Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3c6307eb-4030-4a71-8e0b-2a40a594b01e.roa
File:                     3c6307eb-4030-4a71-8e0b-2a40a594b01e.roa (raw, json)
Hash identifier:          UFvhJRytcFdBGYLVObouJl6dA5UjnA4fkLuG2iKBMyM=
Subject key identifier:   2A:3F:5E:A1:67:E2:2A:1B:3D:7F:F0:E4:5F:6F:8F:43:04:B0:15:FF
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       438A1A6A8FB1EF91C8601C9618D60460BE231A52
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3c6307eb-4030-4a71-8e0b-2a40a594b01e.roa
Signing time:             Mon 12 Jun 2023 00:00:00 +0000
ROA not before:           Mon 12 Jun 2023 00:00:00 +0000
ROA not after:            Thu 15 Jun 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:8a:1a:6a:8f:b1:ef:91:c8:60:1c:96:18:d6:04:60:be:23:1a:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jun 12 00:00:00 2023 GMT
            Not After : Jun 15 23:59:59 2023 GMT
        Subject: serialNumber=d99687b62e1674cf825b6c8dd275fbe4a5b3625f5634942dead442d13101e895, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:f8:c4:ff:84:6e:e9:c5:ca:93:0c:09:d7:81:
                    16:82:84:85:18:61:46:2a:ea:78:fe:4e:72:98:17:
                    b8:99:07:f2:1e:64:e0:9e:a3:8c:e3:72:ea:3b:42:
                    57:51:c0:c4:29:5b:42:08:38:e2:ce:ce:3f:33:22:
                    68:a4:43:32:be:43:f2:e3:44:d1:09:ab:bb:9f:b0:
                    09:34:0e:af:64:c4:7e:cd:4b:f9:dc:7c:83:d8:65:
                    62:58:67:25:0f:7a:54:97:05:a1:56:ff:cb:26:f4:
                    0d:35:fe:99:4f:5d:77:12:ed:3d:06:79:3c:c1:8c:
                    03:3a:0f:81:66:d0:ae:c8:76:a5:6b:d7:05:05:66:
                    71:23:15:21:13:05:6b:71:06:9f:b9:51:75:ac:1b:
                    f4:92:b2:cc:a0:26:70:55:a6:df:b1:85:f1:23:b3:
                    36:0f:7a:3b:92:a7:bc:0e:38:e4:b5:05:c0:96:d6:
                    3a:41:16:1b:5b:72:66:40:d3:eb:c5:8a:8c:27:d2:
                    61:7c:39:81:22:57:1c:fd:cb:55:08:8b:30:f4:04:
                    89:d6:20:c0:0d:ac:bf:56:89:ab:8b:67:79:ce:89:
                    22:5e:9e:01:1e:f6:9c:f0:fa:d7:7d:5f:7f:f1:0c:
                    b8:03:6b:f2:15:5e:8c:04:87:74:81:93:e2:02:f5:
                    8c:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:3F:5E:A1:67:E2:2A:1B:3D:7F:F0:E4:5F:6F:8F:43:04:B0:15:FF
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3c6307eb-4030-4a71-8e0b-2a40a594b01e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:a0:1b:ea:72:07:83:ef:f6:68:a2:fb:6c:14:a6:5e:fc:38:
         4a:6a:bc:62:b7:42:e7:b6:9e:7f:8a:f5:96:2a:e6:8e:52:5c:
         c8:f4:60:cc:f8:f7:52:2f:9b:a4:e7:2e:91:c7:6a:7c:f7:92:
