Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fd462961-6551-485a-9d76-ae2993fb0cac.roa
File:                     fd462961-6551-485a-9d76-ae2993fb0cac.roa (raw, json)
Hash identifier:          4MkwfzqSGoGx3Ec5ofe0DT6TPOsyO6aYqojQBarUR9M=
Subject key identifier:   59:8A:93:A8:13:0D:35:5B:80:71:35:AA:2A:6C:AA:DF:07:68:10:0A
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       428C838A8155A3BA9F988440D53F0BE52FD725EF
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fd462961-6551-485a-9d76-ae2993fb0cac.roa
Signing time:             Sat 04 Nov 2023 00:00:00 +0000
ROA not before:           Sat 04 Nov 2023 00:00:00 +0000
ROA not after:            Sat 09 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:8c:83:8a:81:55:a3:ba:9f:98:84:40:d5:3f:0b:e5:2f:d7:25:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov  4 00:00:00 2023 GMT
            Not After : Dec  9 23:59:59 2023 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:30:ef:d0:98:d1:9f:08:03:80:16:74:7a:67:
                    f3:fd:2f:c0:06:3b:79:ef:87:6e:0e:0a:ab:e4:85:
                    fa:c4:a1:dc:f3:e0:75:12:98:9b:cc:a2:0d:ef:5b:
                    8a:8b:cb:74:6c:ce:d6:84:9a:58:4c:92:5c:89:a7:
                    e6:f4:ac:33:63:d3:0f:57:76:06:bb:31:49:e5:59:
                    fa:ba:2b:02:ea:82:6f:0b:d9:55:13:9b:ac:c3:3a:
                    6d:d7:4e:66:d0:db:94:f2:82:55:e5:5e:f1:5f:3f:
                    06:d6:2f:b9:11:99:c7:1b:9e:df:f7:6a:ea:86:ba:
                    74:ea:7f:7f:42:c7:3c:6e:c5:fb:e5:aa:55:d9:3b:
                    46:ee:39:4a:37:3b:2f:4a:09:a5:d5:fa:f8:7e:c3:
                    28:9f:3f:8e:f4:f3:87:74:58:6a:d0:ba:25:8c:72:
                    c3:82:22:24:83:a8:80:f8:4b:3d:28:41:be:af:9a:
                    4b:66:14:d2:e1:a9:83:b4:02:12:6e:24:92:68:c5:
                    13:f5:fb:ba:48:79:b5:af:81:67:84:8f:b6:0c:a8:
                    13:38:e5:17:71:b4:35:f8:35:0f:19:2a:de:8a:5e:
                    c4:b4:ad:fa:af:14:c0:43:c1:2a:4e:e9:01:24:74:
                    c2:59:1b:49:c3:1c:dc:ba:c6:27:f7:99:fd:61:f2:
                    f5:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:8A:93:A8:13:0D:35:5B:80:71:35:AA:2A:6C:AA:DF:07:68:10:0A
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fd462961-6551-485a-9d76-ae2993fb0cac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:79:93:3e:ff:97:db:ec:9b:a3:be:9c:9c:46:d8:c9:a1:52:
         48:fd:21:87:58:52:ce:12:be:1b:88:73:fa:6f:32:82:8a:c2:
         5b:e9:bf:a9:92:2a:c5:8c:63:1b:ef:c6:77:fc:b5:14:12:bb:
         6a:69:fa:f1:c1:bb:4d:2b:cd:61:42:a9:72:a3:64:8b:ac:8b:
         4a:b4:3c:a8:26:72:b7:ba:ae:24:38:8d:45:5b:5b:50:50:17:
         6f:1f:46:21:00:cf:1b:49:42:0a:e8:be:96:57:be:23:d3:dc:
         49:83:07:43:95:66:0e:94:ab:de:9c:b2:9a:0b:16:cf:34:bd:
         a1:2f:73:bc:7c:a9:7c:b5:0a:4f:4d:9a:39:b4:67:41:39:47:
         13:63:2b:e0:e2:f2:1d:f3:79:5a:fa:d2:c4:8b:19:d8:1d:67:
         a3:79:53:b4:70:1c:24:4b:94:29:61:a7:ce:e9:c3:e7:dd:98:
         69:51:63:c0:9d:13:21:97:d1:e0:d3:fe:82:69:e3:2c:42:f0:
         ae:2f:30:d6:ec:f2:75:e5:27:0c:68:c0:8a:6d:99:46:c3:d8:
         43:bd:58:a7:c0:21:c9:88:75:57:e6:e7:88:47:25:c4:39:0b:
         16:48:49:6a:aa:07:38:e9:3f:2c:59:c8:36:2d:67:f7:ef:79:
         c6:68:b6:14
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQoyDioFVo7qfmIRA1T8L5S/XJe8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTA0MDAwMDAwWhcNMjMxMjA5MjM1OTU5
WjB6MUkwRwYDVQQFE0AzYmM2MTc0NjI1ZWQzZDkzZmQ0M2NkNTM2NzM2ZDc2ZDZj
NWNjNmVmNTRhZDRjZDhhZjlmNzQ2YjcwZTc3ZjY1MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxMO/QmNGfCAOAFnR6Z/P9L8AGO3nvh24OCqvkhfrEodzz
4HUSmJvMog3vW4qLy3RsztaEmlhMklyJp+b0rDNj0w9Xdga7MUnlWfq6KwLqgm8L
2VUTm6zDOm3XTmbQ25TyglXlXvFfPwbWL7kRmccbnt/3auqGunTqf39Cxzxuxfvl
qlXZO0buOUo3Oy9KCaXV+vh+wyifP47084d0WGrQuiWMcsOCIiSDqID4Sz0oQb6v
mktmFNLhqYO0AhJuJJJoxRP1+7pIebWvgWeEj7YMqBM45RdxtDX4NQ8ZKt6KXsS0
rfqvFMBDwSpO6QEkdMJZG0nDHNy6xif3mf1h8vWjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUWYqTqBMNNVuAcTWqKmyq3wdoEAowHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2ZkNDYyOTYxLTY1NTEtNDg1YS05ZDc2LWFlMjk5M2ZiMGNhYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABx5kz7/l9vsm6O+nJxG2MmhUkj9
IYdYUs4SvhuIc/pvMoKKwlvpv6mSKsWMYxvvxnf8tRQSu2pp+vHBu00rzWFCqXKj
ZIusi0q0PKgmcre6riQ4jUVbW1BQF28fRiEAzxtJQgrovpZXviPT3EmDB0OVZg6U
q96cspoLFs80vaEvc7x8qXy1Ck9Nmjm0Z0E5RxNjK+Di8h3zeVr60sSLGdgdZ6N5
U7RwHCRLlClhp87pw+fdmGlRY8CdEyGX0eDT/oJp4yxC8K4vMNbs8nXlJwxowIpt
mUbD2EO9WKfAIcmIdVfm54hHJcQ5CxZISWqqBzjpPyxZyDYtZ/fvecZothQ=
-----END CERTIFICATE-----