Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dd982b99-c683-4c50-a082-3afc68e06b47.roa
File:                     dd982b99-c683-4c50-a082-3afc68e06b47.roa (raw, json)
Hash identifier:          dq09fHL3O6ek8DKwG3SMc5LtGri8EG3G6Gd4l9G+gvQ=
Subject key identifier:   B8:9E:92:66:67:58:59:7B:FA:5D:A0:79:6F:59:74:57:D7:E7:58:EE
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3ADA6307C6C98F9DEC9AB6661E8B288EC82B3DC0
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dd982b99-c683-4c50-a082-3afc68e06b47.roa
Signing time:             Sat 16 Dec 2023 00:00:00 +0000
ROA not before:           Sat 16 Dec 2023 00:00:00 +0000
ROA not after:            Sat 20 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:da:63:07:c6:c9:8f:9d:ec:9a:b6:66:1e:8b:28:8e:c8:2b:3d:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 16 00:00:00 2023 GMT
            Not After : Jan 20 23:59:59 2024 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:c6:ca:c0:51:43:f7:46:d6:f7:4b:63:f8:f0:
                    b3:2a:3a:37:79:3d:b7:f2:f8:31:c8:4c:bc:70:49:
                    c1:c0:11:4f:5d:5c:a8:c1:19:33:c9:80:30:ce:72:
                    20:1c:1c:d6:26:c6:5c:4c:85:24:96:c4:7a:d6:f2:
                    dd:e7:4b:32:08:8c:d4:13:6b:11:d9:8c:80:e2:de:
                    7b:e2:6d:71:f3:21:49:cc:f4:fc:0d:0c:a9:71:ff:
                    f2:6f:a2:f2:17:0e:bc:35:69:2e:6f:5d:4d:49:54:
                    c9:f6:82:3e:2c:f4:50:db:86:bc:48:5e:4c:b5:38:
                    27:62:93:9b:db:f4:b1:54:f7:96:ba:ff:36:03:8a:
                    48:06:5f:56:5e:69:b3:cf:c4:24:21:e7:a6:45:15:
                    03:d8:e9:e2:f0:9b:76:9b:b1:fc:ae:f3:ca:59:0e:
                    1e:af:67:44:97:95:a7:df:71:fd:3d:fb:1d:ee:c9:
                    89:82:7a:91:5d:ce:ad:b4:6e:2b:8d:0f:ad:cc:b2:
                    75:f4:da:07:bc:b6:7d:9a:a7:dd:29:64:04:16:31:
                    12:4c:62:43:f5:1c:3f:23:e5:9f:94:3a:55:c7:6e:
                    1d:2d:ee:b7:bd:29:54:bf:78:23:65:61:ae:55:da:
                    45:ee:f8:49:3d:40:32:da:61:b2:76:e1:94:71:1f:
                    a3:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:9E:92:66:67:58:59:7B:FA:5D:A0:79:6F:59:74:57:D7:E7:58:EE
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dd982b99-c683-4c50-a082-3afc68e06b47.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:a5:bf:f9:91:9e:ca:64:f0:29:b5:44:ac:04:30:b4:74:cb:
         23:06:f8:47:9c:ee:a8:20:44:30:48:c5:bb:d3:0c:94:7c:e4:
         ca:cc:b0:8f:37:03:ce:1d:bb:bd:50:f1:3d:eb:20:d9:dc:17:
         36:fb:5f:80:88:f8:dd:75:ae:70:19:df:b5:fa:20:14:f1:3d:
         09:6d:88:4f:38:e2:be:96:f5:27:7c:58:f5:a8:e6:99:a2:5c:
         b7:c4:8a:37:0a:af:c5:cc:42:99:c4:a4:a9:12:ec:eb:a0:d4:
         4b:51:26:a1:a2:3a:87:54:4b:a3:b3:95:aa:28:df:d0:f7:52:
         ca:ea:b8:94:eb:21:8b:64:89:04:f8:9d:8f:e3:f6:3b:f0:b4:
         85:7b:04:db:34:c7:16:cc:0f:ba:1c:76:1f:4e:83:7f:d6:5a:
         81:15:79:8a:91:de:49:50:01:9c:77:14:23:bd:aa:33:00:48:
         09:45:f2:55:a0:ee:37:1f:35:98:c6:c7:7c:4e:87:bb:a7:67:
         18:fd:7c:f2:78:ef:be:30:82:ce:5e:0c:8c:01:ec:64:ca:70:
         48:b3:b0:d7:40:b0:2b:01:58:a0:0a:9a:b5:0d:fe:1c:61:c9:
         21:70:19:0c:a2:70:07:16:82:46:27:c5:12:91:b4:d2:b5:7b:
         a3:ca:5c:21
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOtpjB8bJj53smrZmHosojsgrPcAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjE2MDAwMDAwWhcNMjQwMTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A1NTdlNTQxMTYwMjFiNDg2YzkyYzJiZWZhMTlhZjE3ZTE0
YTViYzNhY2EyZDQ0MTBjNzZjMGM0NGVlNmFjZGM0MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCixsrAUUP3Rtb3S2P48LMqOjd5Pbfy+DHITLxwScHAEU9d
XKjBGTPJgDDOciAcHNYmxlxMhSSWxHrW8t3nSzIIjNQTaxHZjIDi3nvibXHzIUnM
9PwNDKlx//JvovIXDrw1aS5vXU1JVMn2gj4s9FDbhrxIXky1OCdik5vb9LFU95a6
/zYDikgGX1ZeabPPxCQh56ZFFQPY6eLwm3absfyu88pZDh6vZ0SXlaffcf09+x3u
yYmCepFdzq20biuND63MsnX02ge8tn2ap90pZAQWMRJMYkP1HD8j5Z+UOlXHbh0t
7re9KVS/eCNlYa5V2kXu+Ek9QDLaYbJ24ZRxH6MXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUuJ6SZmdYWXv6XaB5b1l0V9fnWO4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2RkOTgyYjk5LWM2ODMtNGM1MC1hMDgyLTNhZmM2OGUwNmI0Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADulv/mRnspk8Cm1RKwEMLR0yyMG
+Eec7qggRDBIxbvTDJR85MrMsI83A84du71Q8T3rINncFzb7X4CI+N11rnAZ37X6
IBTxPQltiE844r6W9Sd8WPWo5pmiXLfEijcKr8XMQpnEpKkS7Oug1EtRJqGiOodU
S6Ozlaoo39D3UsrquJTrIYtkiQT4nY/j9jvwtIV7BNs0xxbMD7ocdh9Og3/WWoEV
eYqR3klQAZx3FCO9qjMASAlF8lWg7jcfNZjGx3xOh7unZxj9fPJ4774wgs5eDIwB
7GTKcEizsNdAsCsBWKAKmrUN/hxhySFwGQyicAcWgkYnxRKRtNK1e6PKXCE=
-----END CERTIFICATE-----