         05:9d:61:94:ed:80:58:96:ba:21:85:7e:80:1a:fe:27:4a:e7:
         4a:9e:0a:ff:35:57:6b:d5:f0:02:cd:d9:31:ec:86:fb:90:55:
         cc:fc:81:56:82:c1:34:3e:34:55:df:62:ed:0f:57:6a:8c:e1:
         c3:f9:6a:56:fb:e4:28:4e:92:a3:93:aa:21:fe:a6:03:7c:c4:
         6f:71:a0:66:e3:f1:5f:ab:60:16:35:25:c9:8e:45:00:7f:e3:
         6d:c4:67:4d:a8:fa:96:a8:22:d9:02:79:c4:c7:0a:3b:52:34:
         01:22:52:0a:f8:fe:19:6e:7b:cb:40:dd:78:9d:ec:4f:02:cf:
         53:3f:77:f4:cc:bc:84:3e:03:8c:53:4d:e2:91:ad:13:e7:90:
         06:21:e5:35:e5:4b:79:8f:48:8b:b1:dc:b0:08:b4:e3:fc:53:
         9a:94:68:d1:97:22:c6:e9:58:59:3d:f5:be:61:42:1d:44:5f:
         91:65:5c:f3:17:50:9c:5d:82:c2:17:2e:b7:8c:fd:e4:b1:23:
         84:26:c0:9e
-----BEGIN CERTIFICATE-----
MIIGBTCCBO2gAwIBAgIUQ4oaao+x75HIYByWGNYEYL4jGlIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNjEyMDAwMDAwWhcNMjMwNjE1MjM1OTU5
WjB6MUkwRwYDVQQFE0BkOTk2ODdiNjJlMTY3NGNmODI1YjZjOGRkMjc1ZmJlNGE1
YjM2MjVmNTYzNDk0MmRlYWQ0NDJkMTMxMDFlODk1MS0wKwYDVQQDEyQ2YWU0ZTU2
Ny02MzQ4LTRjNGYtOThhOC0wNDIyYzRjNTJmZjMwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0+MT/hG7pxcqTDAnXgRaChIUYYUYq6nj+TnKYF7iZB/Ie
ZOCeo4zjcuo7QldRwMQpW0IIOOLOzj8zImikQzK+Q/LjRNEJq7ufsAk0Dq9kxH7N
S/ncfIPYZWJYZyUPelSXBaFW/8sm9A01/plPXXcS7T0GeTzBjAM6D4Fm0K7IdqVr
1wUFZnEjFSETBWtxBp+5UXWsG/SSssygJnBVpt+xhfEjszYPejuSp7wOOOS1BcCW
1jpBFhtbcmZA0+vFiown0mF8OYEiVxz9y1UIizD0BInWIMANrL9WiauLZ3nOiSJe
ngEe9pzw+td9X3/xDLgDa/IVXowEh3SBk+IC9YyTAgMBAAGjggK+MIICujAdBgNV
HQ4EFgQUKj9eoWfiKhs9f/DkX2+PQwSwFf8wHwYDVR0jBBgwFoAUkUTtx6QO6ZC3
+jZv9uF9ea3Eg5cwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy83M2YyMWMyYi04
ODIzLTRjMjQtYjI1Yi00M2M4MGNiNmQxYmIvMjc4YWFiODc4ZjI4MzFiYjE4MjNi
NTg3OTRiMDkyZDg2ZmIxZDdhMGY3NGUyODE2MTEuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjY4YTMyZWUtNDU1ZC00ODNhLTk0M2QtMWE1
YmU3NDhiZmVhLzNjNjMwN2ViLTQwMzAtNGE3MS04ZTBiLTJhNDBhNTk0YjAxZS5y
b2EwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVz
LWVhc3QtMi5hbWF6b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2Et
OTQzZC0xYTViZTc0OGJmZWEvNGJiOGFlNWMtMTI0Yy00MmYzLTg3ZmItNGYzNGU3
NGUzZGEyLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAxyR4MA0GCSqGSIb3DQEBCwUAA4IBAQCioBvqcgeD
7/ZoovtsFKZe/DhKarxit0Lntp5/ivWWKuaOUlzI9GDM+PdSL5uk5y6Rx2p895IF
nWGU7YBYlrohhX6AGv4nSudKngr/NVdr1fACzdkx7Ib7kFXM/IFWgsE0PjRV32Lt
D1dqjOHD+WpW++QoTpKjk6oh/qYDfMRvcaBm4/Ffq2AWNSXJjkUAf+NtxGdNqPqW
qCLZAnnExwo7UjQBIlIK+P4ZbnvLQN14nexPAs9TP3f0zLyEPgOMU03ika0T55AG
IeU15Ut5j0iLsdywCLTj/FOalGjRlyLG6VhZPfW+YUIdRF+RZVzzF1CcXYLCFy63
jP3ksSOEJsCe
-----END CERTIFICATE-----