Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cb39bc23-4060-484a-be12-52e505616392.roa
File:                     cb39bc23-4060-484a-be12-52e505616392.roa (raw, json)
Hash identifier:          iojgj6RjjQk6XcLRe3rTL67vTT1oOdtz+mkp5VN60wU=
Subject key identifier:   5C:05:12:AC:57:9A:73:64:5B:B9:D7:97:F9:C8:0A:3A:F1:76:8E:45
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       3A66C8CE23DC1E41A035E0C6B8460D1DFEA382E4
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cb39bc23-4060-484a-be12-52e505616392.roa
Signing time:             Sun 11 Jun 2023 00:00:00 +0000
ROA not before:           Sun 11 Jun 2023 00:00:00 +0000
ROA not after:            Wed 14 Jun 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:66:c8:ce:23:dc:1e:41:a0:35:e0:c6:b8:46:0d:1d:fe:a3:82:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jun 11 00:00:00 2023 GMT
            Not After : Jun 14 23:59:59 2023 GMT
        Subject: CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:cd:ef:7c:de:d9:c9:b4:61:1b:c6:fc:79:d1:
                    dd:60:71:94:09:be:f1:b6:63:04:76:de:7a:76:be:
                    10:68:bc:18:76:eb:2b:88:b9:53:75:26:71:ab:c3:
                    44:d8:5d:99:14:47:fb:8e:40:b6:92:27:bb:84:30:
                    11:c0:c5:67:03:15:fb:9d:00:23:d5:2b:b4:2c:dd:
                    4e:a0:38:95:9e:db:28:b8:14:ac:d1:25:d9:bb:ca:
                    4c:76:33:98:5e:ba:e9:53:c1:ce:bd:22:f5:66:f6:
                    8d:3b:a5:fa:d7:73:f2:3e:82:e8:e0:6f:cd:10:ea:
                    04:51:35:e6:9a:49:b8:63:d7:da:56:94:dd:9e:b5:
                    74:8c:b2:87:9e:54:96:7c:99:1f:74:43:dd:f0:de:
                    d3:97:1d:fb:56:80:05:23:42:68:a6:7b:7a:c0:55:
                    b9:43:27:38:1c:2e:d7:24:77:f1:3e:39:78:f3:22:
                    bf:e7:d3:bb:a5:bc:fd:8c:0c:c6:29:01:6f:1b:1b:
                    d0:a8:b5:f5:c9:d6:40:ac:5b:05:2b:ec:1f:5e:92:
                    cf:e0:b9:9b:65:bc:10:ac:c7:af:b4:4a:06:c3:f1:
                    b1:5c:c7:a9:08:6e:44:e8:07:d4:e8:d3:10:c9:0f:
                    19:2f:41:f9:29:af:a4:15:c8:79:7c:25:be:43:42:
                    4b:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:05:12:AC:57:9A:73:64:5B:B9:D7:97:F9:C8:0A:3A:F1:76:8E:45
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cb39bc23-4060-484a-be12-52e505616392.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:80:6e:5d:21:46:a8:7c:5f:08:09:a6:26:78:76:40:d3:44:
         9d:99:b0:0c:9e:9d:12:35:2e:f4:85:44:a3:3b:34:74:fe:59:
         43:0c:c5:3c:ae:38:75:a2:14:4d:2c:6a:e3:97:ea:79:56:66:
