Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/662ce1af-4db0-4897-b31b-f83fff3d41af.roa
File:                     662ce1af-4db0-4897-b31b-f83fff3d41af.roa (raw, json)
Hash identifier:          qPzVE7m4S3rg1tFKHlo6cOhxUz4F4poXIiAhgFKn//w=
Subject key identifier:   89:0C:50:CE:D3:A1:42:9F:C7:9A:48:74:95:AF:B1:9A:A9:85:D6:D7
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4714911292C43AD13C02162AAB2F021503BF5230
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/662ce1af-4db0-4897-b31b-f83fff3d41af.roa
Signing time:             Sat 30 Nov 2024 00:00:00 +0000
ROA not before:           Sat 30 Nov 2024 00:00:00 +0000
ROA not after:            Sat 04 Jan 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:14:91:12:92:c4:3a:d1:3c:02:16:2a:ab:2f:02:15:03:bf:52:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 30 00:00:00 2024 GMT
            Not After : Jan  4 23:59:59 2025 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:b0:3e:9d:09:77:cd:6d:65:57:10:db:42:61:
                    e2:e7:d6:2a:d3:a0:e0:7d:cd:68:44:64:d9:fd:dd:
                    48:75:97:f3:d3:09:5e:dc:56:ba:cc:80:72:83:99:
                    7d:14:41:fb:ed:91:63:2c:3e:ea:4e:72:6f:71:da:
                    7c:55:3d:c7:56:63:46:38:55:c8:aa:71:7d:b1:6b:
                    a1:46:d7:d8:9e:e1:33:7d:25:8b:f7:e7:0f:d0:58:
                    3e:99:80:4e:50:b0:fd:9c:06:fc:c6:85:08:f2:0e:
                    b3:a5:8d:90:1a:e0:7f:57:e6:9b:72:74:b2:40:71:
                    6b:7c:4b:8f:d1:3f:d8:ae:83:de:d4:94:51:04:27:
                    e2:3e:85:04:54:2f:55:20:07:60:d0:64:a7:b1:d4:
                    af:8f:ac:55:36:48:89:a6:05:b8:37:00:69:df:59:
                    04:0c:06:cf:e7:a6:a6:b2:89:d2:47:a2:84:ce:c5:
                    2a:27:63:60:ef:2a:85:9d:f5:fe:1a:5b:c5:ac:78:
                    e9:96:d2:fa:29:d0:05:e5:51:81:61:de:c1:5d:df:
                    2b:da:12:d2:74:fe:88:7b:4e:9c:56:95:32:b5:39:
                    42:ea:93:09:e6:59:ab:5d:f5:3b:03:d5:20:a7:53:
                    56:63:a3:33:42:b2:cb:2a:93:f2:b6:08:cb:76:3a:
                    be:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:0C:50:CE:D3:A1:42:9F:C7:9A:48:74:95:AF:B1:9A:A9:85:D6:D7
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/662ce1af-4db0-4897-b31b-f83fff3d41af.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:c0:ee:fa:a7:94:df:b3:0c:d6:a4:02:ef:b0:cd:fb:62:9e:
         cb:8e:c6:c1:d9:85:f0:04:a1:f0:9d:3b:ff:de:39:5d:de:da:
         c5:3a:46:71:d0:71:a1:46:a1:26:00:ab:62:3f:8c:e6:f1:43:
         56:a7:70:23:ca:33:88:5d:03:9d:e7:a9:61:1a:31:27:c6:34:
         6c:3d:0c:b4:34:95:6d:75:d5:81:4a:1b:4e:7c:c0:b9:a6:89:
         95:2d:c2:6c:2d:00:ac:75:8b:53:6a:59:9f:6e:2a:4a:3e:7b:
         31:fb:98:22:07:d6:d2:0e:ff:42:b0:7b:a6:3c:b5:20:88:d7:
         cb:e4:51:9c:bd:f7:dd:87:9a:e7:ed:42:29:98:fb:1f:3f:d2:
         10:48:fb:00:97:2d:36:59:a8:db:02:0f:80:b6:6c:be:43:ab:
         27:63:96:0d:53:bc:7d:d4:63:d2:5f:46:ce:cf:6a:14:e6:14:
         de:68:8d:61:9d:21:76:18:9a:4a:33:ac:6b:5d:e4:52:cd:dc:
         b6:60:3c:f3:5e:3c:79:8c:b3:64:6c:db:20:1c:71:b5:13:c5:
         ea:f4:67:e5:f5:cf:fa:d9:f8:f4:61:f6:1f:db:d1:ce:c6:b7:
         31:6b:dd:3a:1d:aa:07:03:67:91:5d:76:ef:fb:44:c3:2f:8f:
         f3:a6:ba:4a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURxSREpLEOtE8AhYqqy8CFQO/UjAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMTMwMDAwMDAwWhcNMjUwMTA0MjM1OTU5
WjB6MUkwRwYDVQQFE0AyMzRlN2I2N2I2OTAxMTkzMGIwZDFjNmZmMGQ0NDM0OWQ1
NDZiZDRjYTFhZThjMWRlNWQxZDlhMmQ0MzIyNWZjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDTsD6dCXfNbWVXENtCYeLn1irToOB9zWhEZNn93Uh1l/PT
CV7cVrrMgHKDmX0UQfvtkWMsPupOcm9x2nxVPcdWY0Y4VciqcX2xa6FG19ie4TN9
JYv35w/QWD6ZgE5QsP2cBvzGhQjyDrOljZAa4H9X5ptydLJAcWt8S4/RP9iug97U
lFEEJ+I+hQRUL1UgB2DQZKex1K+PrFU2SImmBbg3AGnfWQQMBs/npqayidJHooTO
xSonY2DvKoWd9f4aW8WseOmW0vop0AXlUYFh3sFd3yvaEtJ0/oh7TpxWlTK1OULq
kwnmWatd9TsD1SCnU1ZjozNCsssqk/K2CMt2Or6RAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUiQxQztOhQp/Hmkh0la+xmqmF1tcwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzY2MmNlMWFmLTRkYjAtNDg5Ny1iMzFiLWY4M2ZmZjNkNDFhZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACzA7vqnlN+zDNakAu+wzftinsuO
xsHZhfAEofCdO//eOV3e2sU6RnHQcaFGoSYAq2I/jObxQ1ancCPKM4hdA53nqWEa
MSfGNGw9DLQ0lW111YFKG058wLmmiZUtwmwtAKx1i1NqWZ9uKko+ezH7mCIH1tIO
/0Kwe6Y8tSCI18vkUZy9992HmuftQimY+x8/0hBI+wCXLTZZqNsCD4C2bL5Dqydj
lg1TvH3UY9JfRs7PahTmFN5ojWGdIXYYmkozrGtd5FLN3LZgPPNePHmMs2Rs2yAc
cbUTxer0Z+X1z/rZ+PRh9h/b0c7GtzFr3TodqgcDZ5Fddu/7RMMvj/Omuko=
-----END CERTIFICATE-----