Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8a7e3a56-1cc5-45cf-a033-288cddb2002d.roa
File:                     8a7e3a56-1cc5-45cf-a033-288cddb2002d.roa (raw, json)
Hash identifier:          ahBuw8uekSDW0oS0lhncw3wbY/HIVatH6oWNHhKOZVw=
Subject key identifier:   78:5F:38:0C:59:D8:11:EE:B6:A2:32:C7:A0:10:92:9E:E3:90:68:36
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3D0BDB5A9F744A522081546FA869C9DA45D32440
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8a7e3a56-1cc5-45cf-a033-288cddb2002d.roa
Signing time:             Sat 28 Dec 2024 00:00:00 +0000
ROA not before:           Sat 28 Dec 2024 00:00:00 +0000
ROA not after:            Sat 01 Feb 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:0b:db:5a:9f:74:4a:52:20:81:54:6f:a8:69:c9:da:45:d3:24:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 28 00:00:00 2024 GMT
            Not After : Feb  1 23:59:59 2025 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:87:81:ac:03:fe:b8:38:21:ff:a5:5b:1e:3c:
                    6b:cd:ed:13:c6:11:b8:6c:d2:fe:0f:21:74:af:83:
                    58:46:d5:e9:16:e6:77:71:97:0f:44:05:d2:b5:0f:
                    d6:8f:17:a3:91:64:99:55:6c:d3:5a:63:67:8e:28:
                    ed:4b:61:d0:b1:d9:92:93:c0:b5:06:80:59:24:87:
                    d7:16:05:12:bc:40:cf:b5:9c:31:3e:b8:14:45:e1:
                    25:0a:ab:a8:ed:21:90:41:4a:7d:6e:2c:25:08:91:
                    d2:a4:01:87:ed:9e:68:4a:4e:2e:d5:6a:7b:29:ac:
                    bb:a2:a2:df:d9:01:5b:0f:69:fb:90:0f:57:1a:7e:
                    ef:9d:2d:7c:19:f2:f8:9c:36:a1:04:44:d0:06:d9:
                    d9:a2:46:79:4d:dd:a6:66:4e:e7:2c:d2:7b:5b:ba:
                    ce:05:06:b9:fa:ce:3c:27:3c:d5:98:80:08:9e:d2:
                    5f:16:a8:87:fa:62:d9:52:a0:e1:3d:a6:d0:a7:9d:
                    c5:73:9d:e1:8f:c4:90:84:9e:54:09:98:83:4e:a0:
                    f8:23:f3:39:07:0e:58:54:a3:03:d5:46:93:37:e8:
                    de:f7:f7:c3:cf:a5:7f:e6:89:8a:2b:16:8f:fd:4e:
                    9e:60:64:cb:33:1a:7a:fc:02:a2:ad:a0:7a:1a:3f:
                    ca:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:5F:38:0C:59:D8:11:EE:B6:A2:32:C7:A0:10:92:9E:E3:90:68:36
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8a7e3a56-1cc5-45cf-a033-288cddb2002d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:3d:82:0c:b5:ba:41:55:28:38:3a:83:e1:d4:95:21:50:c9:
         72:4a:5f:37:c9:e7:d8:25:66:40:62:cb:4a:8f:cf:45:85:74:
         86:c6:c9:2e:71:14:d3:d8:da:bd:ce:cd:a9:d7:c6:df:29:ea:
         d1:84:db:07:0c:ac:91:3c:80:66:37:e0:0c:cd:10:a0:ba:73:
         ee:00:60:da:9a:31:65:a5:74:15:84:00:04:12:84:51:18:b3:
         60:83:14:50:96:09:f5:c4:e2:0b:70:14:9a:bc:41:22:e0:4d:
         18:a1:fa:f0:50:3e:8b:34:aa:87:3e:9c:4a:98:11:ab:c7:88:
         ee:c6:97:a2:db:f8:be:a5:b7:43:71:64:73:8d:2e:f0:27:aa:
         b6:c6:be:34:65:e3:db:77:86:b8:5b:3e:87:98:25:d9:c3:21:
         92:ca:ff:f5:f1:46:67:37:4d:24:ee:d0:2f:f5:68:9d:45:61:
         4d:bf:be:32:ee:14:22:9c:f8:f9:de:6f:4c:6f:d5:73:35:19:
         d1:a6:8f:05:27:22:76:de:96:a7:ba:81:a2:ca:e6:7a:6d:7a:
         90:d2:50:c6:b1:a8:24:df:43:4f:83:b8:e6:ae:08:15:5d:4d:
         4c:be:a9:62:0b:ce:0d:ca:b6:1b:72:7f:47:ba:bb:8a:4f:86:
         c9:27:cb:df
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPQvbWp90SlIggVRvqGnJ2kXTJEAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMjI4MDAwMDAwWhcNMjUwMjAxMjM1OTU5
WjB6MUkwRwYDVQQFE0AxMzVkYWZkNzRlMmQ2OWI1NmNiNjg2ZGY4NTFmNzMyMzA1
MDFmZDYxYjhkZmZiY2IwYTc4M2E4NWJjMGM0ZmFlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDTh4GsA/64OCH/pVsePGvN7RPGEbhs0v4PIXSvg1hG1ekW
5ndxlw9EBdK1D9aPF6ORZJlVbNNaY2eOKO1LYdCx2ZKTwLUGgFkkh9cWBRK8QM+1
nDE+uBRF4SUKq6jtIZBBSn1uLCUIkdKkAYftnmhKTi7VansprLuiot/ZAVsPafuQ
D1cafu+dLXwZ8vicNqEERNAG2dmiRnlN3aZmTucs0ntbus4FBrn6zjwnPNWYgAie
0l8WqIf6YtlSoOE9ptCnncVzneGPxJCEnlQJmINOoPgj8zkHDlhUowPVRpM36N73
98PPpX/miYorFo/9Tp5gZMszGnr8AqKtoHoaP8oxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUeF84DFnYEe62ojLHoBCSnuOQaDYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzhhN2UzYTU2LTFjYzUtNDVjZi1hMDMzLTI4OGNkZGIyMDAyZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJE9ggy1ukFVKDg6g+HUlSFQyXJK
XzfJ59glZkBiy0qPz0WFdIbGyS5xFNPY2r3OzanXxt8p6tGE2wcMrJE8gGY34AzN
EKC6c+4AYNqaMWWldBWEAAQShFEYs2CDFFCWCfXE4gtwFJq8QSLgTRih+vBQPos0
qoc+nEqYEavHiO7Gl6Lb+L6lt0NxZHONLvAnqrbGvjRl49t3hrhbPoeYJdnDIZLK
//XxRmc3TSTu0C/1aJ1FYU2/vjLuFCKc+Pneb0xv1XM1GdGmjwUnInbelqe6gaLK
5nptepDSUMaxqCTfQ0+DuOauCBVdTUy+qWILzg3Kthtyf0e6u4pPhskny98=
-----END CERTIFICATE-----