Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/973e0b00-151c-4f8b-817b-2a5df2b21a15.roa
File:                     973e0b00-151c-4f8b-817b-2a5df2b21a15.roa (raw, json)
Hash identifier:          JBdfsifu/NlsH1xrVAIPpKVO+hh7cDLIvHO8PgVYEiE=
Subject key identifier:   F9:E0:B5:1B:0A:0E:EC:A8:65:1B:00:F7:7D:B2:50:08:E0:7D:E8:EB
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       35373F6F2770E62D22829E5BAE732E705A801A
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/973e0b00-151c-4f8b-817b-2a5df2b21a15.roa
Signing time:             Fri 21 Feb 2025 03:48:20 +0000
ROA not before:           Fri 21 Feb 2025 03:48:20 +0000
ROA not after:            Fri 28 Mar 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:37:3f:6f:27:70:e6:2d:22:82:9e:5b:ae:73:2e:70:5a:80:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb 21 03:48:20 2025 GMT
            Not After : Mar 28 23:59:59 2025 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:a0:2f:96:6d:71:77:7b:cf:52:42:70:71:15:
                    4a:c2:73:08:50:d0:32:fa:46:77:74:ed:9e:aa:21:
                    4f:b4:5e:f5:da:7e:79:7a:85:23:b3:62:5d:49:26:
                    c9:23:23:7d:ac:4e:81:1b:59:8d:e2:ec:ec:b1:f9:
                    ac:b2:fb:9b:0e:84:48:18:3e:48:71:e6:3f:fc:fe:
                    d8:21:b8:35:32:e8:09:3d:20:95:41:46:26:3b:6e:
                    8a:9a:bc:1f:bc:06:28:42:5e:c7:98:e9:cc:0c:15:
                    9f:68:17:7d:17:3f:99:91:1d:26:14:d4:55:56:46:
                    a0:07:57:1c:0e:e5:5e:63:e7:5a:63:15:9f:99:b2:
                    69:aa:2e:56:2f:4b:b5:f8:5a:6e:2c:ee:74:df:35:
                    f9:37:e4:98:1c:84:9e:15:8a:ad:a9:ce:2f:7f:24:
                    0b:52:de:3f:30:e1:97:e8:af:c8:03:d9:9d:2f:76:
                    98:2d:ea:c9:fd:45:0b:f7:74:90:b2:dd:2b:e5:2e:
                    b6:12:7a:f9:69:3b:92:73:31:a2:04:c9:0d:b6:91:
                    df:ec:5d:2e:43:80:1d:40:d0:bc:13:3f:b4:14:b5:
                    d9:fe:2b:fd:0f:e7:21:c1:92:56:dc:fa:5a:07:33:
                    fe:1f:1d:82:8e:ac:42:26:be:f6:a6:d1:86:32:c6:
                    f6:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:E0:B5:1B:0A:0E:EC:A8:65:1B:00:F7:7D:B2:50:08:E0:7D:E8:EB
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/973e0b00-151c-4f8b-817b-2a5df2b21a15.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:10:c5:ac:41:bb:89:8a:08:0e:5b:19:c5:c3:2b:29:b6:23:
         56:7c:69:0d:a8:90:e6:20:9f:ae:8a:71:88:00:06:97:5d:e6:
         a0:14:d4:f9:50:7f:92:d2:37:67:40:9a:1b:1b:18:27:e9:56:
         60:a7:4d:e6:d3:31:47:91:dd:ba:19:d6:42:9b:81:3c:7f:ae:
         7f:14:f0:da:30:e2:5c:02:76:47:2a:42:f9:35:5b:f4:ca:91:
