Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/423c8bf7-609d-4d00-8499-c72fd7b216b7.roa
File:                     423c8bf7-609d-4d00-8499-c72fd7b216b7.roa (raw, json)
Hash identifier:          dqEsze3JmmD6M1K3Dp15NsKyTqAzDzigTgXa3xPjnZw=
Subject key identifier:   C8:0C:49:72:F5:BB:EE:9F:AD:68:3B:46:F7:08:40:6B:4E:33:21:2B
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       58E216AF3EB23C9D2277606B20FEAB59465C4993
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/423c8bf7-609d-4d00-8499-c72fd7b216b7.roa
Signing time:             Mon 12 Jun 2023 00:00:00 +0000
ROA not before:           Mon 12 Jun 2023 00:00:00 +0000
ROA not after:            Thu 15 Jun 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:e2:16:af:3e:b2:3c:9d:22:77:60:6b:20:fe:ab:59:46:5c:49:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jun 12 00:00:00 2023 GMT
            Not After : Jun 15 23:59:59 2023 GMT
        Subject: serialNumber=2d692770b36b698a1c6ac69ccd10e84983e1553cf26cf13725877bbe03da7b32, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:53:50:e4:68:bf:90:b5:6e:59:b0:4f:ee:ef:
                    f1:09:d2:a2:0b:b8:f2:08:37:b3:93:dd:2d:f3:be:
                    5d:39:cf:ae:3a:76:8d:34:84:0a:6c:27:58:17:3e:
                    f6:23:24:01:f1:57:2e:55:3d:83:7a:a5:ff:ea:ac:
                    4a:91:45:53:7e:c4:48:ee:e4:ae:2a:ca:6e:45:5c:
                    ee:2d:82:bb:bd:56:76:bf:f4:7b:ef:e9:71:23:3f:
                    21:23:b0:9a:a5:21:16:8c:c9:bc:02:3b:ce:74:29:
                    3a:8c:f9:96:d7:f3:2f:ae:dc:c3:76:d1:04:68:ff:
                    f0:f1:c0:fe:17:13:ad:42:a9:9a:8f:ae:4c:ff:35:
                    18:1d:28:4f:8f:b0:5b:58:a3:cd:6a:14:58:27:ab:
                    09:63:12:71:a1:4c:2b:72:47:ff:ac:be:19:00:73:
                    86:4a:ad:5c:83:64:63:d3:1e:a8:80:1b:3c:c4:e6:
                    17:13:f7:e2:85:b1:58:f3:50:37:90:cf:a3:45:da:
                    91:37:62:57:12:a2:09:21:fa:16:48:2b:b4:d7:d4:
                    27:a7:38:ee:7b:74:de:00:1b:9f:e4:fa:15:08:e0:
                    fa:f5:9d:88:a9:d3:5e:45:7a:00:70:94:0c:fc:bf:
                    72:fb:42:2e:92:26:01:26:77:e2:7e:49:ab:f6:07:
                    91:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:0C:49:72:F5:BB:EE:9F:AD:68:3B:46:F7:08:40:6B:4E:33:21:2B
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/423c8bf7-609d-4d00-8499-c72fd7b216b7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:6a:22:6d:e8:fc:6d:6e:a8:76:da:d1:de:ee:30:08:89:4b:
         8a:9a:26:d1:9f:a5:48:70:e2:c2:ff:e1:f9:c2:ea:e5:0d:c4:
