Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dcdb1f09-747d-4423-8fef-668a5979def6.roa
File:                     dcdb1f09-747d-4423-8fef-668a5979def6.roa (raw, json)
Hash identifier:          G06WAJcayVxSHzJ8j8vc00wkBJHtTUBtBoed6tNSJ8c=
Subject key identifier:   45:18:72:8C:B8:52:B0:36:BE:99:DC:D8:70:6D:0B:B0:8C:ED:D2:A8
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2504223F8831633B2B9A19CB0D45692DA481E018
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dcdb1f09-747d-4423-8fef-668a5979def6.roa
Signing time:             Mon 11 Sep 2023 00:00:00 +0000
ROA not before:           Mon 11 Sep 2023 00:00:00 +0000
ROA not after:            Mon 16 Oct 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:04:22:3f:88:31:63:3b:2b:9a:19:cb:0d:45:69:2d:a4:81:e0:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Sep 11 00:00:00 2023 GMT
            Not After : Oct 16 23:59:59 2023 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:21:dd:8a:6e:8e:1a:f2:a8:9c:ef:51:0b:dd:
                    dd:54:98:62:c1:5e:13:ee:f4:e0:7f:2f:1f:ed:fe:
                    f0:31:49:fb:9e:ab:02:9c:1c:94:a2:68:03:66:8b:
                    0c:a7:6f:08:5f:fe:40:6f:5a:4d:26:ce:d2:2d:ad:
                    97:d1:4c:85:07:a6:87:3b:65:8f:5b:2b:04:02:86:
                    1e:10:d2:bf:9b:bf:6d:c1:18:2b:a9:de:9b:6b:93:
                    c9:03:ee:55:d3:24:0f:69:46:df:4c:cb:41:13:4a:
                    2f:09:c5:c2:b8:52:20:67:26:73:ec:b8:1d:ad:49:
                    dc:9b:77:c1:cb:21:7c:ad:f5:6f:b6:b6:7b:ad:23:
                    a0:2c:e3:68:d3:9b:51:f6:19:94:25:f0:fa:c3:c9:
                    eb:28:72:24:15:ca:30:af:eb:c0:94:83:7f:aa:43:
                    5e:18:6e:df:a2:bc:0f:a0:11:40:b4:e9:6d:ed:e2:
                    0b:3f:cc:f7:bf:5b:1f:bf:d9:b3:00:46:04:aa:a4:
                    c3:eb:ac:6b:ac:ea:ed:40:93:c9:20:f4:0c:5a:2e:
                    06:13:43:87:94:cd:a6:61:48:d9:91:a6:1d:a5:c6:
                    0e:00:66:f6:0c:ec:dc:6a:cd:ae:f8:07:af:fb:12:
                    e5:5c:7c:b0:bc:c8:ae:26:a3:dc:fc:0f:13:a2:20:
                    b4:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:18:72:8C:B8:52:B0:36:BE:99:DC:D8:70:6D:0B:B0:8C:ED:D2:A8
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dcdb1f09-747d-4423-8fef-668a5979def6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:1d:12:ca:9b:80:ca:d0:a0:a3:aa:83:fc:18:dd:c0:b4:ba:
         69:0b:af:2b:d9:d3:38:d0:0d:38:89:fb:73:12:1b:65:df:a6:
         ef:fd:9c:3f:e2:8e:32:43:08:52:a3:40:75:9c:ca:fe:e9:c4:
         07:3c:7a:3f:4f:4f:3b:ce:50:ef:fd:60:aa:8a:10:73:24:6d:
         fa:57:f1:17:b7:cc:13:47:9d:df:12:df:b0:d7:41:a9:d2:09:
         2c:f1:f3:6d:3b:d8:46:cc:be:c4:25:a0:09:ba:8d:f8:2b:88:
         af:4b:a4:ca:ea:0a:59:b6:fd:1b:c5:ea:76:65:16:04:e0:38:
         4c:45:57:00:a0:cb:9c:df:fb:93:d2:b4:46:3a:cb:14:e7:7a:
         24:95:37:73:12:e0:1e:c0:94:9f:92:e2:94:cc:25:83:6a:4d:
         c4:b4:c4:29:c2:ed:48:ed:65:10:82:84:4b:4c:35:41:21:f0:
         2c:88:64:12:50:15:21:64:ff:ee:cf:69:d8:ce:aa:bf:0a:de:
         05:8f:aa:d0:85:c4:42:3a:29:9d:be:f9:f3:0a:db:91:ff:94:
         46:ba:e3:b9:50:b4:ab:76:23:89:93:0b:b1:27:d0:6a:5c:32:
         03:7f:78:f1:98:1d:c4:37:dd:30:ab:f8:34:8b:74:3f:f5:e1:
         d9:6b:8c:66
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJQQiP4gxYzsrmhnLDUVpLaSB4BgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwOTExMDAwMDAwWhcNMjMxMDE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A1YmFjYTViMTdmYWQ4ZDJkMTYxNWQzZmFhYjNiYjNjYmQ0
OGRjYzM2YzI4OTNkOWJjYmIyYzE5NjVjNmIyZmQ4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1Id2Kbo4a8qic71EL3d1UmGLBXhPu9OB/Lx/t/vAxSfue
qwKcHJSiaANmiwynbwhf/kBvWk0mztItrZfRTIUHpoc7ZY9bKwQChh4Q0r+bv23B
GCup3ptrk8kD7lXTJA9pRt9My0ETSi8JxcK4UiBnJnPsuB2tSdybd8HLIXyt9W+2
tnutI6As42jTm1H2GZQl8PrDyesociQVyjCv68CUg3+qQ14Ybt+ivA+gEUC06W3t
4gs/zPe/Wx+/2bMARgSqpMPrrGus6u1Ak8kg9AxaLgYTQ4eUzaZhSNmRph2lxg4A
ZvYM7Nxqza74B6/7EuVcfLC8yK4mo9z8DxOiILTNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQURRhyjLhSsDa+mdzYcG0LsIzt0qgwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2RjZGIxZjA5LTc0N2QtNDQyMy04ZmVmLTY2OGE1OTc5ZGVmNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKkdEsqbgMrQoKOqg/wY3cC0umkL
ryvZ0zjQDTiJ+3MSG2Xfpu/9nD/ijjJDCFKjQHWcyv7pxAc8ej9PTzvOUO/9YKqK
EHMkbfpX8Re3zBNHnd8S37DXQanSCSzx82072EbMvsQloAm6jfgriK9LpMrqClm2
/RvF6nZlFgTgOExFVwCgy5zf+5PStEY6yxTneiSVN3MS4B7AlJ+S4pTMJYNqTcS0
xCnC7UjtZRCChEtMNUEh8CyIZBJQFSFk/+7PadjOqr8K3gWPqtCFxEI6KZ2++fMK
25H/lEa647lQtKt2I4mTC7En0GpcMgN/ePGYHcQ33TCr+DSLdD/14dlrjGY=
-----END CERTIFICATE-----