Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0d425bec-8eca-4939-a601-d22f9bf1434c.roa
File:                     0d425bec-8eca-4939-a601-d22f9bf1434c.roa (raw, json)
Hash identifier:          ylxlwU4KqImg7wIURBXinVEdLtx6JbheIyIKgGSH//s=
Subject key identifier:   4C:00:C2:99:B6:F4:43:D4:37:3D:02:84:D0:3F:C5:52:23:01:2B:D8
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       58EB86A5F7F436A820EAEC7A8D11DE76E6D0D588
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0d425bec-8eca-4939-a601-d22f9bf1434c.roa
Signing time:             Fri 09 Jun 2023 00:00:00 +0000
ROA not before:           Fri 09 Jun 2023 00:00:00 +0000
ROA not after:            Mon 12 Jun 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:eb:86:a5:f7:f4:36:a8:20:ea:ec:7a:8d:11:de:76:e6:d0:d5:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jun  9 00:00:00 2023 GMT
            Not After : Jun 12 23:59:59 2023 GMT
        Subject: serialNumber=861f53296cd43358f4799aae41454a9e9bf400194f590a1057e780274c3fb01a, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:7f:ff:40:b4:ab:ea:1b:50:64:9b:05:fc:70:
                    e8:a6:85:ef:8e:e2:dc:78:f9:aa:0f:a2:f9:8e:35:
                    63:f9:87:46:5c:93:88:41:75:4f:b5:00:16:da:4c:
                    d0:24:cc:46:e2:47:88:cb:65:44:b4:c2:ae:de:1c:
                    77:ff:03:ee:c3:0b:af:53:c6:2e:fa:26:e4:9d:9a:
                    e9:1d:16:de:80:fd:76:2d:8a:92:68:64:d5:e5:1e:
                    1e:49:95:03:25:f7:3d:8e:f7:01:bd:e4:58:34:a5:
                    e2:f9:57:3e:0e:e5:cf:ec:f8:e5:4c:0d:fb:94:1b:
                    b7:fd:ae:03:1e:7f:51:4c:fa:8e:2b:17:41:37:8c:
                    b8:6d:91:90:fe:98:26:0c:f2:09:71:ed:52:62:17:
                    e6:90:fa:65:85:a2:b6:bf:47:e5:3d:85:d7:e0:a7:
                    e3:fb:d3:83:2f:f5:69:f3:68:5d:32:c5:15:e0:36:
                    d2:20:cb:e0:1c:43:2d:d8:6f:68:e6:ba:8d:bc:41:
                    9d:21:8c:9c:06:ed:06:96:0e:7b:d8:c3:d8:0d:4d:
                    11:e3:d5:c5:22:91:8f:4f:95:79:4d:8d:fd:0d:35:
                    b4:08:d4:ec:f6:08:89:b8:2d:d5:55:c5:3f:17:0c:
                    eb:3b:c5:77:70:40:77:c4:ee:fc:ef:17:88:48:2c:
                    2b:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:00:C2:99:B6:F4:43:D4:37:3D:02:84:D0:3F:C5:52:23:01:2B:D8
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0d425bec-8eca-4939-a601-d22f9bf1434c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:06:0c:88:46:fb:49:0b:67:11:03:c5:81:36:0b:bf:33:20:
         ff:8d:85:e6:1c:81:45:4a:74:e5:98:0d:00:47:20:31:fc:72:
         42:06:8d:2a:62:8c:23:bf:70:53:c5:90:1d:4d:d6:80:c8:03:
