Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/ea4f848b-4ed3-4efe-9156-712fc97b2e91.roa
File:                     ea4f848b-4ed3-4efe-9156-712fc97b2e91.roa (raw, json)
Hash identifier:          fiCaBG3dSR4X2EuzNya11Mw7cVnnRcxwX5oj2xZwlE8=
Subject key identifier:   D0:8F:05:42:CC:12:D5:D9:21:7D:7A:6D:88:ED:FB:49:96:9B:77:0A
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       4A39A0AEE1C88D8A4C43DD7ECE0EC39390CAB5B7
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/ea4f848b-4ed3-4efe-9156-712fc97b2e91.roa
Signing time:             Sun 11 Jun 2023 00:00:00 +0000
ROA not before:           Sun 11 Jun 2023 00:00:00 +0000
ROA not after:            Wed 14 Jun 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:39:a0:ae:e1:c8:8d:8a:4c:43:dd:7e:ce:0e:c3:93:90:ca:b5:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jun 11 00:00:00 2023 GMT
            Not After : Jun 14 23:59:59 2023 GMT
        Subject: CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:f6:f5:7c:0b:73:70:8c:89:20:a2:57:b7:24:
                    96:5a:21:3a:f8:08:24:c5:83:23:ef:00:2e:a7:40:
                    5e:97:04:1f:7d:27:05:a8:36:b5:b8:52:7f:40:42:
                    21:7c:eb:3d:b9:03:5e:5d:90:48:d4:4d:a6:7c:b6:
                    72:b7:01:c3:09:d2:94:ed:e0:ea:15:e0:5c:51:87:
                    36:67:41:09:48:5c:eb:d6:6b:5e:e0:c3:83:89:31:
                    71:3b:95:53:83:3b:ee:2b:4f:d7:91:77:77:36:86:
                    0c:82:26:51:69:58:25:48:e0:63:ea:69:ca:7b:5d:
                    e7:56:22:87:a4:bf:a6:1a:6f:ee:16:c6:f8:1c:9c:
                    e3:f7:3e:ac:7b:15:60:c1:2c:ff:89:84:1a:40:b1:
                    a3:ed:0a:3a:7c:64:05:ab:19:b2:27:82:56:36:e5:
                    1e:f7:14:38:9e:57:d8:e0:57:57:60:b6:d9:98:12:
                    43:f0:dd:b2:73:26:9d:64:1d:ae:46:37:7e:03:e4:
                    e8:6a:5b:fa:30:23:41:36:49:43:ba:94:a8:59:45:
                    34:be:74:d8:40:14:72:5c:a4:16:03:17:0c:25:3d:
                    b9:75:8f:f8:87:41:ba:e5:37:34:3b:96:eb:88:76:
                    34:e2:4d:b4:3f:ba:97:9e:9c:95:94:d0:b2:f3:87:
                    1f:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:8F:05:42:CC:12:D5:D9:21:7D:7A:6D:88:ED:FB:49:96:9B:77:0A
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/ea4f848b-4ed3-4efe-9156-712fc97b2e91.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:01:b8:ea:44:32:c4:74:9c:86:f2:2c:31:17:88:fb:82:b8:
         19:5b:bc:20:43:95:39:8f:7e:b7:40:b7:9a:3e:9e:aa:0b:53:
         cc:f4:bd:c0:a2:43:9b:53:77:78:88:b2:f7:75:11:f6:3b:2f:
