Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ef5ff70d-e36d-4c7c-be08-e4079db203db.roa
File:                     ef5ff70d-e36d-4c7c-be08-e4079db203db.roa (raw, json)
Hash identifier:          zlSbQjZIwIW2CLvaxGOYAPAghdrpGmt6b4pdgznesZw=
Subject key identifier:   07:F5:F9:A1:15:A9:09:4D:65:61:80:C0:CD:F5:D7:AA:56:7E:B3:90
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       77DFBC98F1800F8B43705CB8CCC6B0175E446639
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ef5ff70d-e36d-4c7c-be08-e4079db203db.roa
Signing time:             Tue 24 Oct 2023 00:00:00 +0000
ROA not before:           Tue 24 Oct 2023 00:00:00 +0000
ROA not after:            Tue 28 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:df:bc:98:f1:80:0f:8b:43:70:5c:b8:cc:c6:b0:17:5e:44:66:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 24 00:00:00 2023 GMT
            Not After : Nov 28 23:59:59 2023 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:6c:16:d4:f1:9d:05:7b:73:89:39:55:c3:16:
                    47:11:19:98:74:43:ae:28:f2:3c:fd:60:73:dd:d4:
                    74:30:7b:93:de:5c:ae:20:c2:9b:2c:1d:b9:9c:76:
                    0c:da:a3:0f:63:74:bd:29:04:ce:cc:9b:66:76:cc:
                    1a:a3:aa:02:46:e6:72:98:49:cd:61:f7:6d:05:74:
                    7f:7e:13:0d:3d:2b:76:4c:0b:30:97:77:37:a6:85:
                    2f:e4:15:93:01:91:78:ea:c3:54:88:b6:d8:10:e5:
                    79:92:d0:e0:50:8e:0a:d5:43:bb:ec:c3:7a:34:27:
                    fa:cb:1f:b0:4d:b9:1c:7f:54:bd:60:a8:82:30:90:
                    54:0a:33:47:ce:61:69:82:83:03:f7:2c:19:9b:12:
                    a6:fb:28:b7:a9:3f:aa:8b:de:92:e5:fa:41:17:aa:
                    29:34:8c:df:e3:06:ff:a2:f3:b6:10:96:03:a3:9f:
                    e8:0d:80:c5:7e:6c:79:2d:29:c5:52:3c:fc:96:53:
                    8b:6c:0c:99:51:51:3a:9f:e0:5e:13:38:a0:f2:53:
                    cb:b1:22:ed:4b:cd:39:13:50:1b:92:b2:4c:70:b5:
                    87:5f:f6:38:9d:51:6e:1e:8b:30:e1:a3:b5:ed:5c:
                    ea:2d:c8:75:74:d0:88:1a:18:18:fa:5d:bf:74:ff:
                    a2:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:F5:F9:A1:15:A9:09:4D:65:61:80:C0:CD:F5:D7:AA:56:7E:B3:90
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ef5ff70d-e36d-4c7c-be08-e4079db203db.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:ec:b4:b9:08:1d:0d:70:4f:55:33:d5:8a:98:d9:48:5d:11:
         95:8d:8f:15:75:8a:a5:8c:a5:2b:04:34:49:90:4c:97:02:bd:
         d3:ae:2b:7d:ca:39:ac:c1:fb:ba:e3:b8:7e:ed:54:16:75:8e:
         20:cc:94:df:b4:95:e9:8b:b3:d0:93:b2:c0:ba:b8:ab:e4:94:
         a0:c8:fc:71:05:c4:c1:2e:19:0e:b7:fa:9f:7f:90:b9:0d:b3:
         0e:a0:cb:18:1c:7c:fc:d8:fb:35:af:0c:5d:22:6a:75:da:97:
         b2:20:fe:ca:2d:fc:b7:19:a0:1f:8d:5e:29:cb:61:42:11:6c:
         4a:7f:1f:dc:3d:d8:c6:e6:fb:77:ca:87:0d:f3:8e:67:f0:b1:
         e7:98:4a:63:27:6e:1e:fe:38:ff:8f:a8:5b:61:b5:32:53:19:
         c9:7e:ac:2c:e3:6a:24:63:bb:23:87:8f:18:eb:2b:34:e2:e9:
         dd:43:e7:d8:1f:c4:fa:00:72:41:18:05:65:99:db:3f:b1:bd:
         30:1a:4c:72:bd:ff:89:bd:82:9d:7f:3d:88:0b:c8:3c:a1:85:
         f8:0b:e9:d2:3d:99:6a:4c:0e:cf:7a:64:81:ad:17:a8:a9:64:
         cd:5d:75:4d:67:22:55:de:50:fa:06:ab:b8:83:f1:18:02:1b:
         42:30:9f:cd
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUd9+8mPGAD4tDcFy4zMawF15EZjkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDI0MDAwMDAwWhcNMjMxMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0AxOGI1NmU1ZWY0NTczNjU3ZjAyNGM4MWZiZDIzMzI0OTNl
MDkxMmUyNmU5M2JmNDM2NmNmM2FiY2Q4NGJmOTRjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCpbBbU8Z0Fe3OJOVXDFkcRGZh0Q64o8jz9YHPd1HQwe5Pe
XK4gwpssHbmcdgzaow9jdL0pBM7Mm2Z2zBqjqgJG5nKYSc1h920FdH9+Ew09K3ZM
CzCXdzemhS/kFZMBkXjqw1SIttgQ5XmS0OBQjgrVQ7vsw3o0J/rLH7BNuRx/VL1g
qIIwkFQKM0fOYWmCgwP3LBmbEqb7KLepP6qL3pLl+kEXqik0jN/jBv+i87YQlgOj
n+gNgMV+bHktKcVSPPyWU4tsDJlRUTqf4F4TOKDyU8uxIu1LzTkTUBuSskxwtYdf
9jidUW4eizDho7XtXOotyHV00IgaGBj6Xb90/6K9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUB/X5oRWpCU1lYYDAzfXXqlZ+s5AwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2VmNWZmNzBkLWUzNmQtNGM3Yy1iZTA4LWU0MDc5ZGIyMDNkYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALTstLkIHQ1wT1Uz1YqY2UhdEZWN
jxV1iqWMpSsENEmQTJcCvdOuK33KOazB+7rjuH7tVBZ1jiDMlN+0lemLs9CTssC6
uKvklKDI/HEFxMEuGQ63+p9/kLkNsw6gyxgcfPzY+zWvDF0ianXal7Ig/sot/LcZ
oB+NXinLYUIRbEp/H9w92Mbm+3fKhw3zjmfwseeYSmMnbh7+OP+PqFthtTJTGcl+
rCzjaiRjuyOHjxjrKzTi6d1D59gfxPoAckEYBWWZ2z+xvTAaTHK9/4m9gp1/PYgL
yDyhhfgL6dI9mWpMDs96ZIGtF6ipZM1ddU1nIlXeUPoGq7iD8RgCG0Iwn80=
-----END CERTIFICATE-----