Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/65a55727-f696-46ab-8852-2bd402b01396.roa
File:                     65a55727-f696-46ab-8852-2bd402b01396.roa (raw, json)
Hash identifier:          Md+Vp3Cl0cgzmraCP/l7FNXfacdAYKgr/zzHku7r/nQ=
Subject key identifier:   22:5F:7C:81:0C:42:E9:D6:08:07:B3:B8:DE:EB:98:C7:C8:60:67:4A
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       6BF42C851BE42BC27A7C6F9547278316D1D2D385
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/65a55727-f696-46ab-8852-2bd402b01396.roa
Signing time:             Wed 26 Mar 2025 01:03:18 +0000
ROA not before:           Wed 26 Mar 2025 01:03:18 +0000
ROA not after:            Wed 30 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:f4:2c:85:1b:e4:2b:c2:7a:7c:6f:95:47:27:83:16:d1:d2:d3:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 26 01:03:18 2025 GMT
            Not After : Apr 30 23:59:59 2025 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:09:d1:f1:9d:69:e6:9e:39:9e:9c:26:6e:f5:
                    b3:d1:95:d1:0e:48:05:4e:1c:d5:08:9a:29:62:cc:
                    26:16:f4:73:2b:99:cb:53:cc:81:56:13:1a:41:f5:
                    20:3d:49:33:52:16:e7:90:3a:54:f0:53:7f:9c:11:
                    d9:10:f8:fd:34:dd:f2:cb:03:43:f1:c9:f6:5e:22:
                    49:97:7f:45:bf:06:12:5c:02:a6:61:47:2d:91:03:
                    05:31:ea:2f:f4:a6:29:1e:3e:9a:b2:75:fc:2c:bd:
                    46:8b:a8:c4:03:30:53:ba:d9:29:0b:72:cd:7b:5e:
                    b1:a0:05:e5:e4:31:90:4f:36:10:39:bb:8c:a2:49:
                    71:6c:77:f6:69:34:54:02:c1:5c:6f:26:3b:df:39:
                    28:b9:d2:ab:5f:02:d0:53:6e:ae:25:91:d3:97:0c:
                    0e:6b:46:5e:5e:d8:d6:ed:ff:ca:f2:63:7d:a6:61:
                    05:04:0e:03:93:0d:ed:9b:a4:da:af:ce:2c:94:0b:
                    0b:ac:1b:4c:71:a3:20:9c:43:93:d9:39:84:23:66:
                    2f:14:12:5f:44:58:2c:0f:d4:d1:22:de:53:ac:79:
                    10:f5:d3:fe:c9:9b:f1:08:15:62:9d:6a:9e:34:04:
                    37:a8:a3:77:f5:3f:8c:43:17:18:69:89:0c:7c:e0:
                    85:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:5F:7C:81:0C:42:E9:D6:08:07:B3:B8:DE:EB:98:C7:C8:60:67:4A
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/65a55727-f696-46ab-8852-2bd402b01396.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:5d:03:86:5d:b2:06:64:c4:a2:82:e4:9b:7d:03:1a:7e:c3:
         de:64:f3:8c:39:b0:91:28:fd:d8:c8:e6:cb:b7:70:8c:18:21:
         d4:ef:6f:81:4c:99:65:52:ee:b1:7c:45:84:cd:77:4f:43:a0:
         e6:b5:52:86:6b:3a:78:b1:ba:1d:2e:ba:46:40:a2:60:23:7a:
         0d:2e:9a:ae:bd:fa:7e:44:fb:0e:11:dc:c7:48:5e:a5:2d:74:
         db:d1:9a:ee:ec:81:f4:c1:88:10:09:e4:c8:9f:cd:50:f4:e4:
         47:87:b6:0f:9c:8b:49:e4:0e:26:a9:89:45:fb:ac:d6:68:f0:
         49:f2:52:8b:b1:e4:32:58:88:d2:7b:f1:73:7d:67:f5:8a:01:
         02:03:d8:1e:a8:bb:fd:bc:e0:64:fb:0e:82:b9:42:6e:7a:1a:
         89:36:83:07:d1:3a:a5:bb:b4:44:14:be:d7:86:d2:60:46:d5:
         2a:23:87:26:46:3f:09:18:59:75:93:4d:35:ab:df:07:70:9c:
         94:91:11:7b:ee:58:4d:5d:c9:04:ae:69:46:72:20:3d:fc:0b:
         20:4d:94:fa:a2:95:7c:f2:f8:75:51:aa:f4:aa:ca:71:73:b3:
         d3:60:ef:19:53:6f:f9:ae:8d:e7:d4:3f:40:8b:41:48:54:0a:
         c3:a5:11:6e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUa/QshRvkK8J6fG+VRyeDFtHS04UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzI2MDEwMzE4WhcNMjUwNDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BlZWY5Njg4NmJiODZmMzE4YmU0ZDUzZTRmYzk0MDkwNWJk
NTFjNzUxNDZkYzRlYjA3N2MxMjIzNDVhNzM3ZmFmMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDXCdHxnWnmnjmenCZu9bPRldEOSAVOHNUImilizCYW9HMr
mctTzIFWExpB9SA9STNSFueQOlTwU3+cEdkQ+P003fLLA0PxyfZeIkmXf0W/BhJc
AqZhRy2RAwUx6i/0pikePpqydfwsvUaLqMQDMFO62SkLcs17XrGgBeXkMZBPNhA5
u4yiSXFsd/ZpNFQCwVxvJjvfOSi50qtfAtBTbq4lkdOXDA5rRl5e2Nbt/8ryY32m
YQUEDgOTDe2bpNqvziyUCwusG0xxoyCcQ5PZOYQjZi8UEl9EWCwP1NEi3lOseRD1
0/7Jm/EIFWKdap40BDeoo3f1P4xDFxhpiQx84IVxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIl98gQxC6dYIB7O43uuYx8hgZ0owHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzY1YTU1NzI3LWY2OTYtNDZhYi04ODUyLTJiZDQwMmIwMTM5Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAI1dA4ZdsgZkxKKC5Jt9Axp+w95k
84w5sJEo/djI5su3cIwYIdTvb4FMmWVS7rF8RYTNd09DoOa1UoZrOnixuh0uukZA
omAjeg0umq69+n5E+w4R3MdIXqUtdNvRmu7sgfTBiBAJ5MifzVD05EeHtg+ci0nk
DiapiUX7rNZo8EnyUoux5DJYiNJ78XN9Z/WKAQID2B6ou/284GT7DoK5Qm56Gok2
gwfROqW7tEQUvteG0mBG1SojhyZGPwkYWXWTTTWr3wdwnJSREXvuWE1dyQSuaUZy
ID38CyBNlPqilXzy+HVRqvSqynFzs9Ng7xlTb/mujefUP0CLQUhUCsOlEW4=
-----END CERTIFICATE-----