         49:79:b3:65:55:65:78:1a:ab:fd:e3:30:b6:da:9f:8b:1a:85:
         98:d1:c0:3d:a2:98:0d:21:e5:6a:17:b3:3a:a5:87:42:43:2b:
         8e:d9:84:46:1c:8d:28:fc:ee:0c:b0:d1:5f:67:d2:e0:06:e4:
         31:4d:ce:a3:59:da:96:a0:ff:f3:4f:11:fd:77:c9:9c:e5:09:
         d3:d0:93:14:62:68:ed:71:a5:e8:14:b9:f1:6a:1d:0b:14:c9:
         a3:79:24:2c:b6:08:78:84:a9:16:af:c4:39:83:15:01:2d:22:
         60:9b:78:66:d6:2d:a4:da:94:c1:64:a5:ce:8f:2a:24:d1:27:
         7d:ba:85:85:64:5b:95:ae:e0:b6:2d:09:ec:63:6a:a3:4d:30:
         3a:f7:f6:de:c1:32:54:6d:32:b0:b5:5b:62:46:60:f4:82:31:
         25:01:44:82:d1:4a:98:1a:5e:13:23:77:ba:6f:76:8a:7b:f4:
         55:79:43:a2:a4:c3:3b:a2:2c:96:94:16:3a:a5:15:cd:7c:d6:
         2a:15:db:da
-----BEGIN CERTIFICATE-----
MIIGBTCCBO2gAwIBAgIUOmbIziPcHkGgNeDGuEYNHf6jguQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNjExMDAwMDAwWhcNMjMwNjE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A0Y2QyOTQ2MGFhOGEyNjFkNTIxYjAzNzVhNjFmMGNjYTkx
NGU0YzYyZjUwY2I5OWRlNzkwNzAxNWEwY2NiMjIwMS0wKwYDVQQDEyQ2YWU0ZTU2
Ny02MzQ4LTRjNGYtOThhOC0wNDIyYzRjNTJmZjMwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCUze983tnJtGEbxvx50d1gcZQJvvG2YwR23np2vhBovBh2
6yuIuVN1JnGrw0TYXZkUR/uOQLaSJ7uEMBHAxWcDFfudACPVK7Qs3U6gOJWe2yi4
FKzRJdm7ykx2M5heuulTwc69IvVm9o07pfrXc/I+gujgb80Q6gRRNeaaSbhj19pW
lN2etXSMsoeeVJZ8mR90Q93w3tOXHftWgAUjQmime3rAVblDJzgcLtckd/E+OXjz
Ir/n07ulvP2MDMYpAW8bG9CotfXJ1kCsWwUr7B9eks/guZtlvBCsx6+0SgbD8bFc
x6kIbkToB9To0xDJDxkvQfkpr6QVyHl8Jb5DQkvrAgMBAAGjggK+MIICujAdBgNV
HQ4EFgQUXAUSrFeac2RbudeX+cgKOvF2jkUwHwYDVR0jBBgwFoAUkUTtx6QO6ZC3
+jZv9uF9ea3Eg5cwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy83M2YyMWMyYi04
ODIzLTRjMjQtYjI1Yi00M2M4MGNiNmQxYmIvMjc4YWFiODc4ZjI4MzFiYjE4MjNi
NTg3OTRiMDkyZDg2ZmIxZDdhMGY3NGUyODE2MTEuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjY4YTMyZWUtNDU1ZC00ODNhLTk0M2QtMWE1
YmU3NDhiZmVhL2NiMzliYzIzLTQwNjAtNDg0YS1iZTEyLTUyZTUwNTYxNjM5Mi5y
b2EwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVz
LWVhc3QtMi5hbWF6b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2Et
OTQzZC0xYTViZTc0OGJmZWEvNGJiOGFlNWMtMTI0Yy00MmYzLTg3ZmItNGYzNGU3
NGUzZGEyLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAxyR4MA0GCSqGSIb3DQEBCwUAA4IBAQBygG5dIUao
fF8ICaYmeHZA00SdmbAMnp0SNS70hUSjOzR0/llDDMU8rjh1ohRNLGrjl+p5VmZJ
ebNlVWV4Gqv94zC22p+LGoWY0cA9opgNIeVqF7M6pYdCQyuO2YRGHI0o/O4MsNFf
Z9LgBuQxTc6jWdqWoP/zTxH9d8mc5QnT0JMUYmjtcaXoFLnxah0LFMmjeSQstgh4
hKkWr8Q5gxUBLSJgm3hm1i2k2pTBZKXOjyok0Sd9uoWFZFuVruC2LQnsY2qjTTA6
9/bewTJUbTKwtVtiRmD0gjElAUSC0UqYGl4TI3e6b3aKe/RVeUOipMM7oiyWlBY6
pRXNfNYqFdva
-----END CERTIFICATE-----