Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7ae18283-9046-4d50-bb47-d579acb0d2af.roa
File:                     7ae18283-9046-4d50-bb47-d579acb0d2af.roa (raw, json)
Hash identifier:          pc7U7SFirQ2YWbLBeM0LOQDSmXXfKctutgd0DYgcIqc=
Subject key identifier:   A6:3A:7C:B3:F9:3A:4E:45:3A:4B:92:6C:9A:A4:65:AE:F6:01:27:19
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1E713B2A4906BFDBDD8324D00514EE458A881D37
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7ae18283-9046-4d50-bb47-d579acb0d2af.roa
Signing time:             Mon 04 Nov 2024 00:00:00 +0000
ROA not before:           Mon 04 Nov 2024 00:00:00 +0000
ROA not after:            Mon 09 Dec 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:71:3b:2a:49:06:bf:db:dd:83:24:d0:05:14:ee:45:8a:88:1d:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov  4 00:00:00 2024 GMT
            Not After : Dec  9 23:59:59 2024 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:c1:80:2a:da:da:b8:03:3b:b1:b2:d9:51:45:
                    d0:29:c7:3e:a1:de:89:06:49:a2:e1:ee:49:6b:84:
                    74:f8:f1:c3:1d:88:82:0f:15:92:8d:b9:f0:c8:82:
                    18:bd:b8:fc:9a:87:1a:3d:41:a0:5d:97:fe:fb:d4:
                    10:37:1c:b2:12:a6:10:49:76:56:76:fb:00:a9:2a:
                    49:76:d5:9d:2f:fe:90:b1:73:43:dc:13:d5:7b:2a:
                    f9:c5:3a:6c:59:7a:c1:f0:83:60:59:c7:96:fc:fd:
                    dc:87:56:47:4c:b2:84:c3:74:ca:8a:1f:6f:38:cd:
                    76:ae:8a:05:97:fd:e4:1f:86:e6:3c:0b:b8:3b:9b:
                    d4:87:fa:16:61:3e:92:5f:7c:c6:5f:e9:67:87:73:
                    94:fc:e8:8c:0f:93:9b:f6:7b:10:b1:52:a5:75:2f:
                    4c:63:6d:c6:28:01:3a:8d:03:f4:37:89:7a:ab:97:
                    bd:3d:7c:67:3c:cb:85:a2:e2:59:9b:20:46:10:a7:
                    9e:75:2e:81:68:33:cc:f5:6a:ac:ba:91:56:cc:b0:
                    99:ab:3e:2d:e9:97:5c:86:84:52:75:02:32:a8:28:
                    53:9f:8b:fe:74:40:8d:c5:1b:ce:f7:7b:13:f8:16:
                    e1:b9:ae:79:1b:d9:57:e5:0e:92:44:62:41:6c:8a:
                    d4:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:3A:7C:B3:F9:3A:4E:45:3A:4B:92:6C:9A:A4:65:AE:F6:01:27:19
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7ae18283-9046-4d50-bb47-d579acb0d2af.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:68:ae:71:9c:f1:79:5a:b0:32:d0:30:d2:80:b9:b3:ce:ed:
         ba:48:d8:15:76:b9:df:ec:ab:fe:08:b9:ce:e9:cc:c8:5e:53:
         d8:7b:69:c4:51:96:a0:d4:3b:30:e3:a3:b1:3d:c3:a7:6b:ac:
         14:9b:e2:89:d3:5f:08:3b:90:76:27:28:f2:11:0e:78:76:32:
         34:ba:8e:f2:e8:8a:3b:83:52:0a:ac:a5:3f:6f:2a:08:e4:29:
         29:93:ff:ad:ed:43:4a:c8:c2:6d:8e:64:13:9c:46:b3:1e:23:
         22:5d:fc:8e:cf:9a:d9:83:b7:9f:47:5a:0b:0b:88:14:9f:14:
         f8:b8:c5:f4:0c:d5:64:6b:70:2f:6d:00:45:bb:74:33:60:0f:
         72:7a:cb:a7:6b:77:79:93:e3:2f:ff:97:6e:c7:d3:1d:c2:10:
         4a:b0:a8:f9:83:eb:9d:db:2d:3f:99:70:d2:6a:2c:43:1d:1e:
         aa:4e:4d:ba:9e:ff:60:73:19:3b:e0:89:89:68:ef:e6:3e:50:
         73:ef:b8:b5:40:30:df:89:5c:a2:ee:e5:15:fc:db:e9:21:55:
         20:6f:e2:c4:d4:d6:f9:46:f9:99:ce:de:80:fb:43:52:ed:05:
         e1:db:1a:0f:71:f9:ef:ae:08:fa:0b:36:00:76:ae:bc:ce:ea:
         09:96:ec:56
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHnE7KkkGv9vdgyTQBRTuRYqIHTcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMTA0MDAwMDAwWhcNMjQxMjA5MjM1OTU5
WjB6MUkwRwYDVQQFE0A5YWQyOGIxMTY3MWZlZmY1OTNlYmY2MzM2YzcxNTg1OTFl
ZDY3ZTM3YWY4YmZlMmQyNGYzNmJiNGVhMmNkMGZmMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDkwYAq2tq4AzuxstlRRdApxz6h3okGSaLh7klrhHT48cMd
iIIPFZKNufDIghi9uPyahxo9QaBdl/771BA3HLISphBJdlZ2+wCpKkl21Z0v/pCx
c0PcE9V7KvnFOmxZesHwg2BZx5b8/dyHVkdMsoTDdMqKH284zXauigWX/eQfhuY8
C7g7m9SH+hZhPpJffMZf6WeHc5T86IwPk5v2exCxUqV1L0xjbcYoATqNA/Q3iXqr
l709fGc8y4Wi4lmbIEYQp551LoFoM8z1aqy6kVbMsJmrPi3pl1yGhFJ1AjKoKFOf
i/50QI3FG873exP4FuG5rnkb2VflDpJEYkFsitSVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUpjp8s/k6TkU6S5JsmqRlrvYBJxkwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzdhZTE4MjgzLTkwNDYtNGQ1MC1iYjQ3LWQ1NzlhY2IwZDJhZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEBornGc8XlasDLQMNKAubPO7bpI
2BV2ud/sq/4Iuc7pzMheU9h7acRRlqDUOzDjo7E9w6drrBSb4onTXwg7kHYnKPIR
Dnh2MjS6jvLoijuDUgqspT9vKgjkKSmT/63tQ0rIwm2OZBOcRrMeIyJd/I7PmtmD
t59HWgsLiBSfFPi4xfQM1WRrcC9tAEW7dDNgD3J6y6drd3mT4y//l27H0x3CEEqw
qPmD653bLT+ZcNJqLEMdHqpOTbqe/2BzGTvgiYlo7+Y+UHPvuLVAMN+JXKLu5RX8
2+khVSBv4sTU1vlG+ZnO3oD7Q1LtBeHbGg9x+e+uCPoLNgB2rrzO6gmW7FY=
-----END CERTIFICATE-----