Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/92d80932-35f4-489d-97e4-49034416a9bf.roa
File:                     92d80932-35f4-489d-97e4-49034416a9bf.roa (raw, json)
Hash identifier:          4yFF9rPa2dvcOiojfCCpUVtMp5qzH9n5HApETs3P6K8=
Subject key identifier:   14:FF:7C:AF:B5:A2:74:FF:11:DF:9D:AE:6A:21:8E:82:09:FA:C0:40
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       32597E7D503E1973863EAC2C3F0F02DE8EEFE8B8
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/92d80932-35f4-489d-97e4-49034416a9bf.roa
Signing time:             Thu 20 Mar 2025 14:18:17 +0000
ROA not before:           Thu 20 Mar 2025 14:18:17 +0000
ROA not after:            Thu 24 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:59:7e:7d:50:3e:19:73:86:3e:ac:2c:3f:0f:02:de:8e:ef:e8:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 20 14:18:17 2025 GMT
            Not After : Apr 24 23:59:59 2025 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:1c:83:c9:c1:98:02:93:c4:13:7d:f9:f6:70:
                    51:b0:3f:87:9d:66:a6:d5:a3:66:93:52:05:37:a7:
                    c9:d7:95:a9:b3:6c:b4:68:15:fa:66:1e:c1:08:a3:
                    5b:d4:f6:b1:83:6b:08:7c:96:9d:9c:27:52:2e:ca:
                    90:4b:99:b3:45:f3:e5:dc:65:fd:d5:da:42:c3:30:
                    75:37:e1:f4:c4:ca:7d:87:86:2a:6a:a0:3b:5f:5c:
                    e4:85:ea:9d:01:f5:9e:fe:d8:6e:45:a6:dd:9a:2f:
                    5f:7b:17:9e:3c:90:e6:d3:67:36:55:e4:4c:52:30:
                    9f:9b:b4:f0:ab:99:9b:a7:1e:d1:1b:ca:ab:49:91:
                    a5:18:9e:38:a7:c8:c7:00:85:f6:c4:97:d6:76:1a:
                    cf:33:c2:f0:b2:e3:76:dc:38:f4:31:f4:f5:fc:a3:
                    ef:bd:7d:05:59:94:6b:32:3f:c8:e4:4d:72:2e:6b:
                    15:67:2c:cd:dd:ad:c4:55:70:d1:64:df:dc:ae:82:
                    83:f5:da:f8:12:ac:69:71:1f:30:7c:77:4b:c5:ee:
                    8e:fa:12:90:0f:e7:2f:b4:de:c6:5d:e3:3b:c9:b0:
                    36:31:2c:e3:cd:78:cd:6f:8b:8d:d9:23:57:f5:80:
                    8f:10:79:53:72:a3:91:bb:91:61:53:2f:2f:e4:2e:
                    0a:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:FF:7C:AF:B5:A2:74:FF:11:DF:9D:AE:6A:21:8E:82:09:FA:C0:40
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/92d80932-35f4-489d-97e4-49034416a9bf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:e2:23:7c:59:f1:fd:f7:9e:11:54:51:2e:06:63:24:5a:52:
         2c:fb:63:c4:ff:47:9e:a9:3f:d8:fa:43:5a:94:b5:e9:7d:88:
         94:3a:fb:5f:6a:26:ad:50:8b:dc:49:3b:52:12:44:29:a8:56:
         29:e8:a4:ca:6f:7e:58:8e:b2:4f:09:0b:75:b3:f6:95:2e:d7:
         ca:72:68:3d:c9:4f:79:c3:68:bc:0a:1d:78:52:1d:42:2c:17:
         2f:b3:9b:78:86:fc:0d:01:b3:08:a9:26:ae:5d:0d:ef:ac:82:
         ae:b7:ee:d3:c8:46:31:19:eb:d9:1b:01:fe:66:e2:a0:28:19:
         ba:7a:ee:13:30:b5:e9:26:db:30:69:fe:6e:cc:cf:65:04:c3:
         2c:f4:c6:f0:ed:fe:d7:f1:87:7a:a3:e7:1c:8d:9a:a0:11:fc:
         f6:a1:f0:99:38:a3:5b:e4:c9:62:45:58:f4:2b:e9:46:20:98:
         44:5d:a9:01:49:5b:4f:34:6b:26:7c:4b:18:04:eb:bb:03:58:
         c7:25:e1:ef:15:f4:38:88:27:de:5f:46:13:3e:16:a6:6e:14:
         f0:d0:c5:de:b4:9a:24:af:ca:a9:7d:3d:7c:03:2e:77:e3:70:
         e8:39:35:81:e9:8d:41:b8:c6:ad:be:51:7f:2c:d2:24:8a:b0:
         7d:fb:f0:40
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMll+fVA+GXOGPqwsPw8C3o7v6LgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzIwMTQxODE3WhcNMjUwNDI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AzZDExZDc3OWFjN2JhN2ZkZTAxMTJjNTdhNjI2YzM0OWM1
ZGFkOGYzZjhiODMxZWFjNGI0ZWMxNDc2YmQ4NmFjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCmHIPJwZgCk8QTffn2cFGwP4edZqbVo2aTUgU3p8nXlamz
bLRoFfpmHsEIo1vU9rGDawh8lp2cJ1IuypBLmbNF8+XcZf3V2kLDMHU34fTEyn2H
hipqoDtfXOSF6p0B9Z7+2G5Fpt2aL197F548kObTZzZV5ExSMJ+btPCrmZunHtEb
yqtJkaUYnjinyMcAhfbEl9Z2Gs8zwvCy43bcOPQx9PX8o++9fQVZlGsyP8jkTXIu
axVnLM3drcRVcNFk39yugoP12vgSrGlxHzB8d0vF7o76EpAP5y+03sZd4zvJsDYx
LOPNeM1vi43ZI1f1gI8QeVNyo5G7kWFTLy/kLgqpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUFP98r7WidP8R352uaiGOggn6wEAwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzkyZDgwOTMyLTM1ZjQtNDg5ZC05N2U0LTQ5MDM0NDE2YTliZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGTiI3xZ8f33nhFUUS4GYyRaUiz7
Y8T/R56pP9j6Q1qUtel9iJQ6+19qJq1Qi9xJO1ISRCmoVinopMpvfliOsk8JC3Wz
9pUu18pyaD3JT3nDaLwKHXhSHUIsFy+zm3iG/A0BswipJq5dDe+sgq637tPIRjEZ
69kbAf5m4qAoGbp67hMwtekm2zBp/m7Mz2UEwyz0xvDt/tfxh3qj5xyNmqAR/Pah
8Jk4o1vkyWJFWPQr6UYgmERdqQFJW080ayZ8SxgE67sDWMcl4e8V9DiIJ95fRhM+
FqZuFPDQxd60miSvyql9PXwDLnfjcOg5NYHpjUG4xq2+UX8s0iSKsH378EA=
-----END CERTIFICATE-----