Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7dc52d3e-3c96-435b-9f6c-f9637b2af03d.roa
File:                     7dc52d3e-3c96-435b-9f6c-f9637b2af03d.roa (raw, json)
Hash identifier:          tBlkI+xhatVuj3531Dy6Sc2IxLo4zJ0WIPAYbcSCooE=
Subject key identifier:   3C:48:B7:06:D0:B0:75:36:BD:11:66:52:B2:CB:5A:F8:74:0E:5F:9D
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       05104BA516880E8224EA278E12B29F5F4A26414E
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7dc52d3e-3c96-435b-9f6c-f9637b2af03d.roa
Signing time:             Fri 17 Nov 2023 00:00:00 +0000
ROA not before:           Fri 17 Nov 2023 00:00:00 +0000
ROA not after:            Fri 22 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:10:4b:a5:16:88:0e:82:24:ea:27:8e:12:b2:9f:5f:4a:26:41:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 17 00:00:00 2023 GMT
            Not After : Dec 22 23:59:59 2023 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:7d:03:27:5a:b6:29:61:4d:34:a2:c0:b9:26:
                    f9:bc:ae:c3:52:ae:55:ca:c3:65:a7:cd:f8:3d:c9:
                    fc:b6:22:87:a8:61:53:66:f6:99:03:b8:d0:6c:eb:
                    5f:97:dd:58:32:66:61:a1:5f:3f:2d:e4:b6:13:6e:
                    78:42:12:1e:04:52:1c:b1:c5:c8:a5:ab:1d:76:b3:
                    a0:aa:66:14:80:bf:36:02:1c:c0:f9:50:41:61:ef:
                    71:e3:26:47:4d:b9:67:14:6d:ee:bc:f3:a7:ec:94:
                    b0:80:d2:45:48:df:80:98:55:83:2f:b9:06:f3:e9:
                    f2:e0:e0:4b:3d:41:21:9c:ff:cd:76:46:17:2b:82:
                    9b:9d:f5:1e:96:34:a3:67:b0:cf:9a:d7:22:3e:60:
                    c6:e9:6a:85:21:69:a1:a1:6b:5f:fd:15:61:56:72:
                    90:7e:a4:46:8f:d8:74:48:d5:78:52:5a:4b:72:a7:
                    ab:88:af:ab:d8:b5:f1:d1:5e:2c:d5:c7:78:22:5a:
                    38:20:73:5e:b6:8b:f9:0a:66:ad:a9:15:fd:b3:b1:
                    a5:17:c2:bd:87:85:4f:36:76:1f:c0:aa:15:8d:d5:
                    8c:af:6b:34:0e:48:23:f0:1d:dc:a8:a2:f1:93:e8:
                    ce:52:e3:cb:ef:cb:00:4d:5d:f4:1d:8c:89:b1:e6:
                    11:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:48:B7:06:D0:B0:75:36:BD:11:66:52:B2:CB:5A:F8:74:0E:5F:9D
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7dc52d3e-3c96-435b-9f6c-f9637b2af03d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:e0:e4:19:8b:af:a1:8d:10:14:1f:86:86:08:bb:4c:46:c4:
         d8:7e:95:b6:92:30:ff:d2:f6:a0:3a:9a:6b:3f:6a:4d:15:6c:
         69:3c:f7:70:61:94:0c:13:61:a3:2c:e2:6d:0e:21:af:8c:2c:
         2d:df:02:da:a6:29:b9:d7:f5:cc:f1:0e:7c:88:14:7f:7a:f5:
         5c:bd:fb:66:b7:d3:ae:8a:70:a2:f3:ac:34:51:b5:4a:e7:e1:
         46:8f:dc:e1:a6:41:78:f7:e9:7d:c4:aa:04:b8:cc:f9:3a:a3:
         5c:db:53:c1:41:f4:ac:1e:e5:e5:5d:07:cb:b6:d4:88:39:7c:
         d5:2c:c8:7c:68:b8:23:1f:68:b5:3d:95:2f:70:99:67:30:b9:
         dc:a4:75:a9:bc:ec:fd:1c:ab:06:07:8b:da:47:8b:d4:f3:c7:
         4c:02:94:ea:6f:be:6d:75:34:db:28:e4:00:79:23:75:bc:6e:
         56:03:44:4b:8d:bd:23:17:71:ff:f6:dd:aa:c1:d6:60:28:b5:
         78:e2:18:84:61:96:bd:d6:27:8e:1f:1c:f5:32:ac:b6:60:af:
         be:4e:7a:71:0a:cc:0f:e5:96:ff:47:bd:b3:06:dd:9b:f4:d5:
         ce:5d:cc:74:09:59:b3:7c:84:1a:c0:15:55:69:92:5e:57:4e:
         f8:44:60:ec
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBRBLpRaIDoIk6ieOErKfX0omQU4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTE3MDAwMDAwWhcNMjMxMjIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AwNzA2ODUzMTllZTk4MDA4MmM2MDk3N2U1NmQ0MTBjZmRi
ZTFiMTg5Mzg1ZThiYjA1YTFiOGY4ZTE4MmY2ZGRlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDNfQMnWrYpYU00osC5Jvm8rsNSrlXKw2Wnzfg9yfy2Ioeo
YVNm9pkDuNBs61+X3VgyZmGhXz8t5LYTbnhCEh4EUhyxxcilqx12s6CqZhSAvzYC
HMD5UEFh73HjJkdNuWcUbe6886fslLCA0kVI34CYVYMvuQbz6fLg4Es9QSGc/812
Rhcrgpud9R6WNKNnsM+a1yI+YMbpaoUhaaGha1/9FWFWcpB+pEaP2HRI1XhSWkty
p6uIr6vYtfHRXizVx3giWjggc162i/kKZq2pFf2zsaUXwr2HhU82dh/AqhWN1Yyv
azQOSCPwHdyoovGT6M5S48vvywBNXfQdjImx5hEBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUPEi3BtCwdTa9EWZSssta+HQOX50wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzdkYzUyZDNlLTNjOTYtNDM1Yi05ZjZjLWY5NjM3YjJhZjAzZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKvg5BmLr6GNEBQfhoYIu0xGxNh+
lbaSMP/S9qA6mms/ak0VbGk893BhlAwTYaMs4m0OIa+MLC3fAtqmKbnX9czxDnyI
FH969Vy9+2a3066KcKLzrDRRtUrn4UaP3OGmQXj36X3EqgS4zPk6o1zbU8FB9Kwe
5eVdB8u21Ig5fNUsyHxouCMfaLU9lS9wmWcwudykdam87P0cqwYHi9pHi9Tzx0wC
lOpvvm11NNso5AB5I3W8blYDREuNvSMXcf/23arB1mAotXjiGIRhlr3WJ44fHPUy
rLZgr75OenEKzA/llv9HvbMG3Zv01c5dzHQJWbN8hBrAFVVpkl5XTvhEYOw=
-----END CERTIFICATE-----