Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/997f1c1f-3859-41ef-bd7a-2f5666226ca8.roa
File:                     997f1c1f-3859-41ef-bd7a-2f5666226ca8.roa (raw, json)
Hash identifier:          sAlmfx7vrI+LV7Ho0H6sMW2GOAyh2l+esl35/hoxH74=
Subject key identifier:   A9:57:54:4F:BC:67:9B:8D:AB:58:53:6F:E0:61:F3:38:28:C3:38:36
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7C538BE3BF81A40C445E07B1499F516FD2663385
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/997f1c1f-3859-41ef-bd7a-2f5666226ca8.roa
Signing time:             Sun 11 Feb 2024 00:00:00 +0000
ROA not before:           Sun 11 Feb 2024 00:00:00 +0000
ROA not after:            Sun 17 Mar 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:53:8b:e3:bf:81:a4:0c:44:5e:07:b1:49:9f:51:6f:d2:66:33:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb 11 00:00:00 2024 GMT
            Not After : Mar 17 23:59:59 2024 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:62:75:5b:5d:c7:20:e2:5e:42:3e:ec:9b:e9:
                    ed:78:7e:22:d6:e1:18:d6:2e:87:c1:58:b4:45:2f:
                    6c:82:2d:ae:3e:54:50:40:a8:75:fa:db:9a:15:84:
                    ff:1e:54:ba:8b:ca:9f:b5:a1:e4:e5:34:67:7b:5b:
                    de:af:00:49:4e:18:d1:8b:35:e8:14:70:18:a6:c4:
                    7b:ab:78:21:38:26:80:f2:77:d4:f8:b7:91:ce:e6:
                    65:9f:f7:8e:b4:61:2c:96:35:43:3b:a5:9e:90:04:
                    79:1a:64:62:5a:30:dc:35:0d:c3:48:5f:54:32:9c:
                    26:b2:c5:2a:26:0a:c0:e4:70:0e:79:56:66:7b:bd:
                    53:09:05:81:fd:12:d1:5a:41:72:07:6e:5e:c8:c9:
                    c2:be:d2:69:10:83:64:dc:67:16:7f:a3:02:dc:fa:
                    e6:bb:8f:80:8d:8d:7e:5a:6d:cf:4f:5f:17:a3:6a:
                    a1:ab:83:88:24:7a:ad:f2:45:7d:91:cd:8a:68:36:
                    16:35:93:d1:56:76:f5:d9:99:6b:44:2d:78:1a:f1:
                    4c:35:5b:27:9d:4c:6f:1f:97:f4:83:c1:18:bd:09:
                    7c:87:c5:e1:ff:a5:37:09:67:4f:ee:95:7a:50:ca:
                    b5:78:55:8d:0b:e0:e0:0b:64:59:95:9b:c1:7a:f2:
                    4f:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:57:54:4F:BC:67:9B:8D:AB:58:53:6F:E0:61:F3:38:28:C3:38:36
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/997f1c1f-3859-41ef-bd7a-2f5666226ca8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:75:f6:e4:11:5a:54:93:b3:c4:6f:d1:54:7d:9b:28:d3:13:
         a2:4c:d7:68:de:83:00:29:89:84:cb:b0:e3:2e:e1:77:78:78:
         0e:65:76:d0:fc:5c:53:ef:c7:af:41:04:69:0c:a7:a2:d8:05:
         78:de:77:fa:8b:51:4d:39:f1:72:2b:61:1e:93:3c:51:e4:30:
         bf:3d:04:9b:28:7f:14:25:96:a2:08:c1:4e:47:16:25:a4:b8:
         73:84:e8:71:c3:df:90:63:e2:9b:1c:61:52:1d:68:0c:6f:db:
         76:35:f3:f4:09:6a:37:51:a8:af:ff:4d:79:22:cb:85:8e:dc:
         20:60:8f:21:0c:70:64:78:ae:d5:53:19:cb:ee:76:5c:f5:f1:
         45:64:cd:93:36:d7:3c:45:d2:72:ea:99:c8:e1:9a:cf:1b:55:
         63:17:da:7e:40:f2:ae:14:00:a4:e5:ac:14:bf:fd:bd:36:aa:
         6d:b7:50:60:7e:a1:e5:bd:0c:12:76:6e:11:5c:1b:d5:e3:37:
         17:c7:ba:27:97:b7:5d:8e:24:2a:70:9e:40:03:ce:6e:af:5c:
         97:b7:0a:41:42:3c:7e:5b:f9:30:43:8a:b5:34:9d:60:04:65:
         08:d4:8c:38:11:a3:3b:db:1a:b1:8a:31:22:1c:fb:88:07:79:
         20:21:69:ce
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfFOL47+BpAxEXgexSZ9Rb9JmM4UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMjExMDAwMDAwWhcNMjQwMzE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MjYxNWFkY2U5YmI5NThhNDQ4NjFjN2QxZGEwYzE2MTVm
MDZlYzJlNjdjZDVlZmU1ODZmN2Y3NTY0NzY2NzdiMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDxYnVbXccg4l5CPuyb6e14fiLW4RjWLofBWLRFL2yCLa4+
VFBAqHX625oVhP8eVLqLyp+1oeTlNGd7W96vAElOGNGLNegUcBimxHureCE4JoDy
d9T4t5HO5mWf9460YSyWNUM7pZ6QBHkaZGJaMNw1DcNIX1QynCayxSomCsDkcA55
VmZ7vVMJBYH9EtFaQXIHbl7IycK+0mkQg2TcZxZ/owLc+ua7j4CNjX5abc9PXxej
aqGrg4gkeq3yRX2RzYpoNhY1k9FWdvXZmWtELXga8Uw1WyedTG8fl/SDwRi9CXyH
xeH/pTcJZ0/ulXpQyrV4VY0L4OALZFmVm8F68k8xAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUqVdUT7xnm42rWFNv4GHzOCjDODYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzk5N2YxYzFmLTM4NTktNDFlZi1iZDdhLTJmNTY2NjIyNmNhOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAJ19uQRWlSTs8Rv0VR9myjTE6JM
12jegwApiYTLsOMu4Xd4eA5ldtD8XFPvx69BBGkMp6LYBXjed/qLUU058XIrYR6T
PFHkML89BJsofxQllqIIwU5HFiWkuHOE6HHD35Bj4pscYVIdaAxv23Y18/QJajdR
qK//TXkiy4WO3CBgjyEMcGR4rtVTGcvudlz18UVkzZM21zxF0nLqmcjhms8bVWMX
2n5A8q4UAKTlrBS//b02qm23UGB+oeW9DBJ2bhFcG9XjNxfHuieXt12OJCpwnkAD
zm6vXJe3CkFCPH5b+TBDirU0nWAEZQjUjDgRozvbGrGKMSIc+4gHeSAhac4=
-----END CERTIFICATE-----