Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d028c8b4-74af-44cc-ae1a-cac7e7879cd3.roa
File:                     d028c8b4-74af-44cc-ae1a-cac7e7879cd3.roa (raw, json)
Hash identifier:          B+dIQWLrhWFeljbQQlrOZPe4RX28vxWGa98oOBD7JME=
Subject key identifier:   EE:AB:B2:93:BB:15:0A:D0:E6:CB:79:A2:E7:1C:EC:25:F1:EC:94:77
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       3DC26DEE839A6567ECD69FF011788D824D7DF0CF
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d028c8b4-74af-44cc-ae1a-cac7e7879cd3.roa
Signing time:             Tue 13 Jun 2023 00:00:00 +0000
ROA not before:           Tue 13 Jun 2023 00:00:00 +0000
ROA not after:            Fri 16 Jun 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:c2:6d:ee:83:9a:65:67:ec:d6:9f:f0:11:78:8d:82:4d:7d:f0:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jun 13 00:00:00 2023 GMT
            Not After : Jun 16 23:59:59 2023 GMT
        Subject: CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:0a:23:8b:9a:0e:9c:b2:0a:f3:cb:85:1c:f5:
                    07:60:26:b0:3a:be:fd:7e:62:c5:9c:c4:ea:79:87:
                    e1:99:51:bb:48:b3:39:fb:ab:62:ae:ab:a7:04:da:
                    f0:27:ca:bc:64:0d:89:b1:dc:bc:55:86:98:06:99:
                    e8:f3:80:3f:6c:08:fe:6e:34:b3:84:5d:49:52:77:
                    d3:da:78:4e:9b:a9:bd:e2:ab:a3:23:f4:fe:ac:76:
                    05:e0:46:be:71:d5:6c:fc:7c:8e:88:a5:f5:87:06:
                    78:96:bf:88:00:ca:2a:66:c6:13:d2:f9:c2:f4:70:
                    bb:c5:2a:f9:1c:db:34:14:74:72:bf:6c:e4:9a:91:
                    dd:cc:78:e1:76:eb:0f:1e:6d:19:73:4b:2f:63:1b:
                    78:3f:88:df:7d:bf:b1:cd:54:de:10:d3:e7:24:85:
                    0f:dc:b9:50:fc:ed:d4:06:0d:aa:52:93:57:59:77:
                    a3:08:15:9f:25:e1:2a:b1:fa:d0:74:08:6f:19:55:
                    50:63:f5:89:ae:d0:92:92:11:8e:e0:b9:87:ee:50:
                    7e:b7:02:92:bd:52:51:98:13:d9:7e:2d:a1:19:1c:
                    16:5d:47:10:34:26:bf:18:27:61:2b:e4:57:0e:50:
                    60:05:fc:26:54:06:3f:5a:7c:29:b6:2a:c6:ed:19:
                    75:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:AB:B2:93:BB:15:0A:D0:E6:CB:79:A2:E7:1C:EC:25:F1:EC:94:77
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d028c8b4-74af-44cc-ae1a-cac7e7879cd3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:74:f6:af:77:b4:39:95:ff:d2:a4:bc:64:57:3a:c6:f4:0e:
         58:f3:1d:1b:8a:ee:44:28:fe:6b:83:ca:81:e4:e5:d4:e5:fa:
         3a:16:1c:5a:1c:00:ff:66:68:18:c5:90:26:d0:86:9f:7a:d4:
