Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9610181e-da87-4183-bf56-44aca41a87ed.roa
File:                     9610181e-da87-4183-bf56-44aca41a87ed.roa (raw, json)
Hash identifier:          LXK3HS9lPoqnRNYBfguA3FSNv8gm862p97j6kNOfEqU=
Subject key identifier:   27:DD:B7:7B:1A:02:12:A2:F8:6E:3A:E6:ED:24:EB:F3:04:F1:83:F8
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7D31F951D7882983C464563F33B3D7AAC6457F3D
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9610181e-da87-4183-bf56-44aca41a87ed.roa
Signing time:             Mon 24 Mar 2025 20:18:20 +0000
ROA not before:           Mon 24 Mar 2025 20:18:20 +0000
ROA not after:            Mon 28 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:31:f9:51:d7:88:29:83:c4:64:56:3f:33:b3:d7:aa:c6:45:7f:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 24 20:18:20 2025 GMT
            Not After : Apr 28 23:59:59 2025 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:ff:11:3f:50:04:8a:de:33:3b:fd:1c:16:1d:
                    b6:64:29:4a:15:70:58:76:eb:6a:79:89:63:0b:c4:
                    1e:0b:bb:e6:40:f1:9b:e5:c9:f3:98:ab:73:9e:35:
                    8e:24:dd:bc:fc:ef:5f:31:2f:2c:5b:50:bc:0e:97:
                    db:34:91:13:47:9a:7d:6f:a8:9e:27:d5:48:e0:ba:
                    58:bb:31:2c:c9:d3:89:a8:d8:40:94:5f:d8:a3:77:
                    0d:3b:84:1d:53:67:15:15:dd:d9:0c:22:37:ed:76:
                    c2:e2:53:f6:ca:70:96:ec:42:9c:4e:52:22:7a:8a:
                    a5:d0:78:86:1a:45:47:fc:c0:00:68:cf:15:02:a2:
                    33:05:72:4f:e8:8a:f6:46:3f:6a:51:10:ac:91:de:
                    c9:3b:fc:82:7e:0e:13:20:55:ad:33:0f:6e:b2:b3:
                    5e:c9:b0:a6:d0:36:1b:19:0f:ed:5b:04:0a:a7:df:
                    87:2f:f0:f6:a4:77:c0:81:fc:68:29:9e:b6:b1:11:
                    83:84:e4:82:93:30:9d:48:c8:90:83:5a:02:0d:31:
                    8e:06:87:08:11:c3:31:3c:94:cc:09:4e:f6:8b:66:
                    d1:13:9e:cb:8b:1f:63:f9:c9:d1:b8:fc:ac:34:a5:
                    bd:9e:ab:69:4c:88:5d:21:5f:1e:77:6c:f3:df:57:
                    46:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:DD:B7:7B:1A:02:12:A2:F8:6E:3A:E6:ED:24:EB:F3:04:F1:83:F8
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9610181e-da87-4183-bf56-44aca41a87ed.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:0a:26:a6:60:68:31:1c:d8:7b:d9:14:b2:5d:7c:00:30:6c:
         c4:76:2f:b6:ad:14:f7:fa:30:d5:ee:30:1a:d1:35:14:c7:77:
         12:b4:79:79:1b:b9:04:ab:f7:42:d5:1d:db:4f:f9:54:20:08:
         17:d0:7e:32:df:97:40:11:80:c8:e8:2e:d3:bb:29:1c:6f:67:
         aa:d0:ec:f8:b0:33:79:0e:f2:f0:0a:f0:5e:14:11:d6:b1:cf:
         e5:5a:4d:87:64:ab:9e:c3:56:46:22:39:a9:3a:79:06:1f:4c:
         49:2d:e2:ab:53:b7:8e:59:be:d4:b1:31:e3:62:76:87:d2:50:
         d1:a6:aa:af:54:49:69:d0:b0:55:32:9d:03:98:30:ee:44:98:
         cb:9d:82:e7:1f:e0:02:1a:d0:c2:65:74:84:a7:a1:14:c2:e7:
         f2:3f:4d:e4:91:1d:34:62:24:90:f9:13:fb:d7:24:2b:a4:e7:
         18:9d:a8:a0:f1:fb:49:70:4e:ec:0f:75:f6:4e:e8:f6:fb:2d:
         30:28:c0:70:86:f6:f6:d7:a8:79:38:a8:c7:81:ae:1f:c0:49:
         66:82:8e:95:9a:1d:a4:70:19:ea:77:1c:c2:07:82:88:cb:61:
         38:19:d4:d0:f8:ef:da:87:05:56:71:6e:66:8e:b6:00:ad:e2:
         50:20:35:cb
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfTH5UdeIKYPEZFY/M7PXqsZFfz0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzI0MjAxODIwWhcNMjUwNDI4MjM1OTU5
WjB6MUkwRwYDVQQFE0AyYzZkYzAyMGVhNzI0NGVlN2U4YTQ3OGRhZWY1MWJlMGYw
MmU5NDhjYTQxY2YxNDRiZDY5Mjg2NTA5YjNlODVlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCQ/xE/UASK3jM7/RwWHbZkKUoVcFh262p5iWMLxB4Lu+ZA
8ZvlyfOYq3OeNY4k3bz8718xLyxbULwOl9s0kRNHmn1vqJ4n1Ujguli7MSzJ04mo
2ECUX9ijdw07hB1TZxUV3dkMIjftdsLiU/bKcJbsQpxOUiJ6iqXQeIYaRUf8wABo
zxUCojMFck/oivZGP2pREKyR3sk7/IJ+DhMgVa0zD26ys17JsKbQNhsZD+1bBAqn
34cv8Pakd8CB/GgpnraxEYOE5IKTMJ1IyJCDWgINMY4GhwgRwzE8lMwJTvaLZtET
nsuLH2P5ydG4/Kw0pb2eq2lMiF0hXx53bPPfV0a5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUJ923exoCEqL4bjrm7STr8wTxg/gwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzk2MTAxODFlLWRhODctNDE4My1iZjU2LTQ0YWNhNDFhODdlZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIQKJqZgaDEc2HvZFLJdfAAwbMR2
L7atFPf6MNXuMBrRNRTHdxK0eXkbuQSr90LVHdtP+VQgCBfQfjLfl0ARgMjoLtO7
KRxvZ6rQ7PiwM3kO8vAK8F4UEdaxz+VaTYdkq57DVkYiOak6eQYfTEkt4qtTt45Z
vtSxMeNidofSUNGmqq9USWnQsFUynQOYMO5EmMudgucf4AIa0MJldISnoRTC5/I/
TeSRHTRiJJD5E/vXJCuk5xidqKDx+0lwTuwPdfZO6Pb7LTAowHCG9vbXqHk4qMeB
rh/ASWaCjpWaHaRwGep3HMIHgojLYTgZ1ND479qHBVZxbmaOtgCt4lAgNcs=
-----END CERTIFICATE-----