Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ac906e95-ad2e-43ce-a01e-d43f8347dcba.roa
File:                     ac906e95-ad2e-43ce-a01e-d43f8347dcba.roa (raw, json)
Hash identifier:          ztrcZvoWfjjv7buHj7Ikzc/ukimOOmr4qtfFrJ9MWa0=
Subject key identifier:   B9:7D:F0:91:AF:01:FA:2C:6E:26:4A:F5:84:D5:74:CB:47:0F:16:A8
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3DEE7C0B7E545534E2583B2B3953929B448E8740
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ac906e95-ad2e-43ce-a01e-d43f8347dcba.roa
Signing time:             Tue 02 Jan 2024 00:00:00 +0000
ROA not before:           Tue 02 Jan 2024 00:00:00 +0000
ROA not after:            Tue 06 Feb 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:ee:7c:0b:7e:54:55:34:e2:58:3b:2b:39:53:92:9b:44:8e:87:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jan  2 00:00:00 2024 GMT
            Not After : Feb  6 23:59:59 2024 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:51:cd:da:7a:d2:ff:92:16:63:73:29:8d:7d:
                    77:bf:be:52:01:7d:89:57:b1:b6:a7:e2:cc:f1:08:
                    4c:3d:23:b6:6f:c4:68:1a:64:3b:79:f8:63:de:84:
                    65:69:dc:3c:fb:43:4c:60:30:a0:ce:04:61:71:de:
                    ad:f1:be:ac:92:6e:2a:6e:5a:8b:b9:bf:0b:cf:4b:
                    ee:4a:86:c9:40:79:a1:90:cd:32:8a:7c:40:75:20:
                    20:ea:52:36:74:89:76:3e:97:5e:74:85:44:4a:92:
                    a1:f9:36:95:8a:fa:ba:2c:c2:04:12:0d:82:1e:c4:
                    22:72:f2:4d:13:fd:c8:c8:80:24:a7:c8:0a:b8:58:
                    7d:b2:d3:22:85:fd:c2:90:ef:b7:31:9d:19:80:09:
                    1b:65:02:79:00:c8:d8:f4:c7:a4:40:6f:fd:6d:96:
                    51:91:dc:18:da:76:42:05:53:01:65:05:4a:a0:c3:
                    15:bb:50:2e:48:96:63:50:38:35:2a:8b:c5:63:07:
                    bb:d4:73:e2:c4:13:2a:08:4e:01:f1:4e:8b:f6:b4:
                    66:8d:57:b6:14:0f:1d:56:fb:45:b8:3b:8d:1c:93:
                    0e:a0:8d:3a:77:e7:db:b5:b0:ef:ea:0f:b9:3f:10:
                    0c:91:d2:d3:24:0c:a0:22:8d:e0:2c:c5:25:5c:08:
                    69:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:7D:F0:91:AF:01:FA:2C:6E:26:4A:F5:84:D5:74:CB:47:0F:16:A8
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ac906e95-ad2e-43ce-a01e-d43f8347dcba.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:d8:6e:2c:83:11:55:ef:78:78:65:a6:22:1e:3a:65:d0:aa:
         46:5d:62:f2:0f:f1:80:c5:d8:21:12:02:c1:36:e7:48:82:94:
         b6:9e:85:ab:50:cb:18:e2:92:27:97:05:29:98:78:45:2b:20:
         03:2a:75:da:c2:9f:12:bf:48:84:9e:04:06:f8:e2:0d:ef:a7:
         99:9e:20:c3:49:2b:2e:77:2d:60:dd:b3:f2:35:4b:f4:14:fc:
         47:20:fa:e7:89:ca:fc:b4:2d:d5:bd:f5:d1:98:b4:3e:12:da:
         99:ca:fd:f1:6a:b8:7b:95:66:6f:b9:d7:21:87:44:44:b1:1f:
         1f:33:b2:95:27:e8:3c:78:26:4e:b1:eb:c2:52:24:ae:10:94:
         66:8c:29:21:30:1c:cd:87:04:84:52:28:67:c4:f6:b4:7c:e4:
         56:e9:ba:59:3e:50:7d:64:de:c0:7e:15:47:ea:9a:7a:c0:e2:
         75:78:2b:6a:e8:19:62:5b:2c:90:f6:47:2f:c1:55:4d:fe:d6:
         15:a1:1d:5c:39:e5:2f:2e:73:78:62:5e:45:b7:5d:b6:00:57:
         41:5a:2d:05:eb:8e:17:53:59:23:a0:5b:ce:ab:14:50:50:0a:
         0f:e9:0b:ab:8e:af:32:8d:c2:f6:cf:7e:0a:24:33:fe:6b:1e:
         88:e2:86:5e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPe58C35UVTTiWDsrOVOSm0SOh0AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMTAyMDAwMDAwWhcNMjQwMjA2MjM1OTU5
WjB6MUkwRwYDVQQFE0AzMjZlZTkzNDU5ZDRjMDIxOTQxMTJjN2JkMjhiMTYwODlh
ODhlYzY1YjAwMDQ0MmFkNGM2NjYwMDRhNzAwY2Q1MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDtUc3aetL/khZjcymNfXe/vlIBfYlXsban4szxCEw9I7Zv
xGgaZDt5+GPehGVp3Dz7Q0xgMKDOBGFx3q3xvqySbipuWou5vwvPS+5KhslAeaGQ
zTKKfEB1ICDqUjZ0iXY+l150hURKkqH5NpWK+roswgQSDYIexCJy8k0T/cjIgCSn
yAq4WH2y0yKF/cKQ77cxnRmACRtlAnkAyNj0x6RAb/1tllGR3BjadkIFUwFlBUqg
wxW7UC5IlmNQODUqi8VjB7vUc+LEEyoITgHxTov2tGaNV7YUDx1W+0W4O40ckw6g
jTp359u1sO/qD7k/EAyR0tMkDKAijeAsxSVcCGnfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUuX3wka8B+ixuJkr1hNV0y0cPFqgwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2FjOTA2ZTk1LWFkMmUtNDNjZS1hMDFlLWQ0M2Y4MzQ3ZGNiYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALfYbiyDEVXveHhlpiIeOmXQqkZd
YvIP8YDF2CESAsE250iClLaehatQyxjikieXBSmYeEUrIAMqddrCnxK/SISeBAb4
4g3vp5meIMNJKy53LWDds/I1S/QU/Ecg+ueJyvy0LdW99dGYtD4S2pnK/fFquHuV
Zm+51yGHRESxHx8zspUn6Dx4Jk6x68JSJK4QlGaMKSEwHM2HBIRSKGfE9rR85Fbp
ulk+UH1k3sB+FUfqmnrA4nV4K2roGWJbLJD2Ry/BVU3+1hWhHVw55S8uc3hiXkW3
XbYAV0FaLQXrjhdTWSOgW86rFFBQCg/pC6uOrzKNwvbPfgokM/5rHojihl4=
-----END CERTIFICATE-----