Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/098b14b5-8f7e-4ae1-8a6a-23175be91c47.roa
File:                     098b14b5-8f7e-4ae1-8a6a-23175be91c47.roa (raw, json)
Hash identifier:          8VIX7dr6zhLC+KLyHejNytkm50nFtAI3uP2n4HTsP/Y=
Subject key identifier:   6F:D9:0A:4D:69:4C:6D:5B:7A:E1:AE:2C:36:09:F5:03:CD:9C:7E:E3
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       3B1F4CB99A2246C20B06F0E5D1731F823E481863
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/098b14b5-8f7e-4ae1-8a6a-23175be91c47.roa
Signing time:             Sun 11 Jun 2023 00:00:00 +0000
ROA not before:           Sun 11 Jun 2023 00:00:00 +0000
ROA not after:            Wed 14 Jun 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:1f:4c:b9:9a:22:46:c2:0b:06:f0:e5:d1:73:1f:82:3e:48:18:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jun 11 00:00:00 2023 GMT
            Not After : Jun 14 23:59:59 2023 GMT
        Subject: serialNumber=0fd78b3829e8b0fdb98847db152217f85eb49f9152104697ca622430967bf9a9, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:98:da:d8:ee:04:4a:5d:45:43:d3:3a:9e:02:
                    9c:cb:ec:9d:7c:a4:6f:38:2f:e0:06:31:24:ee:df:
                    14:27:ad:87:70:8a:cd:ad:d1:f6:d5:f1:59:4c:a4:
                    b8:35:86:53:0d:cc:8b:a8:cb:ef:c9:6c:4e:b4:a6:
                    ba:12:9d:0c:52:93:f0:5f:66:f3:73:34:92:94:d0:
                    b8:11:18:b0:48:c8:43:0f:d6:f0:8b:40:f1:9e:e3:
                    48:0b:32:83:28:33:98:65:0a:0a:24:7b:05:f5:cd:
                    9d:bd:1d:0b:73:ce:94:d7:d2:a7:f1:02:db:3b:2b:
                    ce:2e:66:fa:40:38:4a:2e:aa:ea:03:db:f5:64:e0:
                    aa:85:ff:a2:05:b5:ba:2e:eb:b1:fc:fe:4b:4b:08:
                    59:af:e8:7a:66:48:a6:9d:37:cb:8a:88:97:d3:84:
                    ff:5c:bb:55:48:46:a2:43:bc:81:75:bb:06:92:1f:
                    8e:d2:05:ed:15:3c:29:1d:9c:ce:8b:2e:aa:b1:7b:
                    11:ae:74:6d:80:f3:70:9c:01:61:ed:a1:05:93:c8:
                    44:32:c7:24:cd:15:57:d9:b7:c0:c8:46:e8:cf:bc:
                    da:b6:51:ed:11:d8:4a:ae:aa:49:ae:44:2f:12:b8:
                    13:f2:69:84:53:0c:73:08:4f:4f:04:32:08:9f:b4:
                    72:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:D9:0A:4D:69:4C:6D:5B:7A:E1:AE:2C:36:09:F5:03:CD:9C:7E:E3
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/098b14b5-8f7e-4ae1-8a6a-23175be91c47.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c8:f4:ab:f6:e5:dd:c9:69:24:9c:56:8a:92:d8:91:f3:1c:88:
         b1:3c:70:45:57:7f:58:e4:25:22:13:20:ae:d7:21:9a:36:2d:
         e5:82:8c:0f:ef:5c:3d:f0:28:61:4a:70:29:5a:6e:63:af:30:
         15:18:7c:f7:44:4c:02:b2:7f:27:b4:0a:dd:8a:20:d2:17:38:
         a3:f0:eb:c6:21:1f:74:78:f1:f1:8b:f0:6a:13:e5:5a:d9:ef:
         1b:59:36:ec:88:ba:3e:c9:f1:ab:82:00:8c:fa:7f:36:9c:48:
         7b:e1:26:10:a9:f7:ad:4f:2d:b3:f1:84:1e:71:d8:97:8b:c8:
         5d:fa:13:cc:9f:e1:ed:da:06:ed:94:9d:61:6c:50:50:aa:61:
         da:45:00:fd:02:5e:2d:47:d5:19:bf:fb:22:79:c7:72:af:86:
         60:28:1d:e0:1f:6a:ff:e3:75:09:7a:17:db:60:a5:72:2d:dc:
         a9:6a:9d:8a:23:32:47:f6:c3:bd:4e:93:14:b1:63:8a:d9:bc:
         52:72:a3:a1:41:0a:a5:05:48:2c:b1:94:b6:ac:a0:5f:bf:35:
         2f:9e:fd:09:61:ac:a7:95:23:99:33:22:b9:7b:69:cd:9f:2c:
         0a:1f:99:f0:ba:b0:5c:6a:72:d2:a5:8b:5f:41:90:08:e1:27:
         7a:99:a9:72
-----BEGIN CERTIFICATE-----
MIIGBTCCBO2gAwIBAgIUOx9MuZoiRsILBvDl0XMfgj5IGGMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNjExMDAwMDAwWhcNMjMwNjE0MjM1OTU5
WjB6MUkwRwYDVQQFE0AwZmQ3OGIzODI5ZThiMGZkYjk4ODQ3ZGIxNTIyMTdmODVl
YjQ5ZjkxNTIxMDQ2OTdjYTYyMjQzMDk2N2JmOWE5MS0wKwYDVQQDEyQ2YWU0ZTU2
Ny02MzQ4LTRjNGYtOThhOC0wNDIyYzRjNTJmZjMwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDSmNrY7gRKXUVD0zqeApzL7J18pG84L+AGMSTu3xQnrYdw
is2t0fbV8VlMpLg1hlMNzIuoy+/JbE60proSnQxSk/BfZvNzNJKU0LgRGLBIyEMP
1vCLQPGe40gLMoMoM5hlCgokewX1zZ29HQtzzpTX0qfxAts7K84uZvpAOEouquoD
2/Vk4KqF/6IFtbou67H8/ktLCFmv6HpmSKadN8uKiJfThP9cu1VIRqJDvIF1uwaS
H47SBe0VPCkdnM6LLqqxexGudG2A83CcAWHtoQWTyEQyxyTNFVfZt8DIRujPvNq2
Ue0R2EquqkmuRC8SuBPyaYRTDHMIT08EMgiftHLDAgMBAAGjggK+MIICujAdBgNV
HQ4EFgQUb9kKTWlMbVt64a4sNgn1A82cfuMwHwYDVR0jBBgwFoAUkUTtx6QO6ZC3
+jZv9uF9ea3Eg5cwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy83M2YyMWMyYi04
ODIzLTRjMjQtYjI1Yi00M2M4MGNiNmQxYmIvMjc4YWFiODc4ZjI4MzFiYjE4MjNi
NTg3OTRiMDkyZDg2ZmIxZDdhMGY3NGUyODE2MTEuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjY4YTMyZWUtNDU1ZC00ODNhLTk0M2QtMWE1
YmU3NDhiZmVhLzA5OGIxNGI1LThmN2UtNGFlMS04YTZhLTIzMTc1YmU5MWM0Ny5y
b2EwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVz
LWVhc3QtMi5hbWF6b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2Et
OTQzZC0xYTViZTc0OGJmZWEvNGJiOGFlNWMtMTI0Yy00MmYzLTg3ZmItNGYzNGU3
NGUzZGEyLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAxyR4MA0GCSqGSIb3DQEBCwUAA4IBAQDI9Kv25d3J
aSScVoqS2JHzHIixPHBFV39Y5CUiEyCu1yGaNi3lgowP71w98ChhSnApWm5jrzAV
GHz3REwCsn8ntArdiiDSFzij8OvGIR90ePHxi/BqE+Va2e8bWTbsiLo+yfGrggCM
+n82nEh74SYQqfetTy2z8YQecdiXi8hd+hPMn+Ht2gbtlJ1hbFBQqmHaRQD9Al4t
R9UZv/siecdyr4ZgKB3gH2r/43UJehfbYKVyLdypap2KIzJH9sO9TpMUsWOK2bxS
cqOhQQqlBUgssZS2rKBfvzUvnv0JYaynlSOZMyK5e2nNnywKH5nwurBcanLSpYtf
QZAI4Sd6maly
-----END CERTIFICATE-----