Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9085d567-499d-4f7a-be87-5c79045c7f8a.roa
File:                     9085d567-499d-4f7a-be87-5c79045c7f8a.roa (raw, json)
Hash identifier:          4FJPgynVh1/fYWFn3u/sDCt+42Lk5YHo7ovka2O9TjE=
Subject key identifier:   46:C2:62:4A:E0:B3:C4:E5:D0:FC:E4:9C:A3:F4:04:4C:B6:E9:6A:A4
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3468CF3A075275432851498D4C65D5A21D2C5CC7
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9085d567-499d-4f7a-be87-5c79045c7f8a.roa
Signing time:             Tue 04 Feb 2025 00:00:00 +0000
ROA not before:           Tue 04 Feb 2025 00:00:00 +0000
ROA not after:            Tue 11 Mar 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:68:cf:3a:07:52:75:43:28:51:49:8d:4c:65:d5:a2:1d:2c:5c:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb  4 00:00:00 2025 GMT
            Not After : Mar 11 23:59:59 2025 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:4d:3e:43:16:e4:77:c3:6b:9c:d0:8b:b9:df:
                    db:8a:09:45:8f:60:4e:6c:bd:7b:d0:a2:c8:56:93:
                    db:dc:64:f9:95:ce:dd:70:a2:c2:02:e4:6d:83:07:
                    a9:91:71:21:48:41:c1:4f:1c:61:ce:66:85:1b:5b:
                    f4:71:e9:f3:61:be:f2:c5:eb:f0:11:3a:40:a7:46:
                    3c:bd:72:c5:68:ac:3a:30:96:64:d1:0b:1a:b5:9f:
                    36:15:8f:f7:07:90:eb:e8:d7:15:6f:69:7f:cf:33:
                    98:6d:53:5b:7a:16:53:3e:cb:82:0e:28:31:27:c7:
                    0e:59:9c:32:b8:ae:99:0f:bc:56:38:5d:f4:ae:5e:
                    c1:7e:d5:da:de:75:de:db:48:e4:92:2f:52:e4:a0:
                    ea:3d:c4:8a:a1:52:71:e6:9b:e1:65:07:1e:8e:29:
                    3b:aa:2b:4a:31:77:a9:57:60:ab:4b:6a:9a:d5:35:
                    ff:2e:eb:db:4d:f7:67:04:2a:70:5f:d9:dc:a8:0d:
                    5e:c0:5c:6a:e1:4c:4a:33:bd:eb:2f:f8:bc:b5:89:
                    1c:98:a3:45:4c:94:3b:cf:97:5c:c4:20:2c:13:9b:
                    dd:2a:3c:8e:e6:fc:57:54:42:ec:51:70:4c:46:22:
                    0c:00:e4:1c:87:bd:47:1c:88:86:ec:78:f4:55:0d:
                    12:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:C2:62:4A:E0:B3:C4:E5:D0:FC:E4:9C:A3:F4:04:4C:B6:E9:6A:A4
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9085d567-499d-4f7a-be87-5c79045c7f8a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:7f:30:92:54:16:45:b6:8f:00:65:4b:53:57:c0:00:dc:ab:
         96:a1:ee:96:c9:fd:d8:85:1b:d6:23:f6:cf:86:5f:72:16:25:
         f6:08:61:be:c9:f5:6e:83:f2:a2:69:b6:26:9f:e9:03:45:23:
         b3:70:b5:4d:53:eb:e8:ea:06:db:dc:57:b5:e3:a7:25:ea:bc:
         83:7d:32:a3:f6:9c:ef:7b:e1:cc:c9:69:7c:65:9e:0d:a2:76:
         53:58:d3:cd:6b:b3:7b:88:d3:16:d7:08:42:e7:dd:dc:42:33:
         8a:26:bd:d9:ff:a9:ed:27:28:64:ca:93:0a:63:6f:a8:69:6d:
         a2:b6:88:26:8b:00:80:52:93:e3:d7:ba:5e:63:53:74:72:7d:
         54:9a:ea:8a:4b:17:cb:ce:30:98:23:21:98:78:63:89:9b:9b:
         ec:12:02:03:4c:7a:ff:4e:34:78:0c:10:70:89:1e:04:1d:07:
         26:a2:ac:e8:67:81:e8:2d:80:a8:f6:25:e3:84:a1:94:b2:bd:
         52:71:57:a8:be:d5:7c:2b:cd:21:ff:1a:15:01:5c:c8:71:45:
         a0:df:57:79:34:62:f2:bc:e5:ad:a5:b1:06:3f:36:64:8b:4e:
         65:46:65:8d:0a:5a:69:a8:fa:fd:f9:d3:b9:b7:f3:40:32:59:
         da:d4:df:23
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNGjPOgdSdUMoUUmNTGXVoh0sXMcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMjA0MDAwMDAwWhcNMjUwMzExMjM1OTU5
WjB6MUkwRwYDVQQFE0AzYjdhMmZlNjJmM2FkMWU4ZDM4NjFkNWYzNmY5ZjBkNzVl
ZmZmNGM4NDQ4ZTljOTJkNjIxN2JlODI2NGNkOWUzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC4TT5DFuR3w2uc0Iu539uKCUWPYE5svXvQoshWk9vcZPmV
zt1wosIC5G2DB6mRcSFIQcFPHGHOZoUbW/Rx6fNhvvLF6/AROkCnRjy9csVorDow
lmTRCxq1nzYVj/cHkOvo1xVvaX/PM5htU1t6FlM+y4IOKDEnxw5ZnDK4rpkPvFY4
XfSuXsF+1dredd7bSOSSL1LkoOo9xIqhUnHmm+FlBx6OKTuqK0oxd6lXYKtLaprV
Nf8u69tN92cEKnBf2dyoDV7AXGrhTEozvesv+Ly1iRyYo0VMlDvPl1zEICwTm90q
PI7m/FdUQuxRcExGIgwA5ByHvUcciIbsePRVDRJrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQURsJiSuCzxOXQ/OSco/QETLbpaqQwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzkwODVkNTY3LTQ5OWQtNGY3YS1iZTg3LTVjNzkwNDVjN2Y4YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJ9/MJJUFkW2jwBlS1NXwADcq5ah
7pbJ/diFG9Yj9s+GX3IWJfYIYb7J9W6D8qJptiaf6QNFI7NwtU1T6+jqBtvcV7Xj
pyXqvIN9MqP2nO974czJaXxlng2idlNY081rs3uI0xbXCELn3dxCM4omvdn/qe0n
KGTKkwpjb6hpbaK2iCaLAIBSk+PXul5jU3RyfVSa6opLF8vOMJgjIZh4Y4mbm+wS
AgNMev9ONHgMEHCJHgQdByairOhngegtgKj2JeOEoZSyvVJxV6i+1XwrzSH/GhUB
XMhxRaDfV3k0YvK85a2lsQY/NmSLTmVGZY0KWmmo+v3507m380AyWdrU3yM=
-----END CERTIFICATE-----