         74:54:ed:92:1d:ee:56:5f:1d:3c:28:d9:d4:0b:2f:56:02:fc:
         54:c1:04:bd:48:7c:05:f7:7f:f6:36:15:f6:d9:8d:f3:8d:64:
         80:62:06:37:cc:99:79:ae:d5:8f:f9:aa:5c:27:d2:03:43:d8:
         3b:01:ef:6d:93:04:f8:c8:8e:ec:f4:45:1b:86:0e:a7:ce:e7:
         1b:b3:8b:2e:a5:13:8f:05:cf:9f:af:9c:f3:30:a8:04:7a:9a:
         8f:d9:41:36:50:24:84:11:e5:a9:cc:42:21:36:24:27:49:7f:
         82:58:72:19:c3:28:15:7f:fb:38:dc:77:09:cc:77:18:14:52:
         72:79:46:98:1e:78:1e:00:93:77:9d:bf:f7:5a:6e:f6:00:bf:
         8a:c3:0c:50:9f:e5:8b:56:c5:cb:4c:bf:e6:0b:4e:bd:60:42:
         11:43:6d:e1:4d:59:38:a6:69:23:dd:e0:ed:7b:9e:7e:71:4d:
         f4:ff:82:03:cd:d5:f8:eb:db:ff:26:b5:ab:9f:e7:aa:6b:53:
         00:17:b9:57
-----BEGIN CERTIFICATE-----
MIIGBTCCBO2gAwIBAgIUWOuGpff0Nqgg6ux6jRHedubQ1YgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNjA5MDAwMDAwWhcNMjMwNjEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A4NjFmNTMyOTZjZDQzMzU4ZjQ3OTlhYWU0MTQ1NGE5ZTli
ZjQwMDE5NGY1OTBhMTA1N2U3ODAyNzRjM2ZiMDFhMS0wKwYDVQQDEyQ2YWU0ZTU2
Ny02MzQ4LTRjNGYtOThhOC0wNDIyYzRjNTJmZjMwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvf/9AtKvqG1BkmwX8cOimhe+O4tx4+aoPovmONWP5h0Zc
k4hBdU+1ABbaTNAkzEbiR4jLZUS0wq7eHHf/A+7DC69Txi76JuSdmukdFt6A/XYt
ipJoZNXlHh5JlQMl9z2O9wG95Fg0peL5Vz4O5c/s+OVMDfuUG7f9rgMef1FM+o4r
F0E3jLhtkZD+mCYM8glx7VJiF+aQ+mWFora/R+U9hdfgp+P704Mv9WnzaF0yxRXg
NtIgy+AcQy3Yb2jmuo28QZ0hjJwG7QaWDnvYw9gNTRHj1cUikY9PlXlNjf0NNbQI
1Oz2CIm4LdVVxT8XDOs7xXdwQHfE7vzvF4hILCudAgMBAAGjggK+MIICujAdBgNV
HQ4EFgQUTADCmbb0Q9Q3PQKE0D/FUiMBK9gwHwYDVR0jBBgwFoAUkUTtx6QO6ZC3
+jZv9uF9ea3Eg5cwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy83M2YyMWMyYi04
ODIzLTRjMjQtYjI1Yi00M2M4MGNiNmQxYmIvMjc4YWFiODc4ZjI4MzFiYjE4MjNi
NTg3OTRiMDkyZDg2ZmIxZDdhMGY3NGUyODE2MTEuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjY4YTMyZWUtNDU1ZC00ODNhLTk0M2QtMWE1
YmU3NDhiZmVhLzBkNDI1YmVjLThlY2EtNDkzOS1hNjAxLWQyMmY5YmYxNDM0Yy5y
b2EwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVz
LWVhc3QtMi5hbWF6b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2Et
OTQzZC0xYTViZTc0OGJmZWEvNGJiOGFlNWMtMTI0Yy00MmYzLTg3ZmItNGYzNGU3
NGUzZGEyLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAxyR4MA0GCSqGSIb3DQEBCwUAA4IBAQC2BgyIRvtJ
C2cRA8WBNgu/MyD/jYXmHIFFSnTlmA0ARyAx/HJCBo0qYowjv3BTxZAdTdaAyAN0
VO2SHe5WXx08KNnUCy9WAvxUwQS9SHwF93/2NhX22Y3zjWSAYgY3zJl5rtWP+apc
J9IDQ9g7Ae9tkwT4yI7s9EUbhg6nzucbs4supROPBc+fr5zzMKgEepqP2UE2UCSE
EeWpzEIhNiQnSX+CWHIZwygVf/s43HcJzHcYFFJyeUaYHngeAJN3nb/3Wm72AL+K
wwxQn+WLVsXLTL/mC069YEIRQ23hTVk4pmkj3eDte55+cU30/4IDzdX469v/JrWr
n+eqa1MAF7lX
-----END CERTIFICATE-----