         c9:58:cf:76:54:e1:a3:c4:fa:6d:61:af:75:4c:b5:70:f9:db:
         98:f4:11:b1:b9:bf:50:53:4a:10:44:93:ad:7a:3e:15:78:15:
         41:00:7e:5a:77:6b:6f:6a:62:de:38:66:42:37:f9:af:8e:54:
         ba:72:bf:c3:02:7e:9e:76:05:52:f5:4c:3e:65:0d:a3:1e:14:
         b4:00:66:3b:7a:f9:0e:cb:11:50:bb:36:22:14:7d:b5:1d:6b:
         f9:05:04:ef:05:7a:cc:fa:7e:ee:40:68:5b:50:a1:45:a5:64:
         6d:b5:73:a4:e3:70:d6:d3:33:34:19:66:1f:d0:07:b3:e3:89:
         1d:ba:f1:d8:f2:81:d4:ec:19:2c:a3:48:2b:17:12:5d:24:54:
         13:a6:25:31:a7:c2:d8:40:bd:dc:79:26:b0:3a:a9:4d:ee:8e:
         ab:a2:90:a1
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgITNTc/bydw5i0igp5brnMucFqAGjANBgkqhkiG9w0BAQsF
ADA9MTswOQYDVQQDEzIyNzhhYWI4NzhmMjY2MmNlMTRlOTA1ZTE4ZWJjYjc1MjJm
OTJiMzY4NGJjNDg2NWI0ZDAeFw0yNTAyMjEwMzQ4MjBaFw0yNTAzMjgyMzU5NTla
MHoxSTBHBgNVBAUTQGU4YThlM2Y3MjIyNDFiMTJiNWUyODUzMGI2OTlkODE2NDhh
YmNkOWFmZmQ5OTJjNzVmMDJkYmVlZjQ3YzNhNTUxLTArBgNVBAMTJGMwY2UyM2Vh
LTQzZmMtNGJlNC1iZWVlLWMwMTQ3ODEyMmEwZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJSgL5ZtcXd7z1JCcHEVSsJzCFDQMvpGd3TtnqohT7Re9dp+
eXqFI7NiXUkmySMjfaxOgRtZjeLs7LH5rLL7mw6ESBg+SHHmP/z+2CG4NTLoCT0g
lUFGJjtuipq8H7wGKEJex5jpzAwVn2gXfRc/mZEdJhTUVVZGoAdXHA7lXmPnWmMV
n5myaaouVi9LtfhabizudN81+TfkmByEnhWKranOL38kC1LePzDhl+ivyAPZnS92
mC3qyf1FC/d0kLLdK+UuthJ6+Wk7knMxogTJDbaR3+xdLkOAHUDQvBM/tBS12f4r
/Q/nIcGSVtz6Wgcz/h8dgo6sQia+9qbRhjLG9qECAwEAAaOCArEwggKtMB0GA1Ud
DgQWBBT54LUbCg7sqGUbAPd9slAI4H3o6zAfBgNVHSMEGDAWgBRVqN1F2UQT+dGS
9Sxjzoz7xhSWuDAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHg
BggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2Fy
aW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMv
MDM1NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzE0MzNlYmZmLWRm
ZDYtNGM1Yy1iN2ZmLTk5Yzg1MTM5ZDRhOC8yNzhhYWI4NzhmMjY2MmNlMTRlOTA1
ZTE4ZWJjYjc1MjJmOTJiMzY4NGJjNDg2NWI0ZC5jZXIwgZ4GCCsGAQUFBwELBIGR
MIGOMIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8xNmYxZmZlZS03NDYxLTQ2NzQtYmIwNS1mZGRl
ZmE5YTAyYzYvOTczZTBiMDAtMTUxYy00ZjhiLTgxN2ItMmE1ZGYyYjIxYTE1LnJv
YTCBiAYDVR0fBIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0
LTIuYW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUt
ZmRkZWZhOWEwMmM2L0ptTE9GT2tGNFk2OHQxSXZrck5vUzhTR1cwMC5jcmwwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAMckeDANBgkqhkiG9w0BAQsFAAOCAQEAchDFrEG7iYoIDlsZxcMrKbYjVnxp
DaiQ5iCfropxiAAGl13moBTU+VB/ktI3Z0CaGxsYJ+lWYKdN5tMxR5HduhnWQpuB
PH+ufxTw2jDiXAJ2RypC+TVb9MqRyVjPdlTho8T6bWGvdUy1cPnbmPQRsbm/UFNK
EESTrXo+FXgVQQB+Wndrb2pi3jhmQjf5r45UunK/wwJ+nnYFUvVMPmUNox4UtABm
O3r5DssRULs2IhR9tR1r+QUE7wV6zPp+7kBoW1ChRaVkbbVzpONw1tMzNBlmH9AH
s+OJHbrx2PKB1OwZLKNIKxcSXSRUE6YlMafC2EC93HkmsDqpTe6Oq6KQoQ==
-----END CERTIFICATE-----