Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/28296d42-6998-41e0-8c80-eb4a8c036d56.roa
File:                     28296d42-6998-41e0-8c80-eb4a8c036d56.roa (raw, json)
Hash identifier:          qpGWz5vXI8xvSbfyI2u4Jo7aCt/rmizLGGo67rjz1dY=
Subject key identifier:   A7:93:0C:E6:6C:9A:E2:AB:7E:BB:F1:48:DD:5D:B6:2E:11:93:4D:3C
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       5D44E1D8B44563078CC2CDF1EEAD21C7D500B09B
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/28296d42-6998-41e0-8c80-eb4a8c036d56.roa
Signing time:             Sat 10 Jun 2023 00:00:00 +0000
ROA not before:           Sat 10 Jun 2023 00:00:00 +0000
ROA not after:            Tue 13 Jun 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:44:e1:d8:b4:45:63:07:8c:c2:cd:f1:ee:ad:21:c7:d5:00:b0:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jun 10 00:00:00 2023 GMT
            Not After : Jun 13 23:59:59 2023 GMT
        Subject: serialNumber=b51386fb40a9a9efc1d640ac725ce38776c851f5f6761d44b72a0a784d9f0d59, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:77:c7:db:2c:e1:0d:a3:4a:de:1a:22:ed:5a:
                    90:c7:bb:0c:52:2e:ef:07:e9:92:be:a2:e1:78:d8:
                    5c:bf:61:26:8c:4f:08:6f:eb:a6:77:a7:5f:00:83:
                    37:ca:ff:6c:70:c5:e3:9a:b3:b8:d1:2f:3b:1b:2e:
                    a0:78:44:ea:67:86:b5:4d:5f:bb:04:95:9c:ab:f7:
                    ae:8c:c2:b3:73:16:67:cd:e0:7d:dc:3d:dd:11:00:
                    c9:8b:f0:36:6f:d5:5b:08:a8:98:e4:a3:6d:fe:29:
                    49:bb:ea:50:af:1a:56:e6:c5:7e:aa:cf:9d:b9:2f:
                    3f:99:b9:49:02:f6:e5:34:c4:85:95:73:c3:bc:71:
                    30:b0:3a:bc:9a:6f:41:27:62:cd:87:3a:99:14:2b:
                    1f:02:46:97:95:cd:af:69:0d:b5:b2:2c:f1:49:5d:
                    06:be:53:a1:41:f3:42:79:aa:67:db:f4:93:36:fb:
                    5f:48:6b:37:99:fc:74:7c:c8:51:c0:87:bd:6e:84:
                    63:3b:d9:20:e3:c5:b3:9e:4a:a9:fe:14:a7:a7:15:
                    ad:fe:3a:23:e6:3e:df:a0:5f:2c:dc:4e:f0:16:67:
                    5e:a3:2e:0b:7e:39:b3:81:cb:24:a5:59:02:74:07:
                    e1:22:18:5f:7b:1b:a8:a8:c0:6b:53:f9:4e:04:5d:
                    9c:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:93:0C:E6:6C:9A:E2:AB:7E:BB:F1:48:DD:5D:B6:2E:11:93:4D:3C
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/28296d42-6998-41e0-8c80-eb4a8c036d56.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:14:17:9c:5a:60:e0:b6:89:4d:3a:32:6b:0f:b0:83:8b:78:
         56:e3:36:48:c4:54:bd:ab:98:eb:14:75:9e:32:84:ce:85:6b:
         08:78:d5:fa:60:60:8f:0b:0f:19:74:b9:a7:14:e5:0a:61:81:
