Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/decb074c-1ff1-4f48-be06-e97f7fbed359.roa
File:                     decb074c-1ff1-4f48-be06-e97f7fbed359.roa (raw, json)
Hash identifier:          z5fgbC/hngBp7fz1ZZqYKs0eILkyg69m9FVAbk+4vgc=
Subject key identifier:   E8:F7:70:25:AD:F4:99:70:4F:E2:32:B3:55:84:BF:45:29:DF:3B:E2
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3A43BFF0189A23C552A1426E2D7FF93BCBC693C6
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/decb074c-1ff1-4f48-be06-e97f7fbed359.roa
Signing time:             Mon 10 Mar 2025 18:38:21 +0000
ROA not before:           Mon 10 Mar 2025 18:38:21 +0000
ROA not after:            Mon 14 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:43:bf:f0:18:9a:23:c5:52:a1:42:6e:2d:7f:f9:3b:cb:c6:93:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 10 18:38:21 2025 GMT
            Not After : Apr 14 23:59:59 2025 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:35:eb:ff:ae:92:8e:80:90:19:3c:a5:60:61:
                    3e:86:77:3f:33:8f:46:2b:cd:57:b9:b2:c2:12:d5:
                    7e:c0:8f:26:fe:d9:18:b3:87:14:e3:0c:30:76:2d:
                    ea:0e:a5:92:a3:4f:40:6e:49:2a:d0:92:8a:b3:58:
                    08:3d:35:28:c0:b0:4d:7e:4e:ef:16:65:07:16:30:
                    f2:79:4e:00:c6:3f:37:20:0f:28:30:b9:41:56:74:
                    5b:f7:df:96:e3:e1:e2:ca:ea:83:01:f7:50:b4:21:
                    77:d7:00:fe:a0:c1:93:6a:aa:0d:ec:03:38:67:b8:
                    32:6d:5a:70:87:0d:09:84:ff:0e:73:bc:eb:91:8b:
                    ba:76:9c:4f:24:80:73:0a:82:1e:b0:fd:c4:b2:85:
                    1c:b8:bb:b5:34:77:e3:c9:28:e6:93:72:c6:e9:46:
                    69:24:5e:33:29:f9:44:81:96:16:35:14:89:b4:1c:
                    3b:d2:c5:e5:95:0d:e9:0b:14:89:41:7a:16:57:6c:
                    69:fe:15:d2:ec:ee:f8:b3:5e:31:ab:bd:e5:3f:75:
                    ff:a2:1b:22:ec:a4:b9:cd:b3:73:a9:4d:b3:1a:f9:
                    e5:a0:2e:57:b5:bd:b6:36:fe:cf:93:12:b8:bc:8a:
                    c3:e6:24:4d:14:ce:25:e5:3a:13:56:f2:87:c9:06:
                    e1:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:F7:70:25:AD:F4:99:70:4F:E2:32:B3:55:84:BF:45:29:DF:3B:E2
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/decb074c-1ff1-4f48-be06-e97f7fbed359.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:df:d3:0d:c0:2a:a7:e7:44:c3:85:f0:26:e3:9f:99:4a:5e:
         a5:17:93:94:80:4d:50:d3:ae:27:20:13:87:f9:a2:2f:36:1a:
         82:35:9e:c9:3f:35:51:a4:18:2a:fc:b5:9b:a9:07:2b:ea:56:
         ce:11:64:4d:f4:46:da:1c:a7:d8:40:40:9e:b6:8f:69:e3:c0:
         f9:f6:2a:c6:d9:8b:99:3b:ae:3f:c2:e6:ea:ad:ba:d0:97:c0:
         83:92:f3:c7:0f:61:68:17:4b:93:e8:2b:f4:ff:ce:b3:84:5a:
         6e:b5:b8:78:13:f7:09:20:a3:50:be:b4:c7:f6:c4:48:0b:11:
         8d:78:3d:af:be:5b:b2:99:bd:dc:a2:3a:37:61:1e:c5:5e:72:
         9b:f1:40:1c:fc:6f:c9:96:fe:9c:6f:43:48:c5:cb:fb:0d:4d:
         ac:68:b6:95:f2:6c:0a:25:fc:b6:4a:58:32:77:d0:23:ef:b6:
         33:af:bb:7c:64:9c:83:d9:65:86:d6:3a:63:e6:97:e9:1d:33:
         66:3e:96:46:ee:69:f1:e8:35:56:72:2c:ec:de:da:e7:63:75:
         a4:97:29:3c:80:52:c4:31:29:e9:d9:0b:ce:ee:41:00:8f:bb:
         2d:28:d2:54:9a:93:27:6e:54:9f:c8:85:38:38:37:b1:3d:d8:
         23:32:41:09
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOkO/8BiaI8VSoUJuLX/5O8vGk8YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzEwMTgzODIxWhcNMjUwNDE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZWJjYzQxNThkY2VkMWZlZGZjMjhkMTgxZTMzNGMwNjFj
MWUyMTM2YjhmYmZkZDVhYjU1OWJlZTBkZTIzNGIwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDWNev/rpKOgJAZPKVgYT6Gdz8zj0YrzVe5ssIS1X7Ajyb+
2RizhxTjDDB2LeoOpZKjT0BuSSrQkoqzWAg9NSjAsE1+Tu8WZQcWMPJ5TgDGPzcg
DygwuUFWdFv335bj4eLK6oMB91C0IXfXAP6gwZNqqg3sAzhnuDJtWnCHDQmE/w5z
vOuRi7p2nE8kgHMKgh6w/cSyhRy4u7U0d+PJKOaTcsbpRmkkXjMp+USBlhY1FIm0
HDvSxeWVDekLFIlBehZXbGn+FdLs7vizXjGrveU/df+iGyLspLnNs3OpTbMa+eWg
Lle1vbY2/s+TEri8isPmJE0UziXlOhNW8ofJBuHXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU6PdwJa30mXBP4jKzVYS/RSnfO+IwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2RlY2IwNzRjLTFmZjEtNGY0OC1iZTA2LWU5N2Y3ZmJlZDM1OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKDf0w3AKqfnRMOF8Cbjn5lKXqUX
k5SATVDTricgE4f5oi82GoI1nsk/NVGkGCr8tZupByvqVs4RZE30Rtocp9hAQJ62
j2njwPn2KsbZi5k7rj/C5uqtutCXwIOS88cPYWgXS5PoK/T/zrOEWm61uHgT9wkg
o1C+tMf2xEgLEY14Pa++W7KZvdyiOjdhHsVecpvxQBz8b8mW/pxvQ0jFy/sNTaxo
tpXybAol/LZKWDJ30CPvtjOvu3xknIPZZYbWOmPml+kdM2Y+lkbuafHoNVZyLOze
2udjdaSXKTyAUsQxKenZC87uQQCPuy0o0lSakyduVJ/IhTg4N7E92CMyQQk=
-----END CERTIFICATE-----