Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3c6307eb-4030-4a71-8e0b-2a40a594b01e.roa
File:                     3c6307eb-4030-4a71-8e0b-2a40a594b01e.roa (raw, json)
Hash identifier:          IGbbT7kvlnnuLFLwiro06qNDTn1veOsSnc8hEPryR8c=
Subject key identifier:   F9:A2:AD:5E:54:B2:6B:76:93:AA:31:7F:93:D4:81:CD:19:42:C9:9B
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       753D85C62DA438076A2EEA39281B2932AB61D205
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3c6307eb-4030-4a71-8e0b-2a40a594b01e.roa
Signing time:             Mon 12 Jun 2023 00:00:00 +0000
ROA not before:           Mon 12 Jun 2023 00:00:00 +0000
ROA not after:            Thu 15 Jun 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:3d:85:c6:2d:a4:38:07:6a:2e:ea:39:28:1b:29:32:ab:61:d2:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jun 12 00:00:00 2023 GMT
            Not After : Jun 15 23:59:59 2023 GMT
        Subject: serialNumber=99bb50758af142861d56e26f296d17d7654be5a0fad209b4425da90d9b00d3e1, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:c1:96:ce:b2:be:55:ff:db:74:5c:4e:54:da:
                    31:3e:6b:61:ba:26:46:38:20:c0:0a:0d:ff:9a:e0:
                    f4:36:e6:54:49:b4:9c:24:db:68:ac:a4:50:d3:d1:
                    02:df:5a:ad:c2:02:03:ce:c6:91:61:40:a3:32:f0:
                    a2:d5:cb:24:d4:f0:f5:3b:a8:84:64:ac:72:51:27:
                    96:f2:29:56:19:32:56:b5:95:df:6f:fd:c2:d1:a5:
                    20:b3:cc:29:d0:c8:a9:64:b1:88:aa:7b:ae:28:ac:
                    ee:c9:d1:e1:c0:bd:27:84:12:a5:d9:50:56:83:a5:
                    40:4f:2c:f6:f9:9a:2f:68:88:42:94:d5:ec:21:c0:
                    8d:32:9d:b2:26:e1:4a:2c:fd:a8:7b:f1:42:ba:26:
                    5c:29:1d:65:83:40:a8:cf:4b:47:56:e1:a5:01:10:
                    2f:da:aa:3b:ff:90:0d:6a:a6:58:5d:8c:9d:bb:ec:
                    fe:3b:3f:43:cf:29:f2:e1:4e:bf:5d:02:14:54:e5:
                    f6:8f:2c:73:60:9b:ac:b6:1e:f4:8a:58:d1:f1:5e:
                    ce:38:c6:12:5e:77:f8:9e:05:25:93:49:39:c2:1a:
                    2f:9a:5e:72:53:59:77:07:fb:28:cd:6f:6c:9a:81:
                    9b:09:d9:ca:e8:3c:3f:be:a6:06:66:c2:90:2d:6a:
                    30:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:A2:AD:5E:54:B2:6B:76:93:AA:31:7F:93:D4:81:CD:19:42:C9:9B
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3c6307eb-4030-4a71-8e0b-2a40a594b01e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:90:7b:6a:85:15:d7:a6:cb:04:6b:6c:35:75:5d:8f:25:c2:
         03:62:c5:4a:e3:ce:ab:4e:87:51:13:e5:14:81:09:37:a0:55:
         ca:c3:57:50:64:19:15:37:a8:f2:0a:2d:29:11:43:ca:7e:0f:
