Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e87e2fd0-aebc-49db-9e7f-05a9033ee14d.roa
File:                     e87e2fd0-aebc-49db-9e7f-05a9033ee14d.roa (raw, json)
Hash identifier:          BAh4aF3NCFGLPnPErgPq/FLLA5DTZR2pNRU8YvBW6Q8=
Subject key identifier:   9F:B9:40:95:9C:32:B6:51:ED:C9:13:11:13:EB:09:12:7F:7B:01:F2
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1BF062D6ED3794872DED4CB08ED7388CF127D68E
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e87e2fd0-aebc-49db-9e7f-05a9033ee14d.roa
Signing time:             Sun 13 Aug 2023 00:00:00 +0000
ROA not before:           Sun 13 Aug 2023 00:00:00 +0000
ROA not after:            Sun 17 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:f0:62:d6:ed:37:94:87:2d:ed:4c:b0:8e:d7:38:8c:f1:27:d6:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 13 00:00:00 2023 GMT
            Not After : Sep 17 23:59:59 2023 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:aa:ff:e8:41:d4:73:43:ac:5d:3e:00:dd:b4:
                    7e:9a:a2:64:92:ca:87:d9:8b:08:e8:e3:8d:fe:af:
                    af:d8:b5:6f:da:00:b6:f1:a9:03:5a:ed:3d:21:e0:
                    e2:90:21:e3:ab:74:7f:f8:79:f7:4d:b2:33:50:94:
                    68:58:cb:49:5a:46:09:9b:8a:2a:a1:f5:6a:00:7d:
                    0e:62:14:f1:5d:87:b6:6e:20:f4:c8:e8:01:ea:19:
                    d2:5c:58:a2:2f:c2:11:e5:75:ab:40:cd:01:d2:21:
                    75:a6:d0:f0:44:81:b4:c0:49:68:26:bb:f9:3c:aa:
                    84:67:fb:ac:66:32:97:99:46:38:14:65:4b:b9:55:
                    98:ed:ba:88:44:73:38:45:f1:18:db:77:c2:4c:e8:
                    2b:96:41:88:62:33:74:ec:08:bb:7a:71:0f:71:41:
                    64:e7:1d:cf:29:6f:cc:ca:0e:c1:38:32:c8:1e:83:
                    36:3a:07:c1:0c:85:49:ed:b5:d6:55:33:e2:08:78:
                    f6:f0:06:ed:50:06:88:6d:7e:cc:50:ac:94:05:0f:
                    63:cc:87:d4:62:c3:29:ef:d0:10:b4:14:f4:86:61:
                    42:ea:3a:21:48:af:51:3c:ed:57:f4:1a:c7:f1:66:
                    bd:13:e7:4a:3b:ae:b1:4f:6d:3e:db:c1:40:bc:a0:
                    94:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:B9:40:95:9C:32:B6:51:ED:C9:13:11:13:EB:09:12:7F:7B:01:F2
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e87e2fd0-aebc-49db-9e7f-05a9033ee14d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:a3:9f:9a:d2:29:5f:09:7b:ad:14:c5:8d:1f:85:2d:0d:6f:
         46:c9:b9:fa:1a:8c:f5:d6:00:0a:9c:a5:e5:3b:87:e4:bc:8f:
         cc:47:a0:33:e1:06:a4:70:3c:37:01:b5:58:d1:db:2e:48:b4:
         1c:8b:7a:0a:81:2a:47:ab:78:85:83:15:23:b4:ed:64:2c:1d:
         66:03:b1:f9:eb:b2:74:9a:8e:ef:59:42:e9:c6:b1:1d:55:cc:
         2e:fa:ff:40:2e:b0:28:dc:4e:31:67:34:58:8b:bb:49:5d:0c:
         e8:03:2d:32:e4:6c:41:a5:b5:a5:18:90:b2:35:98:41:6b:3f:
         17:9d:f6:f0:77:52:dc:8f:5a:cc:86:74:9a:26:dd:b3:f3:5e:
         84:a1:7b:7c:26:e3:65:b4:bd:4f:df:b7:fb:b4:b6:c1:02:d4:
         7b:e5:5a:ea:ff:e5:03:d4:76:06:51:9b:88:99:b3:59:18:7e:
         77:71:43:ce:88:75:32:0c:25:0e:0d:e0:0b:fc:35:de:86:68:
         7f:25:5e:cf:f6:1c:13:5f:9e:64:23:46:68:ed:16:a9:bc:60:
         f1:d9:bd:e4:b8:d2:1f:7f:fe:db:a9:5e:99:a5:61:19:32:53:
         50:08:eb:6d:66:29:71:fd:41:e3:8a:00:6b:0f:e0:3c:eb:c0:
         05:12:42:6e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUG/Bi1u03lIct7Uywjtc4jPEn1o4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODEzMDAwMDAwWhcNMjMwOTE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BkNjM1NzBlMTQ2YmM1NTE4ZGQ5MGM5MDUwMDcyODMyOTg1
M2U2MTExYjk2MmI0ZjUxMzNkYTliYTU1OTZjZDE3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCXqv/oQdRzQ6xdPgDdtH6aomSSyofZiwjo443+r6/YtW/a
ALbxqQNa7T0h4OKQIeOrdH/4efdNsjNQlGhYy0laRgmbiiqh9WoAfQ5iFPFdh7Zu
IPTI6AHqGdJcWKIvwhHldatAzQHSIXWm0PBEgbTASWgmu/k8qoRn+6xmMpeZRjgU
ZUu5VZjtuohEczhF8Rjbd8JM6CuWQYhiM3TsCLt6cQ9xQWTnHc8pb8zKDsE4Msge
gzY6B8EMhUnttdZVM+IIePbwBu1QBohtfsxQrJQFD2PMh9Riwynv0BC0FPSGYULq
OiFIr1E87Vf0GsfxZr0T50o7rrFPbT7bwUC8oJRxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUn7lAlZwytlHtyRMRE+sJEn97AfIwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2U4N2UyZmQwLWFlYmMtNDlkYi05ZTdmLTA1YTkwMzNlZTE0ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAI+jn5rSKV8Je60UxY0fhS0Nb0bJ
ufoajPXWAAqcpeU7h+S8j8xHoDPhBqRwPDcBtVjR2y5ItByLegqBKkereIWDFSO0
7WQsHWYDsfnrsnSaju9ZQunGsR1VzC76/0AusCjcTjFnNFiLu0ldDOgDLTLkbEGl
taUYkLI1mEFrPxed9vB3UtyPWsyGdJom3bPzXoShe3wm42W0vU/ft/u0tsEC1Hvl
Wur/5QPUdgZRm4iZs1kYfndxQ86IdTIMJQ4N4Av8Nd6GaH8lXs/2HBNfnmQjRmjt
Fqm8YPHZveS40h9//tupXpmlYRkyU1AI621mKXH9QeOKAGsP4DzrwAUSQm4=
-----END CERTIFICATE-----