Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/128034ca-5d68-49f1-b4f0-00d97a94012b.roa
File:                     128034ca-5d68-49f1-b4f0-00d97a94012b.roa (raw, json)
Hash identifier:          N6FxNd0g/00kiliHOTj2/Mrt581jmhlfvn7UK5pwGnQ=
Subject key identifier:   05:B4:39:91:52:2D:25:75:08:83:42:8A:BA:66:89:EB:80:6A:1D:6C
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       76D81FD6A9285E9AA0721C9DB7D952EC04E44CB9
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/128034ca-5d68-49f1-b4f0-00d97a94012b.roa
Signing time:             Sun 11 Jun 2023 00:00:00 +0000
ROA not before:           Sun 11 Jun 2023 00:00:00 +0000
ROA not after:            Wed 14 Jun 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:d8:1f:d6:a9:28:5e:9a:a0:72:1c:9d:b7:d9:52:ec:04:e4:4c:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jun 11 00:00:00 2023 GMT
            Not After : Jun 14 23:59:59 2023 GMT
        Subject: serialNumber=f50edda882a217b8f21a3080c3b4cf3f56a8d571fefd3a147d1a436bb9e123b6, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:e5:33:8e:09:58:97:64:d0:d8:68:4d:b4:76:
                    8a:01:21:cf:90:a8:d1:3a:0d:7d:e3:ca:d7:7d:81:
                    82:fe:f6:ac:c9:6c:21:c7:1b:5e:a2:43:32:50:46:
                    d6:8c:52:21:0d:fb:a9:51:84:fe:9b:4b:46:bb:92:
                    70:eb:d0:f3:27:df:89:ec:65:87:08:90:3d:bf:f8:
                    1a:23:46:9f:ea:13:bf:d7:c4:fd:b4:11:16:fa:c0:
                    3b:4c:1a:31:89:82:77:cd:4b:a1:95:ac:7e:ab:53:
                    12:5d:11:b2:d7:5d:d7:67:5a:33:ba:fa:da:49:63:
                    e7:2a:97:5a:c8:07:ac:80:ae:ad:59:ab:84:4b:7b:
                    b3:9f:d4:84:a8:08:53:79:fc:d2:9c:a8:c6:c4:28:
                    be:d1:1f:7e:9e:16:f9:3a:59:4b:62:bb:a8:58:70:
                    b3:02:73:ff:b5:3f:43:2f:05:2d:d4:04:0f:3a:8d:
                    5f:1c:92:77:ae:a0:2a:88:3c:5f:92:55:fb:31:da:
                    bf:97:4a:a8:e1:1b:d7:3b:8f:28:af:fd:e1:e8:b5:
                    bd:d7:42:3a:99:1c:a1:1b:b8:33:cb:ac:00:24:59:
                    62:bb:8d:75:db:97:be:fa:3b:74:50:0f:5d:cd:c3:
                    57:96:29:e6:b2:82:53:b2:2c:32:c8:c1:92:dc:ac:
                    a1:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:B4:39:91:52:2D:25:75:08:83:42:8A:BA:66:89:EB:80:6A:1D:6C
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/128034ca-5d68-49f1-b4f0-00d97a94012b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:2d:d8:77:fa:b1:5d:ef:97:23:11:7f:7b:70:94:90:dd:7b:
         01:17:1b:e8:14:2e:cd:15:a7:16:63:6f:9c:ca:4a:77:08:2b:
         60:bc:bc:1d:43:9f:21:6e:0a:4d:22:81:1b:73:d1:a9:a5:b4:
