Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b974c868-56c3-44e1-acb2-db95ed5a012d.roa
File:                     b974c868-56c3-44e1-acb2-db95ed5a012d.roa (raw, json)
Hash identifier:          +ZtmBQ0BZnEnYpg0mt9CzYoIaFyoTnVLbz754QrV4YA=
Subject key identifier:   A2:37:46:8A:2D:20:58:73:3F:02:B2:49:D2:5E:90:02:C2:7A:5A:54
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       02375578D199C8B5DBBA01FAD2B07C717B2EAA6A
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b974c868-56c3-44e1-acb2-db95ed5a012d.roa
Signing time:             Sat 10 Jun 2023 00:00:00 +0000
ROA not before:           Sat 10 Jun 2023 00:00:00 +0000
ROA not after:            Tue 13 Jun 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:37:55:78:d1:99:c8:b5:db:ba:01:fa:d2:b0:7c:71:7b:2e:aa:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jun 10 00:00:00 2023 GMT
            Not After : Jun 13 23:59:59 2023 GMT
        Subject: CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:6d:6f:3b:77:ad:82:ee:f5:95:af:14:47:5c:
                    2c:74:8b:7f:6f:82:a6:a0:23:67:07:20:ab:5d:66:
                    e4:ba:44:69:9d:46:33:aa:c9:11:58:30:ea:66:55:
                    1c:79:cc:5e:1d:5e:4d:b9:b5:75:6e:b6:46:ef:1e:
                    1b:d5:53:8d:29:ca:c0:9a:c8:e8:9e:40:37:05:25:
                    9c:1d:a1:bc:d5:68:8b:88:1d:d9:b2:1b:d4:b4:bb:
                    ba:93:25:a9:cf:34:5e:f1:6c:4f:db:de:49:d7:2d:
                    bb:e4:16:ce:98:6e:4e:f2:52:a2:7e:ce:5d:1e:e8:
                    e1:fb:bc:39:67:b4:2e:2f:47:1f:1e:e8:ee:85:c2:
                    f7:6f:dd:d4:a6:35:37:83:04:8b:41:99:63:0f:db:
                    56:92:1d:c8:0d:8f:90:de:67:b8:57:9b:a3:f8:35:
                    fd:37:87:f6:3e:12:84:11:74:be:f6:ff:36:ce:9f:
                    03:dd:17:14:cd:fc:3a:e6:ed:7b:c6:8c:68:79:cf:
                    1e:76:c5:9e:4f:d3:2c:fa:10:27:c4:a1:f2:b9:ae:
                    53:7a:03:ad:87:1a:47:3f:c2:c1:cd:0e:28:ae:e9:
                    27:6c:f7:e3:56:cb:a4:2b:f8:9b:09:67:e1:d7:82:
                    24:84:00:90:53:bd:4a:54:be:f4:e5:a5:08:47:06:
                    f2:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:37:46:8A:2D:20:58:73:3F:02:B2:49:D2:5E:90:02:C2:7A:5A:54
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b974c868-56c3-44e1-acb2-db95ed5a012d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:2e:af:d2:34:7f:d9:e5:06:de:fb:71:be:9b:f7:13:5b:04:
         66:0d:e1:f2:03:01:54:84:1b:05:fc:c7:44:d3:f0:aa:f4:67:
         5f:b8:68:34:49:03:dc:21:76:43:fe:b1:10:17:26:38:a5:a8:
