YjY1YzMxMmM1OWEwZmEx
ODQ2MTJlM2Q1MTY5MTEzNTYyN2NmNzgwZjhhMWI2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDxdG5f4D4yzARY7jG7lJudnPfxwuTXudkTxmHgzC/g8NMR
QYxoe0onLoC6lmjAl993cEF2yMeqPyE0U1xYLLlkr8dNIQHtIoDGdDf5LElEZBdx
W00DOszV/R+xuhzYoB5c2Mr0GdaWwrGttdNwsb5PbpWU3Y80A/5X/V5YbGjtA+1Z
SNQD7VV4DJFuAp8Gq133grgQFLG1A9Yx0t4+jFpMu5IJorbltRXCm48BhNQAI0hm
FQUJsTM7W1EsDuEh21pQ8G66dFerNXgoiFHUTaa2DyseCKnc6Vlh67SaX5CTWu3t
VsGrK04820GADcBO2f/WLXUnHJXe3b3uJtld13NFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU5vi7aJC0hahZGJL+s0VsoTdD6nUwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzYxZWM0MTVmLWIzOWMtNDFhMi1hOGFhLWI3ZmFkYmJmY2UxMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEiVK3ILD3XX56+EpcwxpwGVTF9p
dzHtYcRUg9Vk5fImu1QMKMokpIDCEuryvZbrYaOYD+eUU0pI2gsNe5ICYMMKu0QS
Y5fKsibQVymM/sve1D91CsttdqyDwsxid25AtZiyOKDb0DYJzIGWLrTI74yyQWAA
tJE0HA9wfxXI/29rEWbNfPz7Pa+h3B5oY+Lq5pwnuPt1D2JziDBou47/T6q1Hdar
KcUH0CHqKlSAFKLCgqMf475x59BvANa+5jW8MQx02xJPuiHQZWGi4UjMS5rN/jga
Uq9xobfcWkJZIaXqvtXy0jBQPcEj75+h40TYMJSIb6V5cSldEiNCNYLQcZQ=
-----END CERTIFICATE-----