Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b3815519-231f-4073-88a9-faf44517bb63.roa
File:                     b3815519-231f-4073-88a9-faf44517bb63.roa (raw, json)
Hash identifier:          F7aOYThw5Lq2atgRA5d5FVZaQqKfWezCs8bVfnTaLuk=
Subject key identifier:   27:A1:64:77:A8:F2:0B:FB:73:0D:4E:91:1A:F2:76:CF:58:5C:0F:4D
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       71A1492B73C9F471131262149D523DEBBA52C2C1
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b3815519-231f-4073-88a9-faf44517bb63.roa
Signing time:             Thu 27 Feb 2025 06:28:13 +0000
ROA not before:           Thu 27 Feb 2025 06:28:13 +0000
ROA not after:            Thu 03 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:a1:49:2b:73:c9:f4:71:13:12:62:14:9d:52:3d:eb:ba:52:c2:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb 27 06:28:13 2025 GMT
            Not After : Apr  3 23:59:59 2025 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:33:fd:69:d1:18:61:9e:99:f4:76:35:dd:14:
                    18:05:ec:de:f3:9a:67:bc:09:12:ef:46:48:ea:5e:
                    55:09:0a:e9:5c:ba:8f:06:5f:d1:b3:3b:33:f9:b1:
                    da:db:ed:ce:8d:ed:e1:76:4e:90:96:fa:42:89:23:
                    ca:ae:45:b2:90:c9:83:f3:08:d2:a5:28:bd:64:40:
                    fb:24:8e:0b:db:a8:99:7d:d6:0c:a8:9c:3c:8b:7d:
                    5c:9e:69:b9:7b:cf:18:0c:c5:7c:f1:c9:99:14:ce:
                    5e:cd:c2:1e:20:a7:2e:be:15:f4:e7:94:9d:01:c6:
                    50:0f:55:2e:9d:51:ef:cf:35:7b:b2:16:81:67:ad:
                    5d:95:9c:6d:fa:45:5b:e1:ed:52:dd:76:a0:6b:87:
                    50:44:3d:01:0e:5e:73:20:49:de:90:a5:11:1e:b6:
                    7d:b7:aa:59:38:ac:2e:48:e7:9e:c4:e4:8c:c2:35:
                    49:3f:7e:12:7e:00:9d:d7:71:01:4a:a7:cc:93:d7:
                    5f:91:55:14:40:f2:2d:2b:c3:f2:4d:3d:45:96:b3:
                    e7:62:7c:6d:46:ce:39:cf:83:ed:4b:e3:04:61:75:
                    ba:2d:24:08:bc:15:2f:cc:91:4a:65:a4:63:96:7a:
                    d9:a2:c3:c5:b9:1a:0b:5c:6b:9d:5b:ce:d4:7e:6b:
                    e0:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:A1:64:77:A8:F2:0B:FB:73:0D:4E:91:1A:F2:76:CF:58:5C:0F:4D
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/b3815519-231f-4073-88a9-faf44517bb63.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:1f:4a:df:f1:05:eb:9d:f7:cc:dd:16:ee:29:bf:7f:2d:b6:
         d4:37:f8:5f:d4:2f:3a:79:11:b0:09:76:1a:10:a5:75:6e:22:
         66:60:05:3e:2b:31:0a:97:13:14:0d:c4:73:75:3f:31:5b:cf:
         6b:b7:0f:f4:c9:54:1b:99:f2:f1:6e:78:f0:0f:bc:4f:04:90:
         56:09:b9:79:97:84:01:18:e5:fb:7f:de:79:9a:32:9d:79:13:
         ee:94:7a:18:12:d5:30:97:e2:f6:63:d6:fd:6c:38:f6:82:f0:
         78:7d:4a:6d:31:ba:17:a9:74:72:4b:11:c4:d0:3a:a6:f2:89:
         83:55:20:6d:c7:60:8b:9d:23:ea:74:4d:76:b1:09:11:0e:c0:
         23:5e:76:b5:9e:b5:52:3d:c6:4a:a2:9f:55:55:b9:f9:c6:e3:
         a9:1b:ef:25:6d:69:5a:3f:db:49:09:6b:f8:40:58:cf:30:f1:
         32:a4:99:a7:f1:11:74:31:d9:82:27:d9:7e:0b:cb:16:ca:db:
         d0:35:93:a6:64:34:3d:82:b3:a4:38:e1:c6:69:ed:db:b2:7d:
         b6:5a:e8:e2:e5:74:08:04:d3:fd:76:2d:6a:8e:b1:a3:62:d4:
         bd:88:bb:d5:2f:4f:81:ad:ad:8c:1b:46:39:78:85:0b:5c:1a:
         ad:91:07:98
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcaFJK3PJ9HETEmIUnVI967pSwsEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMjI3MDYyODEzWhcNMjUwNDAzMjM1OTU5
WjB6MUkwRwYDVQQFE0AzZDg2NjE3OTBhNTg1Zjg5MTIyNDcxYjk3NjZmMzZmMWQ1
ODY2NDcxYWRjNjA2MDA4ZWNhYTkzYWIzZTUyNzUwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCJM/1p0Rhhnpn0djXdFBgF7N7zmme8CRLvRkjqXlUJCulc
uo8GX9GzOzP5sdrb7c6N7eF2TpCW+kKJI8quRbKQyYPzCNKlKL1kQPskjgvbqJl9
1gyonDyLfVyeabl7zxgMxXzxyZkUzl7Nwh4gpy6+FfTnlJ0BxlAPVS6dUe/PNXuy
FoFnrV2VnG36RVvh7VLddqBrh1BEPQEOXnMgSd6QpREetn23qlk4rC5I557E5IzC
NUk/fhJ+AJ3XcQFKp8yT11+RVRRA8i0rw/JNPUWWs+difG1GzjnPg+1L4wRhdbot
JAi8FS/MkUplpGOWetmiw8W5Ggtca51bztR+a+DdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUJ6Fkd6jyC/tzDU6RGvJ2z1hcD00wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2IzODE1NTE5LTIzMWYtNDA3My04OGE5LWZhZjQ0NTE3YmI2My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJcfSt/xBeud98zdFu4pv38tttQ3
+F/ULzp5EbAJdhoQpXVuImZgBT4rMQqXExQNxHN1PzFbz2u3D/TJVBuZ8vFuePAP
vE8EkFYJuXmXhAEY5ft/3nmaMp15E+6UehgS1TCX4vZj1v1sOPaC8Hh9Sm0xuhep
dHJLEcTQOqbyiYNVIG3HYIudI+p0TXaxCREOwCNedrWetVI9xkqin1VVufnG46kb
7yVtaVo/20kJa/hAWM8w8TKkmafxEXQx2YIn2X4LyxbK29A1k6ZkND2Cs6Q44cZp
7duyfbZa6OLldAgE0/12LWqOsaNi1L2Iu9UvT4GtrYwbRjl4hQtcGq2RB5g=
-----END CERTIFICATE-----