Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d8c08261-a923-469b-9d15-f0af6c22e445.roa
File:                     d8c08261-a923-469b-9d15-f0af6c22e445.roa (raw, json)
Hash identifier:          Z8Aa1pQY23FA229jqBmIyNYB4HfxzAlp7eK1wKeiu6o=
Subject key identifier:   D6:3F:58:99:3D:C2:10:9B:2F:B2:22:98:D9:81:57:3F:AF:BC:2D:76
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       03D724A0A9F39356C6BD3946D65273E9F1F7C10C
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d8c08261-a923-469b-9d15-f0af6c22e445.roa
Signing time:             Wed 05 Mar 2025 13:33:15 +0000
ROA not before:           Wed 05 Mar 2025 13:33:15 +0000
ROA not after:            Wed 09 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:d7:24:a0:a9:f3:93:56:c6:bd:39:46:d6:52:73:e9:f1:f7:c1:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar  5 13:33:15 2025 GMT
            Not After : Apr  9 23:59:59 2025 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:a1:71:7b:45:54:b7:82:73:6c:37:ce:74:05:
                    81:e9:78:32:5e:05:c0:33:71:a3:78:fa:57:ae:0a:
                    a1:9b:5e:5e:4b:68:7c:16:31:2b:b1:29:c6:1e:c5:
                    9d:42:4f:17:61:9f:78:34:a8:c5:89:13:f2:fd:dc:
                    44:ee:2e:2c:8b:0c:f6:fe:ad:5c:13:99:45:42:fa:
                    8b:52:c5:70:f6:c1:b3:ef:b1:7b:7c:00:02:1c:30:
                    5e:6c:60:43:40:ba:a6:c0:4a:ad:fc:bc:59:e9:78:
                    9e:bc:e5:25:1c:99:d6:e7:39:5c:41:96:a6:c8:71:
                    6e:4f:8c:b2:10:80:5f:1b:65:1c:24:fd:a4:93:c6:
                    09:09:62:f2:f2:af:38:2d:01:31:7b:ca:2a:24:16:
                    92:cb:4f:4f:70:08:c9:fc:37:63:6c:93:8b:0a:c6:
                    30:b5:e0:fc:a4:d4:11:8b:53:5c:b8:da:53:1b:7d:
                    8d:c5:0b:9a:da:30:ea:12:1b:aa:52:e7:48:b1:02:
                    0a:4c:0c:e4:2d:d0:cb:d9:1d:7b:ee:87:2f:4c:f9:
                    10:91:c1:1b:49:d0:6a:52:3c:25:a6:10:b5:85:3a:
                    10:99:cb:61:18:96:5b:f8:a9:3f:94:96:86:7e:7e:
                    50:6b:f6:dd:2a:c8:da:c7:2d:9d:35:3c:50:b2:de:
                    e3:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:3F:58:99:3D:C2:10:9B:2F:B2:22:98:D9:81:57:3F:AF:BC:2D:76
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d8c08261-a923-469b-9d15-f0af6c22e445.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:84:e9:be:05:4d:f9:e1:70:1f:2c:5e:3d:6f:89:e2:b9:d3:
         56:6a:8d:14:a4:d0:cf:7f:b8:1b:89:79:0a:5e:c8:d9:ea:8f:
         8f:91:77:f6:49:ea:23:d9:73:94:01:af:aa:a9:1d:22:50:40:
         84:cf:3c:a3:31:5a:a6:ce:0c:8c:3c:00:3a:5e:ae:15:a5:d1:
         e7:1b:19:83:fa:75:97:21:90:63:31:37:6b:66:66:4d:83:8d:
         19:24:d6:e5:92:7e:d1:82:f1:a7:ed:d5:32:8f:d2:80:9f:b3:
         8e:7b:1c:1e:89:c0:56:f6:8e:0f:74:7b:cd:0e:38:5f:52:77:
         53:03:d0:70:ac:15:99:55:26:fb:de:f6:53:a7:93:63:ca:dd:
         e0:c2:26:11:9a:5f:a8:bb:db:9c:ea:b3:96:1e:30:c7:7f:3c:
         9b:3f:4b:6d:ef:60:e1:74:b9:b9:32:f8:2b:64:f7:95:e9:87:
         cb:da:40:6b:70:ff:2b:fb:88:04:55:81:c9:aa:d9:f4:f3:c7:
         d5:4a:40:f1:1a:5d:78:84:4c:48:cc:bc:2a:00:0d:85:b4:1b:
         61:12:c7:24:fd:56:14:05:97:f1:e5:59:a2:8b:16:1e:d6:d2:
         a8:6b:15:f6:35:fb:61:46:f1:5d:17:98:85:14:21:73:7f:5f:
         e9:f8:57:5f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUA9ckoKnzk1bGvTlG1lJz6fH3wQwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzA1MTMzMzE1WhcNMjUwNDA5MjM1OTU5
WjB6MUkwRwYDVQQFE0AxNTY3YTUwN2NmNGFhMjdkYTAzN2NlNTAyMzNjZGRmODcz
N2MzZDdiMWFkOTY5OWI3OTdmMTdjYWYxZTZmODI3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCkoXF7RVS3gnNsN850BYHpeDJeBcAzcaN4+leuCqGbXl5L
aHwWMSuxKcYexZ1CTxdhn3g0qMWJE/L93ETuLiyLDPb+rVwTmUVC+otSxXD2wbPv
sXt8AAIcMF5sYENAuqbASq38vFnpeJ685SUcmdbnOVxBlqbIcW5PjLIQgF8bZRwk
/aSTxgkJYvLyrzgtATF7yiokFpLLT09wCMn8N2Nsk4sKxjC14Pyk1BGLU1y42lMb
fY3FC5raMOoSG6pS50ixAgpMDOQt0MvZHXvuhy9M+RCRwRtJ0GpSPCWmELWFOhCZ
y2EYllv4qT+UloZ+flBr9t0qyNrHLZ01PFCy3uO3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU1j9YmT3CEJsvsiKY2YFXP6+8LXYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2Q4YzA4MjYxLWE5MjMtNDY5Yi05ZDE1LWYwYWY2YzIyZTQ0NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAASE6b4FTfnhcB8sXj1vieK501Zq
jRSk0M9/uBuJeQpeyNnqj4+Rd/ZJ6iPZc5QBr6qpHSJQQITPPKMxWqbODIw8ADpe
rhWl0ecbGYP6dZchkGMxN2tmZk2DjRkk1uWSftGC8aft1TKP0oCfs457HB6JwFb2
jg90e80OOF9Sd1MD0HCsFZlVJvve9lOnk2PK3eDCJhGaX6i725zqs5YeMMd/PJs/
S23vYOF0ubky+Ctk95Xph8vaQGtw/yv7iARVgcmq2fTzx9VKQPEaXXiETEjMvCoA
DYW0G2ESxyT9VhQFl/HlWaKLFh7W0qhrFfY1+2FG8V0XmIUUIXN/X+n4V18=
-----END CERTIFICATE-----