Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1c93b4d8-cda2-4adb-bf27-9b2424018814.roa
File:                     1c93b4d8-cda2-4adb-bf27-9b2424018814.roa (raw, json)
Hash identifier:          eAU1sYV0UmmnArVtObck+mbNfk8HvW+cFp5RWF2NhZg=
Subject key identifier:   8E:89:12:5F:76:96:F6:0B:09:1F:04:92:FA:37:00:C6:18:26:3B:7B
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       746467AB6DEC9539CD6F88701B58DA38E7132904
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1c93b4d8-cda2-4adb-bf27-9b2424018814.roa
Signing time:             Thu 08 Jun 2023 00:00:00 +0000
ROA not before:           Thu 08 Jun 2023 00:00:00 +0000
ROA not after:            Sun 11 Jun 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:64:67:ab:6d:ec:95:39:cd:6f:88:70:1b:58:da:38:e7:13:29:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jun  8 00:00:00 2023 GMT
            Not After : Jun 11 23:59:59 2023 GMT
        Subject: serialNumber=ae6526239acd3b3c43e902c219d5bbb87f32d6f35a484336f743a1d0e1e50a41, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:bf:f7:c9:85:ac:34:5b:93:3c:d7:bc:e6:13:
                    96:d0:83:38:8e:36:99:7a:f0:2b:ef:d5:20:50:ad:
                    71:09:da:01:59:3c:06:ea:f9:32:fe:39:1b:fd:d3:
                    82:81:42:67:e5:ff:39:e7:8c:4f:cb:d7:48:c6:cc:
                    8a:ca:54:b8:42:54:0e:34:87:c0:34:1c:e8:84:ed:
                    92:e0:c0:41:f3:6c:02:5a:e2:f2:d0:cc:08:3f:d8:
                    da:2b:ec:c3:3d:e7:cd:72:a3:d0:62:a1:d4:9d:7d:
                    a3:8d:e7:b8:37:2b:ea:81:61:77:8e:54:93:6b:be:
                    a0:5c:8c:a3:e1:6c:dc:46:9f:90:d3:a9:b1:db:7a:
                    f2:6a:84:67:3e:6c:d5:71:3b:22:21:fd:d8:0f:7a:
                    01:9a:86:1a:90:49:96:8f:80:02:fc:c8:4e:01:6e:
                    da:b5:89:62:e6:57:1a:a3:63:91:96:42:ef:a4:40:
                    17:d8:c7:7c:3b:4a:9c:f1:7a:62:c8:b6:5a:60:01:
                    fc:08:6d:79:d6:a4:cc:f3:cf:d1:a4:95:49:f5:ef:
                    44:3e:aa:eb:a3:38:e7:73:2a:68:c9:04:2b:93:88:
                    7f:c6:c5:f8:37:4a:72:9d:58:20:e7:62:ed:0a:e5:
                    62:f2:b6:00:f8:7e:2d:d0:62:6f:13:8c:91:cb:cb:
                    df:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:89:12:5F:76:96:F6:0B:09:1F:04:92:FA:37:00:C6:18:26:3B:7B
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1c93b4d8-cda2-4adb-bf27-9b2424018814.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:99:1a:af:9b:09:61:08:3c:30:2b:7f:11:b1:d5:ad:bb:43:
         c7:f0:c7:7e:b9:06:76:8a:7e:94:85:74:d2:43:7b:2f:6e:5f:
         30:a7:18:9c:9b:62:06:1d:47:7b:9a:3d:12:f0:98:b0:c4:7a:
         97:d9:a2:4c:4a:80:56:08:8c:df:f9:30:62:19:a0:51:69:a6:
         8a:6f:6e:0a:74:66:15:b5:c7:9e:80:db:7e:59:cf:ff:d6:03:
         e2:de:9e:53:0f:4a:44:3d:eb:9b:57:72:6a:3f:05:c4:a6:28:
         f5:38:f2:54:c7:9f:9d:04:d2:cd:34:1e:9c:df:80:e0:d5:1b:
         c9:bf:9e:66:a0:4d:77:ad:dd:ab:db:18:86:b3:d4:ad:fb:fc:
         09:75:46:8e:6b:27:d1:f0:62:77:13:52:48:94:b1:73:8d:b6:
         0c:d2:ca:a1:fc:79:19:b8:32:fd:67:1d:45:4d:51:d0:31:1d:
         91:7b:f9:f1:37:f2:1b:7e:f4:fb:4d:6c:8c:9a:38:db:78:01:
         cb:13:1e:88:87:4e:81:b1:7c:bc:76:e2:25:fe:a9:36:04:a8:
         00:9b:43:ad:5d:7f:b5:b1:89:0a:d0:18:3b:4c:a4:94:06:a8:
         53:14:63:b4:bc:a3:5c:17:87:f6:c8:ca:44:14:2c:75:7b:21:
         9d:ef:4a:79
-----BEGIN CERTIFICATE-----
MIIGBTCCBO2gAwIBAgIUdGRnq23slTnNb4hwG1jaOOcTKQQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNjA4MDAwMDAwWhcNMjMwNjExMjM1OTU5
WjB6MUkwRwYDVQQFE0BhZTY1MjYyMzlhY2QzYjNjNDNlOTAyYzIxOWQ1YmJiODdm
MzJkNmYzNWE0ODQzMzZmNzQzYTFkMGUxZTUwYTQxMS0wKwYDVQQDEyQ2YWU0ZTU2
Ny02MzQ4LTRjNGYtOThhOC0wNDIyYzRjNTJmZjMwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtv/fJhaw0W5M817zmE5bQgziONpl68Cvv1SBQrXEJ2gFZ
PAbq+TL+ORv904KBQmfl/znnjE/L10jGzIrKVLhCVA40h8A0HOiE7ZLgwEHzbAJa
4vLQzAg/2Nor7MM9581yo9BiodSdfaON57g3K+qBYXeOVJNrvqBcjKPhbNxGn5DT
qbHbevJqhGc+bNVxOyIh/dgPegGahhqQSZaPgAL8yE4Bbtq1iWLmVxqjY5GWQu+k
QBfYx3w7SpzxemLItlpgAfwIbXnWpMzzz9GklUn170Q+quujOOdzKmjJBCuTiH/G
xfg3SnKdWCDnYu0K5WLytgD4fi3QYm8TjJHLy9/JAgMBAAGjggK+MIICujAdBgNV
HQ4EFgQUjokSX3aW9gsJHwSS+jcAxhgmO3swHwYDVR0jBBgwFoAUkUTtx6QO6ZC3
+jZv9uF9ea3Eg5cwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy83M2YyMWMyYi04
ODIzLTRjMjQtYjI1Yi00M2M4MGNiNmQxYmIvMjc4YWFiODc4ZjI4MzFiYjE4MjNi
NTg3OTRiMDkyZDg2ZmIxZDdhMGY3NGUyODE2MTEuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjY4YTMyZWUtNDU1ZC00ODNhLTk0M2QtMWE1
YmU3NDhiZmVhLzFjOTNiNGQ4LWNkYTItNGFkYi1iZjI3LTliMjQyNDAxODgxNC5y
b2EwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVz
LWVhc3QtMi5hbWF6b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2Et
OTQzZC0xYTViZTc0OGJmZWEvNGJiOGFlNWMtMTI0Yy00MmYzLTg3ZmItNGYzNGU3
NGUzZGEyLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAxyR4MA0GCSqGSIb3DQEBCwUAA4IBAQA9mRqvmwlh
CDwwK38RsdWtu0PH8Md+uQZ2in6UhXTSQ3svbl8wpxicm2IGHUd7mj0S8JiwxHqX
2aJMSoBWCIzf+TBiGaBRaaaKb24KdGYVtceegNt+Wc//1gPi3p5TD0pEPeubV3Jq
PwXEpij1OPJUx5+dBNLNNB6c34Dg1RvJv55moE13rd2r2xiGs9St+/wJdUaOayfR
8GJ3E1JIlLFzjbYM0sqh/HkZuDL9Zx1FTVHQMR2Re/nxN/IbfvT7TWyMmjjbeAHL
Ex6Ih06BsXy8duIl/qk2BKgAm0OtXX+1sYkK0Bg7TKSUBqhTFGO0vKNcF4f2yMpE
FCx1eyGd70p5
-----END CERTIFICATE-----