         c9:ce:08:21:2b:8b:49:9c:21:e1:83:0f:af:83:b7:79:bf:72:
         ee:d5:6b:f4:19:94:d8:77:7a:fc:61:cb:58:8a:90:72:2f:6e:
         24:4c:ae:09:0d:b2:fd:81:a2:bb:5e:3a:22:fa:89:6c:fc:24:
         7e:59:31:dd:f8:7c:ba:21:29:37:4f:28:39:67:99:53:6a:0d:
         68:09:2e:4c:05:fb:fc:1c:7e:74:c5:95:6e:17:21:fd:3d:1a:
         dd:cb:02:ac:6c:ee:13:12:86:72:92:c5:bf:dc:4c:7b:e4:f5:
         8e:9b:67:27:ee:32:e2:2d:40:eb:31:bf:b2:4f:22:ce:bc:f7:
         db:fc:9f:f2:b7:ed:e7:31:c5:b0:63:bb:80:83:9e:09:53:50:
         29:5b:9b:e5:69:b8:88:57:e7:85:86:20:7e:a5:2e:6a:7c:57:
         92:f2:48:73:ce:ca:2b:f3:27:1e:4c:67:24:8d:6b:c8:43:e4:
         28:5e:41:5c:8d:72:a7:92:bf:fb:ae:93:82:3b:05:37:c6:3a:
         b7:e2:b2:f3
-----BEGIN CERTIFICATE-----
MIIGBTCCBO2gAwIBAgIUAjdVeNGZyLXbugH60rB8cXsuqmowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNjEwMDAwMDAwWhcNMjMwNjEzMjM1OTU5
WjB6MUkwRwYDVQQFE0AxNTI0YWJlZDZjYmUwMzJhODkxZDI2ZTNhY2JmZTNjNjUy
OWVkYjk2M2RmZTZlOGMxMWRiYjVmNWU2MGU5NWMxMS0wKwYDVQQDEyQ2YWU0ZTU2
Ny02MzQ4LTRjNGYtOThhOC0wNDIyYzRjNTJmZjMwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvbW87d62C7vWVrxRHXCx0i39vgqagI2cHIKtdZuS6RGmd
RjOqyRFYMOpmVRx5zF4dXk25tXVutkbvHhvVU40pysCayOieQDcFJZwdobzVaIuI
HdmyG9S0u7qTJanPNF7xbE/b3knXLbvkFs6Ybk7yUqJ+zl0e6OH7vDlntC4vRx8e
6O6Fwvdv3dSmNTeDBItBmWMP21aSHcgNj5DeZ7hXm6P4Nf03h/Y+EoQRdL72/zbO
nwPdFxTN/Drm7XvGjGh5zx52xZ5P0yz6ECfEofK5rlN6A62HGkc/wsHNDiiu6Sds
9+NWy6Qr+JsJZ+HXgiSEAJBTvUpUvvTlpQhHBvJFAgMBAAGjggK+MIICujAdBgNV
HQ4EFgQUojdGii0gWHM/ArJJ0l6QAsJ6WlQwHwYDVR0jBBgwFoAUkUTtx6QO6ZC3
+jZv9uF9ea3Eg5cwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy83M2YyMWMyYi04
ODIzLTRjMjQtYjI1Yi00M2M4MGNiNmQxYmIvMjc4YWFiODc4ZjI4MzFiYjE4MjNi
NTg3OTRiMDkyZDg2ZmIxZDdhMGY3NGUyODE2MTEuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjY4YTMyZWUtNDU1ZC00ODNhLTk0M2QtMWE1
YmU3NDhiZmVhL2I5NzRjODY4LTU2YzMtNDRlMS1hY2IyLWRiOTVlZDVhMDEyZC5y
b2EwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVz
LWVhc3QtMi5hbWF6b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2Et
OTQzZC0xYTViZTc0OGJmZWEvNGJiOGFlNWMtMTI0Yy00MmYzLTg3ZmItNGYzNGU3
NGUzZGEyLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAxyR4MA0GCSqGSIb3DQEBCwUAA4IBAQAnLq/SNH/Z
5Qbe+3G+m/cTWwRmDeHyAwFUhBsF/MdE0/Cq9GdfuGg0SQPcIXZD/rEQFyY4pajJ
zgghK4tJnCHhgw+vg7d5v3Lu1Wv0GZTYd3r8YctYipByL24kTK4JDbL9gaK7Xjoi
+ols/CR+WTHd+Hy6ISk3Tyg5Z5lTag1oCS5MBfv8HH50xZVuFyH9PRrdywKsbO4T
EoZyksW/3Ex75PWOm2cn7jLiLUDrMb+yTyLOvPfb/J/yt+3nMcWwY7uAg54JU1Ap
W5vlabiIV+eFhiB+pS5qfFeS8khzzsor8yceTGckjWvIQ+QoXkFcjXKnkr/7rpOC
OwU3xjq34rLz
-----END CERTIFICATE-----