         fe:ea:b1:d0:75:de:ec:90:ff:49:d1:09:74:86:c2:2d:ef:21:
         f8:ad:c9:fc:7a:a1:1e:7b:89:df:ea:f4:c6:e9:3d:7c:f6:09:
         c4:e7:76:56:da:98:bb:c8:f6:34:8a:d3:d7:6c:3d:a2:d4:c9:
         ba:6c:95:20:04:91:88:a2:cf:df:8a:71:17:eb:68:5c:d7:55:
         e8:b2:e8:cb:cd:08:65:6a:9a:c3:cb:bd:4c:d8:a4:aa:49:a0:
         be:ca:f1:4f:a9:5b:83:60:28:30:e7:e9:5d:36:d9:b5:93:ea:
         33:25:4f:68:ee:be:2e:89:d3:92:b4:51:bc:70:08:cd:4e:2e:
         00:aa:9a:59:fb:b4:45:b9:59:8c:35:3f:f3:05:71:0d:cc:fd:
         47:1f:14:1f:77:53:fe:4f:02:ec:43:b0:6c:f7:12:81:9b:e2:
         0d:4b:12:78:dd:fa:7e:cc:d6:14:a2:38:d6:72:63:e5:d1:e7:
         4d:61:97:5d:6a:5a:1a:28:d3:41:41:d4:04:83:f0:3b:ff:e3:
         b2:e5:03:3e
-----BEGIN CERTIFICATE-----
MIIGBTCCBO2gAwIBAgIUdtgf1qkoXpqgchydt9lS7ATkTLkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNjExMDAwMDAwWhcNMjMwNjE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BmNTBlZGRhODgyYTIxN2I4ZjIxYTMwODBjM2I0Y2YzZjU2
YThkNTcxZmVmZDNhMTQ3ZDFhNDM2YmI5ZTEyM2I2MS0wKwYDVQQDEyQ2YWU0ZTU2
Ny02MzQ4LTRjNGYtOThhOC0wNDIyYzRjNTJmZjMwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCu5TOOCViXZNDYaE20dooBIc+QqNE6DX3jytd9gYL+9qzJ
bCHHG16iQzJQRtaMUiEN+6lRhP6bS0a7knDr0PMn34nsZYcIkD2/+BojRp/qE7/X
xP20ERb6wDtMGjGJgnfNS6GVrH6rUxJdEbLXXddnWjO6+tpJY+cql1rIB6yArq1Z
q4RLe7Of1ISoCFN5/NKcqMbEKL7RH36eFvk6WUtiu6hYcLMCc/+1P0MvBS3UBA86
jV8ckneuoCqIPF+SVfsx2r+XSqjhG9c7jyiv/eHotb3XQjqZHKEbuDPLrAAkWWK7
jXXbl776O3RQD13Nw1eWKeayglOyLDLIwZLcrKFRAgMBAAGjggK+MIICujAdBgNV
HQ4EFgQUBbQ5kVItJXUIg0KKumaJ64BqHWwwHwYDVR0jBBgwFoAUkUTtx6QO6ZC3
+jZv9uF9ea3Eg5cwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy83M2YyMWMyYi04
ODIzLTRjMjQtYjI1Yi00M2M4MGNiNmQxYmIvMjc4YWFiODc4ZjI4MzFiYjE4MjNi
NTg3OTRiMDkyZDg2ZmIxZDdhMGY3NGUyODE2MTEuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjY4YTMyZWUtNDU1ZC00ODNhLTk0M2QtMWE1
YmU3NDhiZmVhLzEyODAzNGNhLTVkNjgtNDlmMS1iNGYwLTAwZDk3YTk0MDEyYi5y
b2EwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVz
LWVhc3QtMi5hbWF6b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2Et
OTQzZC0xYTViZTc0OGJmZWEvNGJiOGFlNWMtMTI0Yy00MmYzLTg3ZmItNGYzNGU3
NGUzZGEyLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAxyR4MA0GCSqGSIb3DQEBCwUAA4IBAQBCLdh3+rFd
75cjEX97cJSQ3XsBFxvoFC7NFacWY2+cykp3CCtgvLwdQ58hbgpNIoEbc9GppbT+
6rHQdd7skP9J0Ql0hsIt7yH4rcn8eqEee4nf6vTG6T189gnE53ZW2pi7yPY0itPX
bD2i1Mm6bJUgBJGIos/finEX62hc11XosujLzQhlaprDy71M2KSqSaC+yvFPqVuD
YCgw5+ldNtm1k+ozJU9o7r4uidOStFG8cAjNTi4AqppZ+7RFuVmMNT/zBXENzP1H
HxQfd1P+TwLsQ7Bs9xKBm+INSxJ43fp+zNYUojjWcmPl0edNYZddaloaKNNBQdQE
g/A7/+Oy5QM+
-----END CERTIFICATE-----