Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a7496a18-cb8e-44a1-bb27-736dac667255.roa
File:                     a7496a18-cb8e-44a1-bb27-736dac667255.roa (raw, json)
Hash identifier:          lR41d9k/M63KG7rovDDf0G5fRbx6xlhu4f+JTS1DUGM=
Subject key identifier:   29:88:61:84:C2:F9:A3:B0:C8:B5:9E:D6:8F:E1:15:F6:E5:DB:51:78
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       12113715F4495B54A2AE254121CA1752D2B44E4D
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a7496a18-cb8e-44a1-bb27-736dac667255.roa
Signing time:             Sat 01 Jul 2023 00:00:00 +0000
ROA not before:           Sat 01 Jul 2023 00:00:00 +0000
ROA not after:            Sat 05 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:11:37:15:f4:49:5b:54:a2:ae:25:41:21:ca:17:52:d2:b4:4e:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul  1 00:00:00 2023 GMT
            Not After : Aug  5 23:59:59 2023 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:4e:4d:cf:16:3a:6c:0f:e2:06:49:73:c7:fd:
                    bc:a3:af:5d:60:9e:2b:13:29:6a:c7:b4:5a:80:89:
                    71:39:a4:b1:99:8f:c9:87:86:ce:e7:cf:55:1d:92:
                    1e:d7:10:32:aa:fe:e1:0b:41:d5:5f:18:30:2d:b1:
                    e6:46:23:28:cc:57:3c:0a:2f:7e:87:b1:55:4f:81:
                    2f:f7:58:86:c3:c6:1e:27:2d:4b:8e:6a:6b:43:01:
                    a2:88:ff:f1:57:0b:23:ba:32:60:51:c5:16:b1:e1:
                    ec:2f:f6:33:28:8f:e7:4e:18:60:e1:44:44:cc:90:
                    c9:3f:9f:65:57:67:6d:1d:34:73:4f:f8:95:af:1c:
                    5c:84:15:5e:dc:35:60:01:09:48:d1:43:b1:5d:36:
                    03:1a:5a:bf:6a:e4:94:16:40:cc:c5:df:2d:c6:9c:
                    60:47:85:c2:7c:dd:a6:4a:f7:82:12:9e:51:93:29:
                    04:d8:bd:55:14:0b:b1:b2:2c:02:1a:5e:69:3e:cd:
                    93:a8:fd:b7:d1:fc:0e:d4:9c:9c:50:34:06:74:c9:
                    42:0e:24:ce:42:f5:25:3b:b8:58:a4:e9:9a:90:5b:
                    51:ac:28:d1:62:92:ed:b6:fb:0e:a8:b6:7c:72:c1:
                    c2:f2:19:c0:ec:01:3f:e4:65:3a:fb:c1:3d:e5:a2:
                    02:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:88:61:84:C2:F9:A3:B0:C8:B5:9E:D6:8F:E1:15:F6:E5:DB:51:78
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a7496a18-cb8e-44a1-bb27-736dac667255.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:39:12:f1:48:80:2c:c5:2e:04:4e:cf:ed:0b:fe:50:e5:51:
         e3:a1:54:bd:aa:ef:01:6d:37:91:3e:1f:90:4b:6d:a5:92:08:
         8f:c7:01:a5:95:e7:76:98:d2:32:13:a9:63:3f:98:0b:0c:0d:
         56:97:dd:f5:c7:b3:e8:fa:b9:26:64:52:74:5f:06:be:be:62:
         f9:b3:66:9c:6c:7e:f8:42:d0:44:d1:ef:32:47:48:bb:b6:92:
         d1:49:c0:25:58:3f:62:aa:60:cb:d1:a4:15:72:83:9d:cc:ed:
         f1:cf:88:b0:1f:2f:65:f3:ec:e3:08:db:69:30:3d:c8:0e:09:
         fc:de:1b:42:ed:95:50:c1:fc:c9:de:86:9d:d2:bd:21:32:a2:
         b7:ff:7a:ac:12:b5:0d:b5:cc:49:07:c9:4e:90:d0:ca:37:9e:
         7d:ea:49:38:0b:56:a3:c5:b5:a3:a6:24:4c:ed:25:17:bb:39:
         9e:67:24:57:99:87:46:b2:f7:9f:15:b5:0f:ea:c9:a2:b6:49:
         5a:f8:d9:4d:e6:e6:48:2c:80:1d:2a:41:0a:90:fe:01:6d:a5:
         08:80:e1:18:33:69:b4:43:84:7c:8d:2e:0f:ec:03:d6:1c:cb:
         46:99:46:12:bb:b6:aa:d1:f2:0c:40:f4:12:69:bd:c7:32:c1:
         af:7c:64:2e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEhE3FfRJW1SiriVBIcoXUtK0Tk0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNzAxMDAwMDAwWhcNMjMwODA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A5OWM5MTE1ZjBmZTVhNzVhMTZhNmRlN2I2MGJhYmQ1MTUy
NjdkNTIzYTA1NDNmMWUyYzUxZGI4ZDgyNjBmY2ZjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0Tk3PFjpsD+IGSXPH/byjr11gnisTKWrHtFqAiXE5pLGZ
j8mHhs7nz1Udkh7XEDKq/uELQdVfGDAtseZGIyjMVzwKL36HsVVPgS/3WIbDxh4n
LUuOamtDAaKI//FXCyO6MmBRxRax4ewv9jMoj+dOGGDhRETMkMk/n2VXZ20dNHNP
+JWvHFyEFV7cNWABCUjRQ7FdNgMaWr9q5JQWQMzF3y3GnGBHhcJ83aZK94ISnlGT
KQTYvVUUC7GyLAIaXmk+zZOo/bfR/A7UnJxQNAZ0yUIOJM5C9SU7uFik6ZqQW1Gs
KNFiku22+w6otnxywcLyGcDsAT/kZTr7wT3logK3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUKYhhhML5o7DItZ7Wj+EV9uXbUXgwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2E3NDk2YTE4LWNiOGUtNDRhMS1iYjI3LTczNmRhYzY2NzI1NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADY5EvFIgCzFLgROz+0L/lDlUeOh
VL2q7wFtN5E+H5BLbaWSCI/HAaWV53aY0jITqWM/mAsMDVaX3fXHs+j6uSZkUnRf
Br6+YvmzZpxsfvhC0ETR7zJHSLu2ktFJwCVYP2KqYMvRpBVyg53M7fHPiLAfL2Xz
7OMI22kwPcgOCfzeG0LtlVDB/Mnehp3SvSEyorf/eqwStQ21zEkHyU6Q0Mo3nn3q
STgLVqPFtaOmJEztJRe7OZ5nJFeZh0ay958VtQ/qyaK2SVr42U3m5kgsgB0qQQqQ
/gFtpQiA4RgzabRDhHyNLg/sA9Ycy0aZRhK7tqrR8gxA9BJpvccywa98ZC4=
-----END CERTIFICATE-----