Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8e50af81-7642-4774-a273-d6e20f47e54f.roa
File:                     8e50af81-7642-4774-a273-d6e20f47e54f.roa (raw, json)
Hash identifier:          2CIIeeGojJqR36+fPD75ZxmsO5TOPrrE18RTz0JrBfk=
Subject key identifier:   99:05:50:E3:A0:20:D1:C4:05:96:77:BB:DC:76:CB:05:55:77:0B:27
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2BD8158ED4A527B95632C3B5A1E06FBF73AA9FCD
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8e50af81-7642-4774-a273-d6e20f47e54f.roa
Signing time:             Sat 30 Mar 2024 00:00:00 +0000
ROA not before:           Sat 30 Mar 2024 00:00:00 +0000
ROA not after:            Sat 04 May 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:d8:15:8e:d4:a5:27:b9:56:32:c3:b5:a1:e0:6f:bf:73:aa:9f:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 30 00:00:00 2024 GMT
            Not After : May  4 23:59:59 2024 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:4f:88:70:b5:c5:37:a8:e1:19:e2:6a:ee:f0:
                    74:27:b1:fe:1f:4f:32:6e:23:63:08:0c:c4:59:52:
                    ff:58:15:e8:20:dd:60:33:e8:de:89:c2:66:4b:9e:
                    52:b3:f4:1e:90:d9:70:62:15:4b:68:ba:8e:97:9b:
                    ab:fb:1f:bc:54:3b:58:b5:cf:96:a4:28:60:48:8e:
                    69:aa:20:d2:5d:03:83:9c:d1:e6:99:be:6c:c6:ff:
                    ae:fc:ef:13:ab:d9:3a:96:83:7e:03:b7:fa:3f:c0:
                    b3:94:99:ea:2c:81:b1:16:64:69:bd:a8:f4:ca:58:
                    b2:1e:fd:70:91:dd:f7:50:97:ca:0f:3e:e7:a7:eb:
                    46:9f:65:60:5e:9e:49:9b:4a:3a:a8:67:fd:7e:cd:
                    a6:70:58:d7:e2:56:55:42:ec:28:71:0a:bd:d5:86:
                    23:c7:39:13:07:15:e6:e8:74:e3:04:4d:17:cc:58:
                    c1:71:53:1c:59:fd:92:1b:f0:d0:39:a4:bc:f5:25:
                    f1:55:e6:c5:45:f4:e1:de:c4:63:82:9c:89:ec:2b:
                    52:74:22:90:86:e3:7f:9a:26:db:be:96:43:78:a6:
                    b5:82:f5:8e:4a:1f:9e:83:77:93:d9:c7:ff:96:1d:
                    74:17:42:5b:50:7a:b4:3d:67:fa:0b:cb:38:00:06:
                    b0:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:05:50:E3:A0:20:D1:C4:05:96:77:BB:DC:76:CB:05:55:77:0B:27
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8e50af81-7642-4774-a273-d6e20f47e54f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:36:45:6e:50:2d:2c:79:28:85:63:e7:b0:40:51:c6:4a:96:
         94:6e:2b:10:1f:f2:35:77:8a:1f:ee:c3:a8:80:04:24:3b:3e:
         c9:d4:e5:74:f2:cb:88:c4:e0:55:73:89:69:e3:04:23:53:2c:
         d7:60:36:77:58:bf:34:9f:97:74:ce:a6:6b:ea:6a:8b:b9:6b:
         d2:53:6b:2c:34:37:9a:43:fc:d7:1a:18:23:5b:91:a2:bd:1e:
         2b:4f:76:5e:2e:2b:54:45:0f:fa:39:48:ed:26:88:d2:16:27:
         42:31:ab:5d:4b:3d:5d:bf:b8:64:c3:fa:a4:95:57:93:ff:f8:
         19:15:65:c8:d9:c9:0e:a5:95:e4:bd:34:d2:1a:3b:2a:fa:d8:
         2d:28:f2:1d:55:82:44:d3:69:8b:e7:83:9f:17:6e:0c:ba:e0:
         15:2d:9f:0f:a8:0a:0f:7a:d1:a7:25:0b:75:87:81:44:da:2e:
         7a:4b:fc:b4:80:70:31:1a:33:39:a3:28:cd:a7:66:7f:92:1e:
         1e:c1:58:5e:b3:cc:81:49:66:44:55:60:7a:de:74:04:f6:a4:
         ea:20:c4:23:8f:17:ff:ec:f4:13:d5:12:58:b7:7b:93:47:6f:
         34:21:e4:34:29:d9:70:e1:a6:03:2f:6f:e7:fb:87:ed:7c:21:
         9f:e2:2b:54
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUK9gVjtSlJ7lWMsO1oeBvv3Oqn80wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMzMwMDAwMDAwWhcNMjQwNTA0MjM1OTU5
WjB6MUkwRwYDVQQFE0AxMjIwNzA2ZmIxNjdmYjg4NzVkZGNlNjM2MmVkNTEyYzM5
OWE4ZDZmYmFmMmI5OWU3ZTNlYzkwYmYyNDFmYjI2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDXT4hwtcU3qOEZ4mru8HQnsf4fTzJuI2MIDMRZUv9YFegg
3WAz6N6JwmZLnlKz9B6Q2XBiFUtouo6Xm6v7H7xUO1i1z5akKGBIjmmqINJdA4Oc
0eaZvmzG/6787xOr2TqWg34Dt/o/wLOUmeosgbEWZGm9qPTKWLIe/XCR3fdQl8oP
Puen60afZWBenkmbSjqoZ/1+zaZwWNfiVlVC7ChxCr3VhiPHORMHFebodOMETRfM
WMFxUxxZ/ZIb8NA5pLz1JfFV5sVF9OHexGOCnInsK1J0IpCG43+aJtu+lkN4prWC
9Y5KH56Dd5PZx/+WHXQXQltQerQ9Z/oLyzgABrDRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUmQVQ46Ag0cQFlne73HbLBVV3CycwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzhlNTBhZjgxLTc2NDItNDc3NC1hMjczLWQ2ZTIwZjQ3ZTU0Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJY2RW5QLSx5KIVj57BAUcZKlpRu
KxAf8jV3ih/uw6iABCQ7PsnU5XTyy4jE4FVziWnjBCNTLNdgNndYvzSfl3TOpmvq
aou5a9JTayw0N5pD/NcaGCNbkaK9HitPdl4uK1RFD/o5SO0miNIWJ0Ixq11LPV2/
uGTD+qSVV5P/+BkVZcjZyQ6lleS9NNIaOyr62C0o8h1VgkTTaYvng58Xbgy64BUt
nw+oCg960aclC3WHgUTaLnpL/LSAcDEaMzmjKM2nZn+SHh7BWF6zzIFJZkRVYHre
dAT2pOogxCOPF//s9BPVEli3e5NHbzQh5DQp2XDhpgMvb+f7h+18IZ/iK1Q=
-----END CERTIFICATE-----