         81:9f:f3:cd:0e:e8:27:5d:e6:7a:e3:f6:4d:3e:84:49:63:c4:
         55:f8:c9:33:09:b0:e2:9e:f4:ec:18:3a:ce:e4:e2:ca:cc:b4:
         bc:4f:d5:47:36:90:49:26:e9:fb:9f:a3:52:85:7c:79:8d:fb:
         eb:98:1d:c1:4d:f3:f2:9d:06:a4:7a:79:2e:57:52:b4:86:fc:
         f9:25:ba:36:42:f5:c0:ae:58:08:97:8e:9f:1f:6a:b3:ba:53:
         fc:1e:a4:72:f7:24:43:24:ca:06:1f:45:50:13:9f:9b:3f:f3:
         9f:d7:6a:c4:b4:d0:0f:2f:ce:1e:2f:72:9f:0f:fe:09:00:a9:
         78:aa:ab:a8:82:dd:d7:8a:31:15:9c:9a:8b:a5:b3:1c:db:0b:
         ea:7b:ba:5a:10:29:c4:f0:10:62:73:85:64:02:af:3a:e9:1b:
         3a:db:64:20:79:99:2a:21:e7:94:0e:56:9c:42:fe:b7:57:fd:
         16:60:f4:bb:c1:de:c8:94:e0:2c:61:8d:dd:dc:3e:f8:a0:54:
         1c:79:c3:9c
-----BEGIN CERTIFICATE-----
MIIGBTCCBO2gAwIBAgIUdT2Fxi2kOAdqLuo5KBspMqth0gUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNjEyMDAwMDAwWhcNMjMwNjE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A5OWJiNTA3NThhZjE0Mjg2MWQ1NmUyNmYyOTZkMTdkNzY1
NGJlNWEwZmFkMjA5YjQ0MjVkYTkwZDliMDBkM2UxMS0wKwYDVQQDEyQ2YWU0ZTU2
Ny02MzQ4LTRjNGYtOThhOC0wNDIyYzRjNTJmZjMwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDjwZbOsr5V/9t0XE5U2jE+a2G6JkY4IMAKDf+a4PQ25lRJ
tJwk22ispFDT0QLfWq3CAgPOxpFhQKMy8KLVyyTU8PU7qIRkrHJRJ5byKVYZMla1
ld9v/cLRpSCzzCnQyKlksYiqe64orO7J0eHAvSeEEqXZUFaDpUBPLPb5mi9oiEKU
1ewhwI0ynbIm4Uos/ah78UK6JlwpHWWDQKjPS0dW4aUBEC/aqjv/kA1qplhdjJ27
7P47P0PPKfLhTr9dAhRU5faPLHNgm6y2HvSKWNHxXs44xhJed/ieBSWTSTnCGi+a
XnJTWXcH+yjNb2yagZsJ2croPD++pgZmwpAtajDBAgMBAAGjggK+MIICujAdBgNV
HQ4EFgQU+aKtXlSya3aTqjF/k9SBzRlCyZswHwYDVR0jBBgwFoAUkUTtx6QO6ZC3
+jZv9uF9ea3Eg5cwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy83M2YyMWMyYi04
ODIzLTRjMjQtYjI1Yi00M2M4MGNiNmQxYmIvMjc4YWFiODc4ZjI4MzFiYjE4MjNi
NTg3OTRiMDkyZDg2ZmIxZDdhMGY3NGUyODE2MTEuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjY4YTMyZWUtNDU1ZC00ODNhLTk0M2QtMWE1
YmU3NDhiZmVhLzNjNjMwN2ViLTQwMzAtNGE3MS04ZTBiLTJhNDBhNTk0YjAxZS5y
b2EwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVz
LWVhc3QtMi5hbWF6b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2Et
OTQzZC0xYTViZTc0OGJmZWEvNGJiOGFlNWMtMTI0Yy00MmYzLTg3ZmItNGYzNGU3
NGUzZGEyLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAxyR4MA0GCSqGSIb3DQEBCwUAA4IBAQAakHtqhRXX
pssEa2w1dV2PJcIDYsVK486rTodRE+UUgQk3oFXKw1dQZBkVN6jyCi0pEUPKfg+B
n/PNDugnXeZ64/ZNPoRJY8RV+MkzCbDinvTsGDrO5OLKzLS8T9VHNpBJJun7n6NS
hXx5jfvrmB3BTfPynQakenkuV1K0hvz5Jbo2QvXArlgIl46fH2qzulP8HqRy9yRD
JMoGH0VQE5+bP/Of12rEtNAPL84eL3KfD/4JAKl4qquogt3XijEVnJqLpbMc2wvq
e7paECnE8BBic4VkAq866Rs622QgeZkqIeeUDlacQv63V/0WYPS7wd7IlOAsYY3d
3D74oFQcecOc
-----END CERTIFICATE-----