         32:f9:02:8c:a2:eb:a0:97:88:48:b0:c9:93:53:3d:56:67:b8:
         3f:44:4e:c3:bb:24:d8:be:e1:28:2d:af:08:28:d6:0e:bd:46:
         73:b5:17:9a:36:79:45:70:f1:45:a0:ee:ea:68:69:39:37:ec:
         95:17:ed:03:f4:4a:8c:de:97:77:13:cd:2b:75:bd:71:9f:8a:
         c9:f1:50:5b:c4:52:6e:76:0c:c9:01:af:d8:91:26:dc:f7:14:
         0f:60:42:18:28:10:07:60:af:9e:ee:2c:ef:30:f4:72:02:21:
         15:ef:5d:fb:29:33:c1:bd:20:3b:f6:71:e0:ef:63:a7:6f:0e:
         69:2e:0e:5c:53:0c:9f:d7:4e:b2:a5:f0:de:53:2e:98:ea:a1:
         5d:36:2c:80:2a:c0:0f:e2:27:0e:f0:35:07:5f:28:05:44:71:
         62:db:01:e6:2c:55:4e:29:ca:ce:55:96:57:37:84:8b:c4:cf:
         68:1f:ef:e0:95:1a:67:15:9e:2d:dd:ef:98:d8:16:c4:e9:d7:
         c9:a4:99:82
-----BEGIN CERTIFICATE-----
MIIGBTCCBO2gAwIBAgIUPcJt7oOaZWfs1p/wEXiNgk198M8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNjEzMDAwMDAwWhcNMjMwNjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0BiMDJkMThkNzM2YTg5ZGE2YWE5NjlhMGM2Y2Y4NzgxNzBk
N2NiZjU1YWU3Mjk3MjEyZTQ1M2YxOGQwNTgwMmRmMS0wKwYDVQQDEyQ2YWU0ZTU2
Ny02MzQ4LTRjNGYtOThhOC0wNDIyYzRjNTJmZjMwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCHCiOLmg6csgrzy4Uc9QdgJrA6vv1+YsWcxOp5h+GZUbtI
szn7q2Kuq6cE2vAnyrxkDYmx3LxVhpgGmejzgD9sCP5uNLOEXUlSd9PaeE6bqb3i
q6Mj9P6sdgXgRr5x1Wz8fI6IpfWHBniWv4gAyipmxhPS+cL0cLvFKvkc2zQUdHK/
bOSakd3MeOF26w8ebRlzSy9jG3g/iN99v7HNVN4Q0+ckhQ/cuVD87dQGDapSk1dZ
d6MIFZ8l4Sqx+tB0CG8ZVVBj9Ymu0JKSEY7guYfuUH63ApK9UlGYE9l+LaEZHBZd
RxA0Jr8YJ2Er5FcOUGAF/CZUBj9afCm2KsbtGXUnAgMBAAGjggK+MIICujAdBgNV
HQ4EFgQU7quyk7sVCtDmy3mi5xzsJfHslHcwHwYDVR0jBBgwFoAUkUTtx6QO6ZC3
+jZv9uF9ea3Eg5cwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy83M2YyMWMyYi04
ODIzLTRjMjQtYjI1Yi00M2M4MGNiNmQxYmIvMjc4YWFiODc4ZjI4MzFiYjE4MjNi
NTg3OTRiMDkyZDg2ZmIxZDdhMGY3NGUyODE2MTEuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjY4YTMyZWUtNDU1ZC00ODNhLTk0M2QtMWE1
YmU3NDhiZmVhL2QwMjhjOGI0LTc0YWYtNDRjYy1hZTFhLWNhYzdlNzg3OWNkMy5y
b2EwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVz
LWVhc3QtMi5hbWF6b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2Et
OTQzZC0xYTViZTc0OGJmZWEvNGJiOGFlNWMtMTI0Yy00MmYzLTg3ZmItNGYzNGU3
NGUzZGEyLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAxyR4MA0GCSqGSIb3DQEBCwUAA4IBAQC2dPavd7Q5
lf/SpLxkVzrG9A5Y8x0biu5EKP5rg8qB5OXU5fo6FhxaHAD/ZmgYxZAm0IafetQy
+QKMouugl4hIsMmTUz1WZ7g/RE7DuyTYvuEoLa8IKNYOvUZztReaNnlFcPFFoO7q
aGk5N+yVF+0D9EqM3pd3E80rdb1xn4rJ8VBbxFJudgzJAa/YkSbc9xQPYEIYKBAH
YK+e7izvMPRyAiEV7137KTPBvSA79nHg72Onbw5pLg5cUwyf106ypfDeUy6Y6qFd
NiyAKsAP4icO8DUHXygFRHFi2wHmLFVOKcrOVZZXN4SLxM9oH+/glRpnFZ4t3e+Y
2BbE6dfJpJmC
-----END CERTIFICATE-----