Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b1b447ba-9ed5-4f1e-9558-4c3c03818bcf.roa
File:                     b1b447ba-9ed5-4f1e-9558-4c3c03818bcf.roa (raw, json)
Hash identifier:          yp1C73NByBQOYRvzUaVTAHIwg6ljyE29KL0t2TROhLI=
Subject key identifier:   BF:3C:EC:83:F8:D8:46:41:87:30:77:EF:8D:42:79:79:FA:A2:8C:AA
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5276080D3FA17A515A586527DE98C49E5C846BB2
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b1b447ba-9ed5-4f1e-9558-4c3c03818bcf.roa
Signing time:             Sun 01 Oct 2023 00:00:00 +0000
ROA not before:           Sun 01 Oct 2023 00:00:00 +0000
ROA not after:            Sun 05 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:76:08:0d:3f:a1:7a:51:5a:58:65:27:de:98:c4:9e:5c:84:6b:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct  1 00:00:00 2023 GMT
            Not After : Nov  5 23:59:59 2023 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:99:c6:46:d2:34:df:99:4e:1b:a7:ef:1f:0a:
                    47:38:9c:38:8d:f9:52:52:7b:00:59:78:25:c7:8d:
                    24:12:18:7c:6c:46:e9:4d:e8:e6:3c:26:66:a7:94:
                    f3:cf:1f:60:e2:6d:98:34:96:3f:2d:02:82:63:73:
                    9d:94:63:c0:bf:1f:35:ec:29:89:f5:11:fe:f3:34:
                    7e:af:dc:9c:c8:31:77:c1:72:68:f2:91:2e:84:7b:
                    0e:ae:5e:d6:3f:82:42:14:95:1f:58:e5:fd:cc:e3:
                    1a:f0:db:18:df:7a:f3:23:65:87:29:ed:f5:31:24:
                    87:90:91:25:53:ba:d4:1f:11:05:48:ba:9c:53:97:
                    7d:14:e4:83:9f:23:ab:a9:b3:e6:1b:1b:a8:6a:fa:
                    c2:47:33:e1:3b:4b:14:de:e5:d6:b2:9e:db:47:11:
                    e4:4b:5d:64:fc:fd:19:cd:0b:dd:b1:1d:0f:dd:9a:
                    72:e0:61:13:3e:ee:1f:61:9d:23:ea:52:e1:4a:31:
                    ad:a3:7f:3e:4a:22:8c:82:11:ac:37:8b:70:8a:ae:
                    02:30:95:00:52:9a:e4:89:f5:4b:7a:b3:15:31:d3:
                    50:98:e5:17:ab:bd:2d:6d:8e:ed:45:77:42:60:36:
                    a7:e3:24:8a:11:a9:38:70:f0:05:d5:7d:e5:98:39:
                    80:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:3C:EC:83:F8:D8:46:41:87:30:77:EF:8D:42:79:79:FA:A2:8C:AA
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b1b447ba-9ed5-4f1e-9558-4c3c03818bcf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:ad:dc:c8:4a:69:d7:32:4d:8c:37:45:3e:de:3c:c3:34:c7:
         42:42:1f:36:c1:19:2f:fe:cd:19:cf:87:fa:44:3f:c8:a6:d0:
         c4:2f:c5:90:1e:eb:bf:e2:1e:13:33:fa:67:c0:99:32:78:bb:
         5f:8d:4e:39:aa:7b:2f:9a:15:9a:81:a9:bc:bb:24:2f:7c:80:
         25:10:71:20:6d:37:56:c9:7d:24:15:e1:2a:2e:52:42:54:ed:
         ae:ac:11:f0:70:de:e2:c4:a6:8e:1f:a4:04:84:60:f6:af:8d:
         24:d7:45:af:98:66:54:75:49:8c:f5:2b:f3:15:d5:4d:9e:3e:
         ef:c6:2c:5a:d9:a9:d8:85:52:68:f6:d5:0b:2c:e3:38:a5:e8:
         c2:5b:3c:f7:63:fb:de:75:87:96:b7:b5:bb:5a:f8:ea:0a:b4:
         6c:82:8a:ab:b7:2e:d3:af:b6:24:df:74:01:59:8b:e7:83:98:
         19:79:4c:10:d1:07:8b:67:e0:74:30:df:35:41:f5:03:37:f8:
         1c:a4:94:1b:64:85:d7:8e:77:14:a0:3e:c1:b5:18:ff:33:fe:
         19:07:ae:59:59:69:8f:34:f7:dc:d0:ac:2d:c3:63:74:ad:40:
         09:25:6a:f7:dc:9f:32:58:55:5d:21:54:4c:8e:4e:86:80:33:
         3d:ab:58:55
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUnYIDT+helFaWGUn3pjEnlyEa7IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDAxMDAwMDAwWhcNMjMxMTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0AzNzRhMjI1OGIyNWY1ODQ0YWU4MTM0ZGYyZmY1ODNjNDg0
OWRiYzYwYjljNWMxMmZiNzA1YzJjY2RmY2QxYTY5MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDwmcZG0jTfmU4bp+8fCkc4nDiN+VJSewBZeCXHjSQSGHxs
RulN6OY8JmanlPPPH2DibZg0lj8tAoJjc52UY8C/HzXsKYn1Ef7zNH6v3JzIMXfB
cmjykS6Eew6uXtY/gkIUlR9Y5f3M4xrw2xjfevMjZYcp7fUxJIeQkSVTutQfEQVI
upxTl30U5IOfI6ups+YbG6hq+sJHM+E7SxTe5daynttHEeRLXWT8/RnNC92xHQ/d
mnLgYRM+7h9hnSPqUuFKMa2jfz5KIoyCEaw3i3CKrgIwlQBSmuSJ9Ut6sxUx01CY
5RervS1tju1Fd0JgNqfjJIoRqThw8AXVfeWYOYA5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUvzzsg/jYRkGHMHfvjUJ5efqijKowHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2IxYjQ0N2JhLTllZDUtNGYxZS05NTU4LTRjM2MwMzgxOGJjZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGit3MhKadcyTYw3RT7ePMM0x0JC
HzbBGS/+zRnPh/pEP8im0MQvxZAe67/iHhMz+mfAmTJ4u1+NTjmqey+aFZqBqby7
JC98gCUQcSBtN1bJfSQV4SouUkJU7a6sEfBw3uLEpo4fpASEYPavjSTXRa+YZlR1
SYz1K/MV1U2ePu/GLFrZqdiFUmj21Qss4zil6MJbPPdj+951h5a3tbta+OoKtGyC
iqu3LtOvtiTfdAFZi+eDmBl5TBDRB4tn4HQw3zVB9QM3+ByklBtkhdeOdxSgPsG1
GP8z/hkHrllZaY8099zQrC3DY3StQAklavfcnzJYVV0hVEyOToaAMz2rWFU=
-----END CERTIFICATE-----