Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a561b4f1-220b-48e5-b547-71d7531a6592.roa
File:                     a561b4f1-220b-48e5-b547-71d7531a6592.roa (raw, json)
Hash identifier:          HCQDXCZlV2KOxBu1r8/Ka5Fepu5ZwdOUwKG0TmjCky8=
Subject key identifier:   96:F0:E8:86:69:87:A1:ED:70:E3:7A:76:1C:F3:CF:65:CF:28:7C:09
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       213EA5DAA1204318280663DA8CAC5B3E81E8DE12
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a561b4f1-220b-48e5-b547-71d7531a6592.roa
Signing time:             Mon 03 Feb 2025 00:00:00 +0000
ROA not before:           Mon 03 Feb 2025 00:00:00 +0000
ROA not after:            Mon 10 Mar 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:3e:a5:da:a1:20:43:18:28:06:63:da:8c:ac:5b:3e:81:e8:de:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb  3 00:00:00 2025 GMT
            Not After : Mar 10 23:59:59 2025 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:bc:2a:75:81:95:b7:28:08:99:65:d0:04:eb:
                    a0:39:da:86:23:52:b0:27:e9:f5:d4:72:02:2c:b5:
                    95:77:bc:df:57:7a:dd:59:16:13:77:70:dc:08:84:
                    c8:33:4e:eb:bf:de:43:4b:8b:9b:70:90:a4:b3:c8:
                    47:f3:ef:61:b4:fe:72:6a:af:0b:ef:04:08:33:04:
                    9c:79:b5:e8:b7:68:73:c8:12:25:67:bf:f5:8f:fb:
                    c1:8e:19:aa:c5:05:87:51:c3:7d:0c:cb:1d:b6:a6:
                    9e:38:1d:a5:db:ce:c2:dc:0c:20:7a:3f:4e:d1:99:
                    c0:af:a9:d7:8f:ae:98:8a:8d:56:a5:fe:f7:0a:f8:
                    ab:f2:a1:02:e0:ca:9f:cb:94:7c:89:b5:fa:b2:f3:
                    c3:db:5e:cd:56:6d:2e:52:45:b1:57:46:9c:5d:ff:
                    44:64:f0:81:2f:cc:0f:b5:46:13:95:7f:41:ee:2c:
                    72:9a:56:d9:40:04:0f:dc:57:86:2a:01:fb:9f:f1:
                    db:d1:a3:1c:51:27:6d:56:cf:e3:d9:6f:a9:ab:3b:
                    f2:00:b2:de:48:0d:b2:b0:ed:f5:dd:05:f1:67:a0:
                    83:ee:f8:db:f2:91:42:63:35:ee:ba:57:cb:c2:59:
                    0a:ed:8a:b9:86:0b:03:23:6f:a8:ba:45:5e:21:9f:
                    46:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:F0:E8:86:69:87:A1:ED:70:E3:7A:76:1C:F3:CF:65:CF:28:7C:09
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a561b4f1-220b-48e5-b547-71d7531a6592.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:00:cc:02:b9:86:1e:24:59:c5:e0:1f:50:1e:b2:8b:52:b2:
         a9:5d:a4:2d:b8:e1:99:26:4b:84:61:4b:c5:75:8e:5b:71:88:
         4c:dc:e3:cd:4f:08:dd:dc:37:96:9f:e7:d8:29:d8:42:68:78:
         7d:c6:7b:97:38:d1:3f:2d:0e:98:e9:a8:4c:ac:68:68:c9:c6:
         b5:65:3b:02:b1:2f:ef:d9:67:c5:9a:d0:74:ec:4e:4b:25:d0:
         52:5c:13:c4:3c:17:ec:25:40:35:88:04:03:e5:0d:a2:f1:10:
         eb:71:54:83:c7:eb:e3:54:d0:73:ba:ac:77:43:c5:82:8c:64:
         31:08:aa:1b:62:93:28:8b:46:d8:d1:40:a6:ec:38:07:2a:b9:
         c3:68:96:37:51:8b:9f:74:ff:37:e3:8f:95:7b:1f:28:c9:4c:
         c8:77:bf:be:7f:70:f2:e4:70:89:88:a4:df:36:61:6a:2d:c3:
         0e:5c:a1:c5:89:79:09:cf:6c:e0:57:8c:67:fd:e4:62:4f:e6:
         7f:77:9d:e3:46:37:7c:59:d8:97:67:81:40:90:99:a0:10:81:
         08:8b:19:4a:02:53:75:2b:81:f1:71:5d:c8:0d:d4:76:f1:a4:
         23:25:51:bd:f7:c3:b8:46:28:dc:63:bb:53:7b:2d:cc:04:57:
         0a:bd:c3:96
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIT6l2qEgQxgoBmPajKxbPoHo3hIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMjAzMDAwMDAwWhcNMjUwMzEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BiZTJmYzAxM2QzYjJjMzlkMDlmOTQ1NjlkN2I5MGJmNWU0
OTJmN2MzOGIyODU1YmFjMmM4MWY0OTM1NjBlMTYyMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCYvCp1gZW3KAiZZdAE66A52oYjUrAn6fXUcgIstZV3vN9X
et1ZFhN3cNwIhMgzTuu/3kNLi5twkKSzyEfz72G0/nJqrwvvBAgzBJx5tei3aHPI
EiVnv/WP+8GOGarFBYdRw30Myx22pp44HaXbzsLcDCB6P07RmcCvqdePrpiKjVal
/vcK+KvyoQLgyp/LlHyJtfqy88PbXs1WbS5SRbFXRpxd/0Rk8IEvzA+1RhOVf0Hu
LHKaVtlABA/cV4YqAfuf8dvRoxxRJ21Wz+PZb6mrO/IAst5IDbKw7fXdBfFnoIPu
+NvykUJjNe66V8vCWQrtirmGCwMjb6i6RV4hn0YlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUlvDohmmHoe1w43p2HPPPZc8ofAkwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2E1NjFiNGYxLTIyMGItNDhlNS1iNTQ3LTcxZDc1MzFhNjU5Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJcAzAK5hh4kWcXgH1AesotSsqld
pC244ZkmS4RhS8V1jltxiEzc481PCN3cN5af59gp2EJoeH3Ge5c40T8tDpjpqEys
aGjJxrVlOwKxL+/ZZ8Wa0HTsTksl0FJcE8Q8F+wlQDWIBAPlDaLxEOtxVIPH6+NU
0HO6rHdDxYKMZDEIqhtikyiLRtjRQKbsOAcqucNoljdRi590/zfjj5V7HyjJTMh3
v75/cPLkcImIpN82YWotww5cocWJeQnPbOBXjGf95GJP5n93neNGN3xZ2JdngUCQ
maAQgQiLGUoCU3UrgfFxXcgN1HbxpCMlUb33w7hGKNxju1N7LcwEVwq9w5Y=
-----END CERTIFICATE-----