         03:90:66:31:84:4b:e7:f0:29:4c:13:39:08:a0:af:a1:77:18:
         e7:d2:1e:c6:c9:da:a2:7d:dc:7a:bc:83:b3:bb:db:32:35:d9:
         ee:b6:ba:4c:0e:d6:5e:5e:79:c4:e9:c6:37:17:6b:88:0d:c0:
         70:7a:a7:7c:e9:58:61:2c:94:b5:34:82:86:7b:a6:9e:ab:2b:
         d8:31:f8:76:95:ce:8b:55:c9:f1:e9:0e:23:67:e3:76:64:f1:
         6c:b7:3e:0e:f3:e3:ea:4f:41:98:04:f1:c5:71:98:dc:37:81:
         27:fe:46:d6:e6:1f:f7:d8:84:f0:1b:c0:f4:41:eb:8b:97:a8:
         af:5e:ec:ba:56:01:f2:41:19:ee:16:e8:de:eb:b3:cf:33:7b:
         da:3c:b4:34:34:a0:a4:56:cb:79:08:54:ab:6e:f1:7d:c3:f5:
         eb:f5:0c:ba:6d:e5:61:b0:0a:31:10:62:62:08:4f:d7:ad:2a:
         8f:d9:bb:63:1d:14:c8:9a:1c:8d:3a:26:d2:6e:c3:61:62:4f:
         a7:44:e5:d5
-----BEGIN CERTIFICATE-----
MIIGBTCCBO2gAwIBAgIUXUTh2LRFYweMws3x7q0hx9UAsJswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNjEwMDAwMDAwWhcNMjMwNjEzMjM1OTU5
WjB6MUkwRwYDVQQFE0BiNTEzODZmYjQwYTlhOWVmYzFkNjQwYWM3MjVjZTM4Nzc2
Yzg1MWY1ZjY3NjFkNDRiNzJhMGE3ODRkOWYwZDU5MS0wKwYDVQQDEyQ2YWU0ZTU2
Ny02MzQ4LTRjNGYtOThhOC0wNDIyYzRjNTJmZjMwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJd8fbLOENo0reGiLtWpDHuwxSLu8H6ZK+ouF42Fy/YSaM
Twhv66Z3p18AgzfK/2xwxeOas7jRLzsbLqB4ROpnhrVNX7sElZyr966MwrNzFmfN
4H3cPd0RAMmL8DZv1VsIqJjko23+KUm76lCvGlbmxX6qz525Lz+ZuUkC9uU0xIWV
c8O8cTCwOryab0EnYs2HOpkUKx8CRpeVza9pDbWyLPFJXQa+U6FB80J5qmfb9JM2
+19IazeZ/HR8yFHAh71uhGM72SDjxbOeSqn+FKenFa3+OiPmPt+gXyzcTvAWZ16j
Lgt+ObOByySlWQJ0B+EiGF97G6iowGtT+U4EXZzBAgMBAAGjggK+MIICujAdBgNV
HQ4EFgQUp5MM5mya4qt+u/FI3V22LhGTTTwwHwYDVR0jBBgwFoAUkUTtx6QO6ZC3
+jZv9uF9ea3Eg5cwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy83M2YyMWMyYi04
ODIzLTRjMjQtYjI1Yi00M2M4MGNiNmQxYmIvMjc4YWFiODc4ZjI4MzFiYjE4MjNi
NTg3OTRiMDkyZDg2ZmIxZDdhMGY3NGUyODE2MTEuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjY4YTMyZWUtNDU1ZC00ODNhLTk0M2QtMWE1
YmU3NDhiZmVhLzI4Mjk2ZDQyLTY5OTgtNDFlMC04YzgwLWViNGE4YzAzNmQ1Ni5y
b2EwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVz
LWVhc3QtMi5hbWF6b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2Et
OTQzZC0xYTViZTc0OGJmZWEvNGJiOGFlNWMtMTI0Yy00MmYzLTg3ZmItNGYzNGU3
NGUzZGEyLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAxyR4MA0GCSqGSIb3DQEBCwUAA4IBAQCOFBecWmDg
tolNOjJrD7CDi3hW4zZIxFS9q5jrFHWeMoTOhWsIeNX6YGCPCw8ZdLmnFOUKYYED
kGYxhEvn8ClMEzkIoK+hdxjn0h7Gydqifdx6vIOzu9syNdnutrpMDtZeXnnE6cY3
F2uIDcBweqd86VhhLJS1NIKGe6aeqyvYMfh2lc6LVcnx6Q4jZ+N2ZPFstz4O8+Pq
T0GYBPHFcZjcN4En/kbW5h/32ITwG8D0QeuLl6ivXuy6VgHyQRnuFuje67PPM3va
PLQ0NKCkVst5CFSrbvF9w/Xr9Qy6beVhsAoxEGJiCE/XrSqP2btjHRTImhyNOibS
bsNhYk+nROXV
-----END CERTIFICATE-----