Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b240898b-6a38-4210-ba02-f406e72c7173.roa
File:                     b240898b-6a38-4210-ba02-f406e72c7173.roa (raw, json)
Hash identifier:          dSGTqzDvn06knca1sklNvy391Q2xz+m4AxsdFygtMNs=
Subject key identifier:   20:51:FD:CD:C8:81:E4:AB:BA:1B:94:B1:39:A3:5F:CF:2F:92:70:37
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7C447823F868D7B0B49BDE77A1AF454CDC8CAAF0
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b240898b-6a38-4210-ba02-f406e72c7173.roa
Signing time:             Fri 30 Jun 2023 00:00:00 +0000
ROA not before:           Fri 30 Jun 2023 00:00:00 +0000
ROA not after:            Fri 04 Aug 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:44:78:23:f8:68:d7:b0:b4:9b:de:77:a1:af:45:4c:dc:8c:aa:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 30 00:00:00 2023 GMT
            Not After : Aug  4 23:59:59 2023 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:d0:ca:a7:f7:70:20:a1:f9:3c:4f:4f:a6:b7:
                    49:ca:9e:0f:35:7c:c7:d1:d7:5b:be:0f:77:75:8c:
                    9b:78:ee:13:a2:d6:1a:f4:0a:5e:41:ff:84:48:29:
                    1e:c3:d1:8c:50:4e:81:6d:ad:39:7c:d8:c5:50:7c:
                    25:70:c9:e5:09:de:0b:2c:98:66:aa:37:03:9f:2c:
                    be:28:90:5a:f1:27:d7:2f:a8:bb:a5:da:88:1a:3a:
                    67:fe:c8:3f:9d:d8:fd:6b:a8:f0:b1:55:32:2f:4a:
                    06:f5:1b:85:bb:3e:d9:61:36:24:15:6a:dd:cb:8d:
                    53:54:b7:2f:24:a6:85:03:70:42:ff:d4:1c:90:94:
                    c0:a7:9f:2d:e6:72:85:c1:4a:15:31:05:8e:24:18:
                    89:49:a0:4a:a7:72:d9:ac:b2:fa:48:82:92:73:49:
                    f1:1b:f6:01:6f:46:ad:2e:d0:83:b7:66:3f:99:4a:
                    7a:17:c0:61:c9:c4:43:27:13:a6:c4:82:26:f5:ff:
                    e1:0a:72:10:bf:2d:a3:66:a5:a9:e3:a3:20:23:66:
                    fd:1b:ee:94:35:7f:e7:af:21:7b:f4:84:27:bf:7a:
                    ec:f5:f9:4e:a1:38:db:ec:c9:4a:4d:f5:8a:04:d7:
                    48:04:5d:8c:fe:65:69:cb:7f:54:8a:c3:cd:6e:d9:
                    a4:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:51:FD:CD:C8:81:E4:AB:BA:1B:94:B1:39:A3:5F:CF:2F:92:70:37
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b240898b-6a38-4210-ba02-f406e72c7173.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:d3:e6:b8:c6:42:bb:a8:5d:9e:7c:a5:bf:d1:86:c5:29:88:
         43:eb:ff:9a:e1:36:5e:4e:29:4d:6d:c3:49:30:89:ad:f4:06:
         bd:4a:19:54:5f:88:c0:3c:45:9b:27:45:2f:c5:a4:8d:62:36:
         97:ad:2d:36:e0:5b:7b:3c:a9:f1:c5:ce:57:60:18:9c:e2:75:
         9b:66:01:a9:b8:7e:55:3b:04:cb:2f:ca:9e:e9:e4:ed:36:17:
         68:49:6b:d0:4e:f7:74:4c:04:56:f4:5c:ae:ec:7e:a3:03:98:
         ca:17:99:bb:61:29:b8:c3:f8:3f:b3:7a:fb:92:b8:9f:b4:b2:
         30:65:4f:1e:00:13:d4:0e:07:86:51:4b:e8:fb:d2:35:0d:0c:
         6c:69:6f:8e:32:3d:15:60:3b:8b:cc:79:f9:01:30:dc:7e:3c:
         7e:de:5a:35:b2:ff:4e:6a:73:bd:65:f3:5b:6e:91:8e:8a:eb:
         43:de:b1:4d:4f:51:0f:9a:ce:9e:3e:51:bd:3c:54:7c:9a:68:
         0c:7d:f4:e6:3b:91:2f:79:00:6e:a3:3e:ea:5c:b7:3f:3e:c8:
         d9:3e:17:67:50:fc:56:ae:d0:38:b1:3f:84:91:5e:a0:01:e5:
         da:6d:81:80:00:d0:78:1a:2d:1b:f7:b2:1d:2e:dd:84:36:9f:
         b0:9d:6a:71
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfER4I/ho17C0m953oa9FTNyMqvAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwNjMwMDAwMDAwWhcNMjMwODA0MjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZjlhNmY3YTViOTkxZjFhNWIyMzViMTk1MGI0MmFiNjM4
MGE0Y2EwNjllZGEyMjRhYzMxMTIyNzQxNTJlY2QzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCJ0Mqn93Agofk8T0+mt0nKng81fMfR11u+D3d1jJt47hOi
1hr0Cl5B/4RIKR7D0YxQToFtrTl82MVQfCVwyeUJ3gssmGaqNwOfLL4okFrxJ9cv
qLul2ogaOmf+yD+d2P1rqPCxVTIvSgb1G4W7PtlhNiQVat3LjVNUty8kpoUDcEL/
1ByQlMCnny3mcoXBShUxBY4kGIlJoEqnctmssvpIgpJzSfEb9gFvRq0u0IO3Zj+Z
SnoXwGHJxEMnE6bEgib1/+EKchC/LaNmpanjoyAjZv0b7pQ1f+evIXv0hCe/euz1
+U6hONvsyUpN9YoE10gEXYz+ZWnLf1SKw81u2aSfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIFH9zciB5Ku6G5SxOaNfzy+ScDcwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2IyNDA4OThiLTZhMzgtNDIxMC1iYTAyLWY0MDZlNzJjNzE3My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEvT5rjGQruoXZ58pb/RhsUpiEPr
/5rhNl5OKU1tw0kwia30Br1KGVRfiMA8RZsnRS/FpI1iNpetLTbgW3s8qfHFzldg
GJzidZtmAam4flU7BMsvyp7p5O02F2hJa9BO93RMBFb0XK7sfqMDmMoXmbthKbjD
+D+zevuSuJ+0sjBlTx4AE9QOB4ZRS+j70jUNDGxpb44yPRVgO4vMefkBMNx+PH7e
WjWy/05qc71l81tukY6K60PesU1PUQ+azp4+Ub08VHyaaAx99OY7kS95AG6jPupc
tz8+yNk+F2dQ/Fau0DixP4SRXqAB5dptgYAA0HgaLRv3sh0u3YQ2n7CdanE=
-----END CERTIFICATE-----