Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/906de0cc-eeb5-4c7c-97ba-c942ddd39e00.roa
File:                     906de0cc-eeb5-4c7c-97ba-c942ddd39e00.roa (raw, json)
Hash identifier:          D+HvhiFRiZHGOmWhizRbddVBld6eZ3EKFyFnp0klfVo=
Subject key identifier:   C2:E1:1C:39:91:7F:0A:63:8B:1F:E9:A2:A0:72:58:09:E9:7B:76:A3
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0C0D33CD1271C0BDDA923DBA27E4FE2222CEFB14
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/906de0cc-eeb5-4c7c-97ba-c942ddd39e00.roa
Signing time:             Sun 09 Jul 2023 00:00:00 +0000
ROA not before:           Sun 09 Jul 2023 00:00:00 +0000
ROA not after:            Sun 13 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:0d:33:cd:12:71:c0:bd:da:92:3d:ba:27:e4:fe:22:22:ce:fb:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul  9 00:00:00 2023 GMT
            Not After : Aug 13 23:59:59 2023 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:40:42:3e:94:10:12:88:6b:8c:a9:63:e5:b8:
                    e0:ba:dc:b2:35:36:b7:9f:a7:ff:cf:52:db:0f:92:
                    5d:52:bd:88:c3:40:19:50:95:b0:39:d8:41:51:da:
                    49:da:e9:db:3b:c0:5d:51:0d:f1:e2:68:a3:db:4e:
                    ff:22:40:d8:c9:c6:8f:f1:af:3a:f6:bd:6d:27:f6:
                    30:a3:0a:6c:d4:5b:1d:c4:4e:8e:6f:3d:df:60:5f:
                    a8:77:c0:d0:82:93:49:d2:fd:99:8e:9d:89:5f:47:
                    80:bc:8d:e1:74:41:e4:d6:d1:7e:1f:de:49:9e:d2:
                    ac:20:0c:be:dc:4b:7a:ee:15:c1:f7:e7:65:62:61:
                    19:f0:58:f3:68:8e:65:cb:0f:0e:a2:b0:66:94:da:
                    c1:c0:07:43:ed:dc:47:57:71:3e:c7:f4:8b:8c:fa:
                    85:79:3d:46:e4:b8:23:0e:d5:24:38:85:7b:09:c3:
                    08:62:0a:96:1c:d3:1d:3b:1f:d2:9f:56:94:b4:5d:
                    23:8e:ed:4d:c0:e1:94:06:43:92:e2:e5:62:fe:ef:
                    f4:40:5b:51:7c:68:4a:7f:6d:88:a2:a7:19:d2:8e:
                    bf:aa:45:c2:6e:bc:df:21:d6:68:37:d2:71:33:00:
                    a3:9b:b6:1d:bc:91:f8:69:90:99:f6:69:c7:75:b0:
                    00:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:E1:1C:39:91:7F:0A:63:8B:1F:E9:A2:A0:72:58:09:E9:7B:76:A3
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/906de0cc-eeb5-4c7c-97ba-c942ddd39e00.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:5d:09:ad:20:fa:30:b1:dc:cb:44:72:e5:e3:2c:6c:a8:c4:
         a6:0a:5e:3d:18:5e:ea:2c:9f:d0:4b:0a:81:e8:bc:a4:42:8e:
         28:e7:65:76:28:89:3f:01:ab:71:3b:a7:92:69:e1:d5:e6:ac:
         df:3f:88:4b:e0:d3:d9:4e:41:eb:fa:b5:e7:89:db:a6:0e:c2:
         85:39:54:4a:c4:6e:20:48:28:c6:cb:c4:be:28:f1:9b:f4:3d:
         87:8e:72:69:ee:b9:2c:8d:7d:3f:cf:76:e7:10:40:78:66:e0:
         40:e0:a0:8e:6f:5e:a7:25:a2:4f:01:b1:02:9f:eb:52:ae:4e:
         e9:6e:cf:c5:60:40:e1:c2:0f:16:b0:52:07:e9:06:7b:8e:86:
         31:1e:74:67:11:60:2c:7d:a7:e2:6f:79:8a:4f:9d:48:1c:ff:
         92:19:6d:6e:06:a8:22:ab:39:8d:6c:36:19:83:f8:2a:fb:59:
         1b:e5:03:8b:04:61:6b:96:eb:60:db:b5:82:51:7e:48:ae:aa:
         12:52:72:94:3e:7c:71:a3:52:ba:32:55:0e:48:87:a2:46:64:
         c5:f6:99:8c:68:84:09:ec:7f:25:82:db:51:49:c4:73:26:f4:
         95:64:1c:07:8e:9d:82:64:c9:e5:40:ca:ef:95:c1:56:ee:37:
         bf:72:84:32
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDA0zzRJxwL3akj26J+T+IiLO+xQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzA5MDAwMDAwWhcNMjMwODEzMjM1OTU5
WjB6MUkwRwYDVQQFE0BmOGVkOWQyNTliNTBiZjYwZDUwZWM5NDEzMTk0YWU4ZTcz
OTEwNGNiZmQ5YjZmNzE5YTkxNGU3ZjBmY2M4MTg3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCPQEI+lBASiGuMqWPluOC63LI1Nrefp//PUtsPkl1SvYjD
QBlQlbA52EFR2kna6ds7wF1RDfHiaKPbTv8iQNjJxo/xrzr2vW0n9jCjCmzUWx3E
To5vPd9gX6h3wNCCk0nS/ZmOnYlfR4C8jeF0QeTW0X4f3kme0qwgDL7cS3ruFcH3
52ViYRnwWPNojmXLDw6isGaU2sHAB0Pt3EdXcT7H9IuM+oV5PUbkuCMO1SQ4hXsJ
wwhiCpYc0x07H9KfVpS0XSOO7U3A4ZQGQ5Li5WL+7/RAW1F8aEp/bYiipxnSjr+q
RcJuvN8h1mg30nEzAKObth28kfhpkJn2acd1sAD/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUwuEcOZF/CmOLH+mioHJYCel7dqMwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzkwNmRlMGNjLWVlYjUtNGM3Yy05N2JhLWM5NDJkZGQzOWUwMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABldCa0g+jCx3MtEcuXjLGyoxKYK
Xj0YXuosn9BLCoHovKRCjijnZXYoiT8Bq3E7p5Jp4dXmrN8/iEvg09lOQev6teeJ
26YOwoU5VErEbiBIKMbLxL4o8Zv0PYeOcmnuuSyNfT/PducQQHhm4EDgoI5vXqcl
ok8BsQKf61KuTuluz8VgQOHCDxawUgfpBnuOhjEedGcRYCx9p+JveYpPnUgc/5IZ
bW4GqCKrOY1sNhmD+Cr7WRvlA4sEYWuW62DbtYJRfkiuqhJScpQ+fHGjUroyVQ5I
h6JGZMX2mYxohAnsfyWC21FJxHMm9JVkHAeOnYJkyeVAyu+VwVbuN79yhDI=
-----END CERTIFICATE-----