Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/cd5315fa-23af-4447-990b-3920f59f8325.roa
File:                     cd5315fa-23af-4447-990b-3920f59f8325.roa (raw, json)
Hash identifier:          sDf/96nOw1onVFlTOhU3v5Yh5J7F6cibTixc7uZdDjw=
Subject key identifier:   DF:62:01:94:62:0A:0C:E3:6A:9D:9D:11:AC:FE:DE:0E:3D:3D:A0:77
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       6469F1A0F6541ABA73BCA29564197DF6508D2AE2
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/cd5315fa-23af-4447-990b-3920f59f8325.roa
Signing time:             Wed 19 Feb 2025 01:03:21 +0000
ROA not before:           Wed 19 Feb 2025 01:03:21 +0000
ROA not after:            Wed 26 Mar 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:69:f1:a0:f6:54:1a:ba:73:bc:a2:95:64:19:7d:f6:50:8d:2a:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb 19 01:03:21 2025 GMT
            Not After : Mar 26 23:59:59 2025 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:f4:78:22:7b:d5:eb:8f:ae:e6:b8:73:f1:52:
                    a1:f6:99:f6:3c:b9:92:58:83:16:62:54:ba:99:fd:
                    21:80:f1:df:df:04:7a:03:24:4b:69:9a:3a:c4:e6:
                    1c:59:fb:4f:b3:0d:4a:8b:5a:1b:c7:3c:cd:84:eb:
                    0a:b7:6f:7c:d0:ca:f2:43:b7:d7:2d:07:4b:ae:bd:
                    01:7c:c8:5c:1c:75:d3:ff:2b:b3:6b:e1:66:61:cb:
                    a6:28:f5:ce:5b:43:67:8d:71:74:ac:1e:67:d7:68:
                    02:43:80:20:ff:fb:bb:77:b3:e3:f6:e6:72:61:09:
                    72:bf:2c:4c:0f:8c:9f:fc:7a:d2:02:3d:36:f4:8d:
                    07:76:f8:2e:d9:fd:80:a9:3b:bb:5c:5f:3d:6c:61:
                    a9:5e:ae:80:3d:e0:be:3d:a6:82:24:7d:28:61:f3:
                    66:40:83:ff:ca:20:cb:7d:82:50:aa:08:27:91:16:
                    bf:5d:51:0e:48:4f:0a:a9:9e:48:e5:e9:40:a9:d5:
                    f7:39:a0:a4:59:8c:21:51:d8:1a:6d:96:49:c8:93:
                    a7:0f:87:34:d1:7a:94:5f:80:28:93:d4:41:73:84:
                    8e:c6:eb:ad:7f:e5:c7:76:23:bf:14:01:4a:90:b1:
                    78:70:5f:fb:1a:fd:f5:03:40:4f:3d:7d:3e:af:b2:
                    14:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:62:01:94:62:0A:0C:E3:6A:9D:9D:11:AC:FE:DE:0E:3D:3D:A0:77
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/cd5315fa-23af-4447-990b-3920f59f8325.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:b0:50:88:b2:21:ef:61:20:31:e7:dd:1e:ad:d5:38:58:e8:
         99:3c:67:fe:f6:a9:5b:dc:c7:c9:aa:d4:ea:62:5f:bc:cb:f7:
         eb:cf:4c:4d:22:cf:38:77:2a:90:96:61:09:a1:ba:0e:a7:73:
         12:df:24:4c:cc:3a:92:f3:1f:79:5b:5e:07:7b:55:ae:35:0b:
         7b:5d:34:ab:ea:84:0e:09:57:87:67:72:0f:43:cc:d1:fa:38:
         82:f9:31:e0:40:69:5e:83:d5:6b:93:ef:40:57:66:93:ed:cd:
         c5:66:0e:f1:3a:56:21:46:22:b3:3b:4f:01:20:1a:b0:d0:2b:
         03:3a:2b:04:aa:9b:bf:4d:ac:01:26:08:04:b3:f1:c9:72:cc:
         42:86:f7:c7:e1:23:0a:d4:9f:a8:d8:31:2d:b9:4f:0d:7a:f2:
         c5:84:c4:d8:11:d7:e2:8e:a9:a3:f5:89:a5:77:07:00:b3:51:
         02:fa:f2:1c:49:95:73:66:ce:8f:75:a5:3b:05:3c:7a:f1:17:
         06:bb:6a:b3:69:92:f1:d0:fe:8f:9b:81:7f:b5:03:36:84:9f:
         f7:fb:58:30:6c:d1:45:97:b6:68:e0:e2:21:0f:f4:3f:35:8f:
         13:08:17:ce:d4:12:57:aa:94:3a:7a:16:9e:c5:5a:0d:bb:64:
         5a:1d:ec:f1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZGnxoPZUGrpzvKKVZBl99lCNKuIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMjE5MDEwMzIxWhcNMjUwMzI2MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MjljN2JjMmZkYWZiZDFjZmI3Mjk0Yzg4NTNiNTk2NTc2
NDg1MzZjYWYwYTE1NjkxMWNjZWI0MTkyMDZmODU2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDz9Hgie9Xrj67muHPxUqH2mfY8uZJYgxZiVLqZ/SGA8d/f
BHoDJEtpmjrE5hxZ+0+zDUqLWhvHPM2E6wq3b3zQyvJDt9ctB0uuvQF8yFwcddP/
K7Nr4WZhy6Yo9c5bQ2eNcXSsHmfXaAJDgCD/+7t3s+P25nJhCXK/LEwPjJ/8etIC
PTb0jQd2+C7Z/YCpO7tcXz1sYaleroA94L49poIkfShh82ZAg//KIMt9glCqCCeR
Fr9dUQ5ITwqpnkjl6UCp1fc5oKRZjCFR2BptlknIk6cPhzTRepRfgCiT1EFzhI7G
661/5cd2I78UAUqQsXhwX/sa/fUDQE89fT6vshT1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU32IBlGIKDONqnZ0RrP7eDj09oHcwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2NkNTMxNWZhLTIzYWYtNDQ0Ny05OTBiLTM5MjBmNTlmODMyNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEqwUIiyIe9hIDHn3R6t1ThY6Jk8
Z/72qVvcx8mq1OpiX7zL9+vPTE0izzh3KpCWYQmhug6ncxLfJEzMOpLzH3lbXgd7
Va41C3tdNKvqhA4JV4dncg9DzNH6OIL5MeBAaV6D1WuT70BXZpPtzcVmDvE6ViFG
IrM7TwEgGrDQKwM6KwSqm79NrAEmCASz8clyzEKG98fhIwrUn6jYMS25Tw168sWE
xNgR1+KOqaP1iaV3BwCzUQL68hxJlXNmzo91pTsFPHrxFwa7arNpkvHQ/o+bgX+1
AzaEn/f7WDBs0UWXtmjg4iEP9D81jxMIF87UEleqlDp6Fp7FWg27ZFod7PE=
-----END CERTIFICATE-----