Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d55cc7b9-739a-4bb2-b537-0fad66ed2e3e.roa
File:                     d55cc7b9-739a-4bb2-b537-0fad66ed2e3e.roa (raw, json)
Hash identifier:          KHo0X6b9o8H497OY4LaxCopLYdn+dupsEQtz6gzTN4s=
Subject key identifier:   E7:9A:51:7B:48:42:4E:AB:8C:93:3E:4C:CA:7C:20:E0:EA:C4:27:89
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       68593ABD8E3DAE13AD754699F1E1F983FE1AB319
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d55cc7b9-739a-4bb2-b537-0fad66ed2e3e.roa
Signing time:             Mon 18 Sep 2023 00:00:00 +0000
ROA not before:           Mon 18 Sep 2023 00:00:00 +0000
ROA not after:            Mon 23 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:59:3a:bd:8e:3d:ae:13:ad:75:46:99:f1:e1:f9:83:fe:1a:b3:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 18 00:00:00 2023 GMT
            Not After : Oct 23 23:59:59 2023 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:bb:ca:97:f9:82:f1:30:e5:db:e4:e1:4d:10:
                    d0:21:c4:90:53:8a:a2:e9:a4:53:c9:0a:5a:ed:24:
                    3a:99:54:90:15:bb:47:ea:f3:b3:9f:5c:03:54:74:
                    0d:76:30:23:37:5a:3c:d1:37:01:66:49:8b:25:d2:
                    d8:0b:83:80:59:fe:29:e8:20:f7:c2:bc:ce:e3:e6:
                    08:9c:d4:ac:a2:6a:de:7b:ec:4e:16:da:7c:a3:92:
                    24:21:23:cf:2c:30:3e:34:3e:08:40:63:f9:ff:30:
                    5c:a5:4e:4b:39:5d:f5:71:8e:b9:b2:9a:1d:14:39:
                    12:a2:f9:c9:d1:61:8a:a9:c8:c2:74:f3:bf:c6:b7:
                    17:c5:b3:29:13:ab:4e:f0:16:13:be:4a:f4:a0:55:
                    b3:5c:53:2a:96:ca:c0:f3:7c:f2:c5:62:eb:99:c5:
                    64:6a:ae:0d:43:4f:cf:43:29:e7:73:41:07:ab:ed:
                    b6:ec:aa:4a:32:1c:f8:a0:04:a3:6b:e2:16:ae:94:
                    70:22:9f:32:1d:42:c3:5b:2b:a7:74:44:1d:10:d7:
                    85:12:2e:b8:52:26:41:99:54:98:cb:62:81:6b:b1:
                    77:a8:8d:cb:ec:f5:ec:4b:db:90:83:be:bf:41:33:
                    ae:ae:b0:6f:2c:62:ad:8a:84:e0:fa:81:a0:d3:74:
                    6c:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:9A:51:7B:48:42:4E:AB:8C:93:3E:4C:CA:7C:20:E0:EA:C4:27:89
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d55cc7b9-739a-4bb2-b537-0fad66ed2e3e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:07:41:b8:37:a1:00:d2:13:e4:86:43:fa:50:fb:b0:ce:f0:
         37:27:33:8a:2b:4f:78:df:36:a6:60:19:60:87:08:d2:ba:08:
         d4:09:8b:2b:a1:9c:5f:12:ad:1b:dc:85:d8:06:80:08:24:ef:
         0e:81:c1:f0:49:bd:93:29:65:99:95:44:6f:83:07:43:20:63:
         ff:7b:03:1f:b8:13:5f:59:c4:ac:63:ce:79:e7:bd:85:10:e3:
         55:bd:0f:b3:e7:9f:46:d0:d7:61:33:31:a2:32:17:b3:9d:22:
         d4:35:b4:ec:d4:d4:eb:13:a2:f0:fd:f5:50:23:ce:c8:c4:55:
         ab:59:47:9d:46:c2:79:7b:1c:74:26:33:e6:ba:0c:8c:0a:78:
         f2:8f:c8:72:ad:e7:11:b8:7e:7b:65:e0:0d:a5:c1:c6:72:da:
         dc:fc:d5:56:28:bf:08:2d:52:38:65:db:87:b5:5d:ef:b4:ea:
         bd:9f:04:c9:bc:13:28:03:66:9e:39:eb:28:d6:f2:90:5d:b5:
         5c:36:71:2a:92:c0:30:9b:44:fa:48:48:2a:9f:0a:a2:3a:1f:
         34:e8:82:62:0c:e7:43:4e:48:df:aa:48:66:4e:39:00:71:ca:
         95:75:e2:a7:60:6d:cf:34:8d:f4:f7:bd:c2:36:3e:e6:64:f7:
         59:2f:e3:74
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUaFk6vY49rhOtdUaZ8eH5g/4asxkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTE4MDAwMDAwWhcNMjMxMDIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A1NGUyNjAwMGQ4YWU0OWQxOGE5MjQzMzBmOGYwOTc2YmE1
YjkxYjBjNjA2OTVmZGQ2ZjY5ZWZjZjA5NjA2ZTE3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9u8qX+YLxMOXb5OFNENAhxJBTiqLppFPJClrtJDqZVJAV
u0fq87OfXANUdA12MCM3WjzRNwFmSYsl0tgLg4BZ/inoIPfCvM7j5gic1Kyiat57
7E4W2nyjkiQhI88sMD40PghAY/n/MFylTks5XfVxjrmymh0UORKi+cnRYYqpyMJ0
87/GtxfFsykTq07wFhO+SvSgVbNcUyqWysDzfPLFYuuZxWRqrg1DT89DKedzQQer
7bbsqkoyHPigBKNr4haulHAinzIdQsNbK6d0RB0Q14USLrhSJkGZVJjLYoFrsXeo
jcvs9exL25CDvr9BM66usG8sYq2KhOD6gaDTdGzzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU55pRe0hCTquMkz5Mynwg4OrEJ4kwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2Q1NWNjN2I5LTczOWEtNGJiMi1iNTM3LTBmYWQ2NmVkMmUzZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJoHQbg3oQDSE+SGQ/pQ+7DO8Dcn
M4orT3jfNqZgGWCHCNK6CNQJiyuhnF8SrRvchdgGgAgk7w6BwfBJvZMpZZmVRG+D
B0MgY/97Ax+4E19ZxKxjznnnvYUQ41W9D7Pnn0bQ12EzMaIyF7OdItQ1tOzU1OsT
ovD99VAjzsjEVatZR51Gwnl7HHQmM+a6DIwKePKPyHKt5xG4fntl4A2lwcZy2tz8
1VYovwgtUjhl24e1Xe+06r2fBMm8EygDZp456yjW8pBdtVw2cSqSwDCbRPpISCqf
CqI6HzTogmIM50NOSN+qSGZOOQBxypV14qdgbc80jfT3vcI2PuZk91kv43Q=
-----END CERTIFICATE-----