Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/66a8fcc8-2db6-48cd-b642-e334cac9abfb.roa
File:                     66a8fcc8-2db6-48cd-b642-e334cac9abfb.roa (raw, json)
Hash identifier:          Pd3hSlwjSseInPBvBpScOYqMgWNEfi4+gTibNtwXL68=
Subject key identifier:   C3:A0:69:CA:99:BB:64:B0:0E:06:40:DB:BC:74:3E:CE:2E:61:D4:58
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       730A31C1B626AD71B22F77E8A7268F64EF9519CA
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/66a8fcc8-2db6-48cd-b642-e334cac9abfb.roa
Signing time:             Mon 01 Jan 2024 00:00:00 +0000
ROA not before:           Mon 01 Jan 2024 00:00:00 +0000
ROA not after:            Mon 05 Feb 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:0a:31:c1:b6:26:ad:71:b2:2f:77:e8:a7:26:8f:64:ef:95:19:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jan  1 00:00:00 2024 GMT
            Not After : Feb  5 23:59:59 2024 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:21:0c:52:c3:85:45:a1:86:c2:d5:a4:57:8f:
                    cf:93:a0:9c:ac:86:ba:8c:4f:73:c3:ec:95:78:00:
                    ba:29:dd:c8:e2:a0:70:e9:4c:0e:35:ec:cf:3c:5b:
                    b0:06:14:92:b3:12:2d:2d:3a:4e:28:1c:c3:92:8b:
                    1b:b0:0f:5c:b4:92:16:6f:f9:ae:c3:8e:02:d3:a2:
                    ef:8e:84:86:83:42:0b:c4:80:e0:55:fa:b4:f5:9f:
                    ad:eb:de:70:11:71:a2:bb:02:d2:a4:74:9a:ef:8d:
                    eb:8f:4a:bf:2e:5c:ee:10:e9:4d:2d:c3:c0:cf:3e:
                    09:67:61:cb:6e:77:de:94:ba:4a:bf:b8:c4:1d:69:
                    c2:d6:9b:c0:7f:86:6f:4e:d2:18:4f:45:4a:b6:59:
                    4d:d5:6e:2f:2b:62:fd:53:04:45:f1:93:22:c7:8c:
                    28:67:23:ae:94:9a:dd:3c:11:e2:05:d2:8b:6e:8e:
                    f1:bc:5f:b2:88:05:11:06:90:3f:7b:c4:45:3a:12:
                    d0:c1:ea:b7:55:ed:e0:b6:99:bd:33:a3:ef:d0:b3:
                    f8:b9:60:ab:c5:a6:2c:78:e9:55:3c:99:6a:b2:a7:
                    a5:ae:8e:6c:c1:99:5e:66:15:b4:4b:34:46:05:f3:
                    d6:8f:e2:da:d1:58:4a:fc:d9:25:a3:25:72:ab:91:
                    95:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:A0:69:CA:99:BB:64:B0:0E:06:40:DB:BC:74:3E:CE:2E:61:D4:58
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/66a8fcc8-2db6-48cd-b642-e334cac9abfb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:81:a4:85:b1:41:3e:33:3b:39:65:62:8f:63:af:83:16:2e:
         7d:f4:2c:ff:76:9b:0d:31:ea:69:31:30:2a:46:d8:b2:3d:b8:
         e0:b8:70:64:1d:8c:f9:42:88:77:ba:8f:d3:c9:d0:a7:e6:32:
         b9:57:fe:e3:25:2d:bb:c0:b7:be:ad:86:ed:9c:84:35:6b:a4:
         57:6e:15:08:6f:12:2e:04:bd:e5:de:39:c5:5f:a1:df:f0:a1:
         f6:60:4a:15:5d:8a:af:f8:b7:f8:50:e5:f7:62:b1:8e:d8:0f:
         74:c0:cb:bd:23:fc:e5:cf:42:82:c8:4b:74:b7:f8:cf:cc:fb:
         cc:76:b7:45:c8:ea:f6:06:dd:37:1a:3d:a9:42:23:68:18:e5:
         26:c7:2e:0b:0a:7c:70:2a:c5:74:ad:2f:3c:f4:3e:9b:68:ab:
         18:aa:20:23:46:bc:97:41:c5:80:04:de:10:a7:e1:9c:34:0f:
         07:ca:c6:fc:56:e4:18:3c:0d:03:ee:92:8b:fd:11:4a:c8:64:
         34:15:0f:96:6a:81:db:94:e8:25:be:e4:88:bc:8b:32:17:17:
         dd:ad:b8:cb:d7:f0:74:0d:bd:3c:92:fe:ac:e4:e6:7e:67:b4:
         18:6d:2a:ad:77:17:4b:2a:5a:4f:51:48:09:9d:35:25:8f:b6:
         8a:b5:2c:50
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcwoxwbYmrXGyL3fopyaPZO+VGcowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMTAxMDAwMDAwWhcNMjQwMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZTlkM2M3ZTE4ZDZiMjI5ZWE2MTk0NGUxZGQ4ZmEyY2Zi
NWFiNTQ1NWIzM2NkYWI4ZDU0NjJmNDk5OTc3NDgxMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCmIQxSw4VFoYbC1aRXj8+ToJyshrqMT3PD7JV4ALop3cji
oHDpTA417M88W7AGFJKzEi0tOk4oHMOSixuwD1y0khZv+a7DjgLTou+OhIaDQgvE
gOBV+rT1n63r3nARcaK7AtKkdJrvjeuPSr8uXO4Q6U0tw8DPPglnYctud96Uukq/
uMQdacLWm8B/hm9O0hhPRUq2WU3Vbi8rYv1TBEXxkyLHjChnI66Umt08EeIF0otu
jvG8X7KIBREGkD97xEU6EtDB6rdV7eC2mb0zo+/Qs/i5YKvFpix46VU8mWqyp6Wu
jmzBmV5mFbRLNEYF89aP4trRWEr82SWjJXKrkZXRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUw6Bpypm7ZLAOBkDbvHQ+zi5h1FgwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzY2YThmY2M4LTJkYjYtNDhjZC1iNjQyLWUzMzRjYWM5YWJmYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAK6BpIWxQT4zOzllYo9jr4MWLn30
LP92mw0x6mkxMCpG2LI9uOC4cGQdjPlCiHe6j9PJ0KfmMrlX/uMlLbvAt76thu2c
hDVrpFduFQhvEi4EveXeOcVfod/wofZgShVdiq/4t/hQ5fdisY7YD3TAy70j/OXP
QoLIS3S3+M/M+8x2t0XI6vYG3TcaPalCI2gY5SbHLgsKfHAqxXStLzz0Pptoqxiq
ICNGvJdBxYAE3hCn4Zw0DwfKxvxW5Bg8DQPukov9EUrIZDQVD5ZqgduU6CW+5Ii8
izIXF92tuMvX8HQNvTyS/qzk5n5ntBhtKq13F0sqWk9RSAmdNSWPtoq1LFA=
-----END CERTIFICATE-----