Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/befac131-44ab-4039-8078-c968db7e511e.roa
File:                     befac131-44ab-4039-8078-c968db7e511e.roa (raw, json)
Hash identifier:          YO+Vab4b9vxYl4G7/B342cJUpUr6jFR01O17j8aMTB8=
Subject key identifier:   85:56:2E:00:B5:24:7F:CC:A3:FA:6B:CC:6A:A2:39:23:B8:EA:5F:57
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       74A1504CD1602F8E507E206A783F37CF2419ADF4
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/befac131-44ab-4039-8078-c968db7e511e.roa
Signing time:             Sun 15 Dec 2024 00:00:00 +0000
ROA not before:           Sun 15 Dec 2024 00:00:00 +0000
ROA not after:            Sun 19 Jan 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:a1:50:4c:d1:60:2f:8e:50:7e:20:6a:78:3f:37:cf:24:19:ad:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 15 00:00:00 2024 GMT
            Not After : Jan 19 23:59:59 2025 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:59:aa:85:8a:c8:b5:a3:c0:00:2c:d5:ee:38:
                    16:f7:a5:f7:72:f9:77:ae:57:4b:3d:82:26:9a:14:
                    a0:f8:c8:4a:29:15:ed:e9:eb:7f:a6:7a:72:95:19:
                    4f:b0:02:54:b5:d7:8c:87:fa:85:b5:3f:5a:82:6b:
                    22:01:97:8a:14:4e:5f:60:3b:1c:59:d4:e8:0b:18:
                    b4:c5:a5:62:86:eb:6a:d7:59:c5:dd:6b:1a:f2:f6:
                    01:f7:80:e3:7e:ef:73:55:83:60:5b:f0:1f:a6:6f:
                    27:43:7a:b1:d1:e1:c1:79:2d:96:06:54:f8:2b:62:
                    e0:3c:df:96:fe:7c:eb:a4:28:2d:7e:19:98:f3:f7:
                    e0:ee:0c:0c:f7:38:05:bc:fe:94:1c:c8:dd:6b:17:
                    98:8d:f7:54:b5:9c:bf:5c:08:31:40:8c:15:69:a5:
                    f8:3b:72:71:bd:e2:55:e0:15:21:c8:09:91:72:e4:
                    61:11:47:53:d4:a9:b3:ed:c5:c0:66:54:f9:3d:15:
                    e4:46:a6:18:35:f4:39:2e:74:1a:a1:80:ce:d5:1a:
                    68:4f:0b:f4:5c:4e:08:74:c5:0e:09:d3:f0:e2:8c:
                    c9:ef:00:2d:24:4e:87:63:ba:55:26:6f:bb:9e:28:
                    44:88:51:7f:fc:3f:3e:9a:ab:b3:90:07:1b:c9:dc:
                    dd:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:56:2E:00:B5:24:7F:CC:A3:FA:6B:CC:6A:A2:39:23:B8:EA:5F:57
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/befac131-44ab-4039-8078-c968db7e511e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:56:ba:23:a9:3b:ae:68:f7:d3:62:07:80:d1:7d:9c:e2:24:
         fb:42:ab:5a:ad:ea:67:ec:2c:f2:67:64:12:1d:48:ce:80:92:
         d7:0b:b4:6d:e7:3a:1e:49:ae:a7:6e:53:20:50:ca:41:a9:2b:
         e2:18:25:31:a4:ec:a7:c5:c4:8d:e4:87:f6:59:2a:08:3e:29:
         77:da:14:eb:4d:19:57:c1:1f:1e:98:a7:7b:ad:30:32:91:93:
         a3:9c:07:82:e5:f8:f0:64:b9:73:2c:ef:47:65:49:b6:05:1a:
         07:9b:96:d3:05:f3:42:61:89:3f:10:2c:b3:1c:6e:6c:17:86:
         7d:0c:27:08:9c:ba:52:89:0a:18:1e:e3:75:06:2e:52:58:dc:
         af:7a:e4:34:b2:d0:ae:9b:5a:d8:3f:0f:f1:cc:6d:c2:8b:63:
         17:2d:67:7f:a7:51:c8:94:ec:09:1d:d7:33:96:bd:87:c3:48:
         0a:16:b5:eb:f7:cf:61:ca:e4:82:80:d3:2f:12:d4:49:63:f0:
         ba:4b:60:c8:56:ba:1b:f6:ce:e4:3c:8e:e9:c7:08:bd:12:9a:
         b6:d3:3b:20:bd:be:1c:a1:72:a6:0b:bb:db:2c:cd:a0:36:f0:
         1f:e9:5a:51:15:8d:7b:90:c3:63:3a:0c:09:1b:61:d3:64:53:
         9b:6e:7e:09
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdKFQTNFgL45QfiBqeD83zyQZrfQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMjE1MDAwMDAwWhcNMjUwMTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0A0OGQ5Y2Y0OGM4ZGJjMzVkYTM5Njc1YTg0NmNkMzJlNmFl
MGNhY2Y2YTBhY2UzYmQ1YTVmZTI5YjhjMWI3ZGM5MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQClWaqFisi1o8AALNXuOBb3pfdy+XeuV0s9giaaFKD4yEop
Fe3p63+menKVGU+wAlS114yH+oW1P1qCayIBl4oUTl9gOxxZ1OgLGLTFpWKG62rX
WcXdaxry9gH3gON+73NVg2Bb8B+mbydDerHR4cF5LZYGVPgrYuA835b+fOukKC1+
GZjz9+DuDAz3OAW8/pQcyN1rF5iN91S1nL9cCDFAjBVppfg7cnG94lXgFSHICZFy
5GERR1PUqbPtxcBmVPk9FeRGphg19DkudBqhgM7VGmhPC/RcTgh0xQ4J0/DijMnv
AC0kTodjulUmb7ueKESIUX/8Pz6aq7OQBxvJ3N3fAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUhVYuALUkf8yj+mvMaqI5I7jqX1cwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2JlZmFjMTMxLTQ0YWItNDAzOS04MDc4LWM5NjhkYjdlNTExZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACRWuiOpO65o99NiB4DRfZziJPtC
q1qt6mfsLPJnZBIdSM6AktcLtG3nOh5JrqduUyBQykGpK+IYJTGk7KfFxI3kh/ZZ
Kgg+KXfaFOtNGVfBHx6Yp3utMDKRk6OcB4Ll+PBkuXMs70dlSbYFGgebltMF80Jh
iT8QLLMcbmwXhn0MJwiculKJChge43UGLlJY3K965DSy0K6bWtg/D/HMbcKLYxct
Z3+nUciU7Akd1zOWvYfDSAoWtev3z2HK5IKA0y8S1Elj8LpLYMhWuhv2zuQ8junH
CL0SmrbTOyC9vhyhcqYLu9sszaA28B/pWlEVjXuQw2M6DAkbYdNkU5tufgk=
-----END CERTIFICATE-----