Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ffac3218-7ec3-4f5c-bf9b-cd137074bc32.roa
File:                     ffac3218-7ec3-4f5c-bf9b-cd137074bc32.roa (raw, json)
Hash identifier:          CyXPNNlIQMhCDbvraM26YQ6DpR8geuftFCJfkKZxm4U=
Subject key identifier:   A9:C4:0A:6F:97:57:71:0B:60:11:18:D7:79:12:49:87:8A:48:9B:F4
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7DCE5086F2CB9C3A61592A61C2F18A8B84AF5307
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ffac3218-7ec3-4f5c-bf9b-cd137074bc32.roa
Signing time:             Fri 24 Nov 2023 00:00:00 +0000
ROA not before:           Fri 24 Nov 2023 00:00:00 +0000
ROA not after:            Fri 29 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:ce:50:86:f2:cb:9c:3a:61:59:2a:61:c2:f1:8a:8b:84:af:53:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 24 00:00:00 2023 GMT
            Not After : Dec 29 23:59:59 2023 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:3c:ab:60:c6:9c:1a:bc:9c:cb:2f:fa:6f:d3:
                    ac:1f:85:6f:88:c6:6e:fe:cb:7e:8b:97:61:5d:d2:
                    07:9d:39:39:07:05:7a:de:ac:a0:ee:a2:5a:b4:45:
                    d8:3d:28:51:89:03:63:b0:18:ed:64:86:46:ad:1e:
                    6c:3c:b1:62:52:6c:1b:d8:7d:b4:a6:d1:e0:49:38:
                    03:b4:83:81:d8:c1:ae:5f:56:eb:e5:e9:8b:7d:f0:
                    57:22:47:ac:55:9d:c4:0a:41:9d:f7:5f:87:08:12:
                    b2:5d:33:72:54:93:47:72:18:5e:3a:76:0c:d3:20:
                    1c:e7:bd:ac:f5:18:3f:40:b1:ac:7f:78:26:01:09:
                    67:16:77:c6:b8:11:ee:78:24:38:4c:ab:d2:0c:97:
                    27:14:78:79:55:94:f7:93:21:93:5f:7c:6f:3d:08:
                    0b:3f:c0:a5:9d:8e:a5:5e:54:2e:13:db:3a:8e:64:
                    05:f8:0c:0e:7d:f5:81:a0:e6:6b:0f:22:63:5f:c4:
                    17:20:44:db:8a:68:99:24:62:4f:e5:a8:4a:92:c8:
                    45:5e:76:0c:fc:87:2c:81:82:43:1b:63:a6:b5:be:
                    65:8f:88:2d:92:2a:c7:2f:f4:92:ed:b5:20:12:1b:
                    a9:cc:81:ae:01:82:5c:70:5a:79:99:37:f4:39:5d:
                    5d:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:C4:0A:6F:97:57:71:0B:60:11:18:D7:79:12:49:87:8A:48:9B:F4
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ffac3218-7ec3-4f5c-bf9b-cd137074bc32.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:68:ae:63:bf:12:25:d8:61:1a:bd:7c:19:19:3f:f8:d4:49:
         d8:bb:4c:ef:2c:23:98:3a:87:da:7f:a3:12:1e:dd:d1:62:d8:
         8d:ca:12:4c:a4:4a:39:8b:71:ba:c4:17:37:00:46:4c:3c:63:
         2a:78:d5:74:d7:3f:7a:d9:c5:4e:73:75:94:83:63:a3:bd:00:
         7b:1c:fd:23:f1:09:9d:ca:a8:e6:c8:3f:ed:ae:dd:7e:57:1b:
         3a:e9:f1:ec:77:fc:64:62:e4:2b:c0:c2:43:35:1b:24:df:f4:
         f6:5e:24:03:89:12:97:e5:8d:b2:0a:17:b8:bb:78:7a:24:0b:
         d3:1e:64:2b:70:f9:b2:6a:3c:22:67:26:5a:1b:0c:64:6a:db:
         84:ff:3b:c1:40:a6:7b:29:8a:f2:7c:34:0e:dd:0d:f7:96:67:
         88:d2:92:2d:7b:1b:ca:f0:e7:35:b8:b4:a2:c0:63:a8:0a:11:
         3c:88:d4:15:de:a4:2a:b9:c3:2a:52:d5:0e:b8:20:f6:b6:e2:
         c5:ae:bb:4d:1d:bc:84:88:5e:32:bd:c4:18:ef:93:83:0b:9d:
         4f:ad:2e:25:7d:bb:ba:7b:a0:fb:ce:77:f0:c6:c7:99:41:54:
         38:ed:4e:01:49:97:7f:fb:d4:a1:97:6b:9c:7b:bb:51:50:d2:
         90:4a:53:14
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfc5QhvLLnDphWSphwvGKi4SvUwcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMTI0MDAwMDAwWhcNMjMxMjI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BmYmQyMjAwOGE2YzhlYzAzNjI5MGZjZWNmZTE2ZTYwYjEw
NWNlZDZlMDBhZmFkMzQ2NDg3ZTQ0MjRjYjRlYWI0MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9PKtgxpwavJzLL/pv06wfhW+Ixm7+y36Ll2Fd0gedOTkH
BXrerKDuolq0Rdg9KFGJA2OwGO1khkatHmw8sWJSbBvYfbSm0eBJOAO0g4HYwa5f
Vuvl6Yt98FciR6xVncQKQZ33X4cIErJdM3JUk0dyGF46dgzTIBznvaz1GD9Asax/
eCYBCWcWd8a4Ee54JDhMq9IMlycUeHlVlPeTIZNffG89CAs/wKWdjqVeVC4T2zqO
ZAX4DA599YGg5msPImNfxBcgRNuKaJkkYk/lqEqSyEVedgz8hyyBgkMbY6a1vmWP
iC2SKscv9JLttSASG6nMga4BglxwWnmZN/Q5XV2HAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUqcQKb5dXcQtgERjXeRJJh4pIm/QwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2ZmYWMzMjE4LTdlYzMtNGY1Yy1iZjliLWNkMTM3MDc0YmMzMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADVormO/EiXYYRq9fBkZP/jUSdi7
TO8sI5g6h9p/oxIe3dFi2I3KEkykSjmLcbrEFzcARkw8Yyp41XTXP3rZxU5zdZSD
Y6O9AHsc/SPxCZ3KqObIP+2u3X5XGzrp8ex3/GRi5CvAwkM1GyTf9PZeJAOJEpfl
jbIKF7i7eHokC9MeZCtw+bJqPCJnJlobDGRq24T/O8FApnspivJ8NA7dDfeWZ4jS
ki17G8rw5zW4tKLAY6gKETyI1BXepCq5wypS1Q64IPa24sWuu00dvISIXjK9xBjv
k4MLnU+tLiV9u7p7oPvOd/DGx5lBVDjtTgFJl3/71KGXa5x7u1FQ0pBKUxQ=
-----END CERTIFICATE-----