         06:3d:e8:7b:ba:e5:b1:c6:80:21:68:20:15:72:b1:7e:91:ae:
         6f:b7:e1:74:41:b9:34:d9:be:aa:3e:ec:0c:e1:6f:33:42:41:
         2e:78:2a:01:bb:48:aa:02:61:14:19:bb:96:34:e5:05:71:fc:
         a2:06:6e:03:4e:27:8a:e5:93:c6:74:be:9b:65:ad:ca:a8:5f:
         5d:54:91:d6:dc:b7:6c:e5:d1:ed:cc:28:fe:ea:d2:72:dc:bd:
         a4:a4:3f:4b:ea:8f:1d:18:e0:47:79:b8:35:ab:49:d3:98:0d:
         07:7c:85:25:7d:78:ab:68:73:e3:c8:6d:aa:46:cb:52:ef:10:
         f3:22:67:0c:6a:db:86:61:05:d6:78:e0:c0:69:ec:f3:e0:90:
         5d:59:ac:89:2a:ab:ac:c9:7f:10:36:c9:97:47:6d:ac:c4:c9:
         70:8f:5d:df:7b:4c:13:05:90:84:57:0a:da:47:be:fa:7a:fa:
         38:5c:1a:3b:ff:8f:6d:56:c0:7e:89:15:6a:d2:78:8b:e0:1f:
         9e:bf:3a:e6
-----BEGIN CERTIFICATE-----
MIIGBTCCBO2gAwIBAgIUSjmgruHIjYpMQ91+zg7Dk5DKtbcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNjExMDAwMDAwWhcNMjMwNjE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A2NGUwMmM4NmVlMDc3OTE5YTIyNGQ3ZjRhMTZhOWU1NjBj
NzhlM2NhOTQwOTA0MDc1M2MxNWE4MWVlYTNlNmJkMS0wKwYDVQQDEyQ2YWU0ZTU2
Ny02MzQ4LTRjNGYtOThhOC0wNDIyYzRjNTJmZjMwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCK9vV8C3NwjIkgole3JJZaITr4CCTFgyPvAC6nQF6XBB99
JwWoNrW4Un9AQiF86z25A15dkEjUTaZ8tnK3AcMJ0pTt4OoV4FxRhzZnQQlIXOvW
a17gw4OJMXE7lVODO+4rT9eRd3c2hgyCJlFpWCVI4GPqacp7XedWIoekv6Yab+4W
xvgcnOP3Pqx7FWDBLP+JhBpAsaPtCjp8ZAWrGbInglY25R73FDieV9jgV1dgttmY
EkPw3bJzJp1kHa5GN34D5OhqW/owI0E2SUO6lKhZRTS+dNhAFHJcpBYDFwwlPbl1
j/iHQbrlNzQ7luuIdjTiTbQ/upeenJWU0LLzhx8/AgMBAAGjggK+MIICujAdBgNV
HQ4EFgQU0I8FQswS1dkhfXptiO37SZabdwowHwYDVR0jBBgwFoAUkUTtx6QO6ZC3
+jZv9uF9ea3Eg5cwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy83M2YyMWMyYi04
ODIzLTRjMjQtYjI1Yi00M2M4MGNiNmQxYmIvMjc4YWFiODc4ZjI4MzFiYjE4MjNi
NTg3OTRiMDkyZDg2ZmIxZDdhMGY3NGUyODE2MTEuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjY4YTMyZWUtNDU1ZC00ODNhLTk0M2QtMWE1
YmU3NDhiZmVhL2VhNGY4NDhiLTRlZDMtNGVmZS05MTU2LTcxMmZjOTdiMmU5MS5y
b2EwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVz
LWVhc3QtMi5hbWF6b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2Et
OTQzZC0xYTViZTc0OGJmZWEvNGJiOGFlNWMtMTI0Yy00MmYzLTg3ZmItNGYzNGU3
NGUzZGEyLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAxyR4MA0GCSqGSIb3DQEBCwUAA4IBAQBQAbjqRDLE
dJyG8iwxF4j7grgZW7wgQ5U5j363QLeaPp6qC1PM9L3AokObU3d4iLL3dRH2Oy8G
Peh7uuWxxoAhaCAVcrF+ka5vt+F0Qbk02b6qPuwM4W8zQkEueCoBu0iqAmEUGbuW
NOUFcfyiBm4DTieK5ZPGdL6bZa3KqF9dVJHW3Lds5dHtzCj+6tJy3L2kpD9L6o8d
GOBHebg1q0nTmA0HfIUlfXiraHPjyG2qRstS7xDzImcMatuGYQXWeODAaezz4JBd
WayJKqusyX8QNsmXR22sxMlwj13fe0wTBZCEVwraR776evo4XBo7/49tVsB+iRVq
0niL4B+evzrm
-----END CERTIFICATE-----