         7a:af:dc:f4:8d:92:7d:04:d6:ba:20:75:c1:e3:65:17:f5:0c:
         9c:7a:9c:c7:53:e6:2e:59:6c:82:09:62:64:b4:48:eb:43:ba:
         5b:9c:04:3a:f5:9e:16:5c:a3:e2:19:54:b4:46:0b:d1:a4:94:
         eb:b9:55:6e:cd:b0:33:82:c1:2d:44:12:e3:31:2d:65:00:29:
         3f:4c:d0:42:33:68:42:ba:28:c5:c7:8d:42:f0:39:31:e9:fb:
         58:2e:88:de:6b:a6:7b:f5:18:8d:ec:1b:25:21:5c:dd:17:69:
         eb:3c:ee:34:d7:9a:1f:79:5f:72:73:cb:91:ec:f6:2e:f4:73:
         94:93:5c:4c:88:a1:ea:56:d5:df:65:21:fc:80:a5:ed:2c:a2:
         37:5f:4c:5b:a8:ea:f6:a0:b0:2d:b2:d1:cd:43:8e:c6:12:72:
         0b:63:07:02:4e:54:45:da:a4:28:a9:e3:63:ae:1b:b0:dc:69:
         03:a7:f8:df:77:83:68:14:11:53:5f:fc:c5:e1:a0:35:13:a9:
         bf:0b:13:90:71:33:0a:b1:f2:d6:b6:e1:fc:04:ad:e1:35:85:
         3f:23:45:26
-----BEGIN CERTIFICATE-----
MIIGBTCCBO2gAwIBAgIUWOIWrz6yPJ0id2BrIP6rWUZcSZMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNjEyMDAwMDAwWhcNMjMwNjE1MjM1OTU5
WjB6MUkwRwYDVQQFE0AyZDY5Mjc3MGIzNmI2OThhMWM2YWM2OWNjZDEwZTg0OTgz
ZTE1NTNjZjI2Y2YxMzcyNTg3N2JiZTAzZGE3YjMyMS0wKwYDVQQDEyQ2YWU0ZTU2
Ny02MzQ4LTRjNGYtOThhOC0wNDIyYzRjNTJmZjMwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+U1DkaL+QtW5ZsE/u7/EJ0qILuPIIN7OT3S3zvl05z646
do00hApsJ1gXPvYjJAHxVy5VPYN6pf/qrEqRRVN+xEju5K4qym5FXO4tgru9Vna/
9Hvv6XEjPyEjsJqlIRaMybwCO850KTqM+ZbX8y+u3MN20QRo//DxwP4XE61CqZqP
rkz/NRgdKE+PsFtYo81qFFgnqwljEnGhTCtyR/+svhkAc4ZKrVyDZGPTHqiAGzzE
5hcT9+KFsVjzUDeQz6NF2pE3YlcSogkh+hZIK7TX1CenOO57dN4AG5/k+hUI4Pr1
nYip015FegBwlAz8v3L7Qi6SJgEmd+J+Sav2B5GFAgMBAAGjggK+MIICujAdBgNV
HQ4EFgQUyAxJcvW77p+taDtG9whAa04zISswHwYDVR0jBBgwFoAUkUTtx6QO6ZC3
+jZv9uF9ea3Eg5cwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy83M2YyMWMyYi04
ODIzLTRjMjQtYjI1Yi00M2M4MGNiNmQxYmIvMjc4YWFiODc4ZjI4MzFiYjE4MjNi
NTg3OTRiMDkyZDg2ZmIxZDdhMGY3NGUyODE2MTEuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjY4YTMyZWUtNDU1ZC00ODNhLTk0M2QtMWE1
YmU3NDhiZmVhLzQyM2M4YmY3LTYwOWQtNGQwMC04NDk5LWM3MmZkN2IyMTZiNy5y
b2EwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVz
LWVhc3QtMi5hbWF6b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2Et
OTQzZC0xYTViZTc0OGJmZWEvNGJiOGFlNWMtMTI0Yy00MmYzLTg3ZmItNGYzNGU3
NGUzZGEyLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAxyR4MA0GCSqGSIb3DQEBCwUAA4IBAQAlaiJt6Pxt
bqh22tHe7jAIiUuKmibRn6VIcOLC/+H5wurlDcR6r9z0jZJ9BNa6IHXB42UX9Qyc
epzHU+YuWWyCCWJktEjrQ7pbnAQ69Z4WXKPiGVS0RgvRpJTruVVuzbAzgsEtRBLj
MS1lACk/TNBCM2hCuijFx41C8Dkx6ftYLojea6Z79RiN7BslIVzdF2nrPO4015of
eV9yc8uR7PYu9HOUk1xMiKHqVtXfZSH8gKXtLKI3X0xbqOr2oLAtstHNQ47GEnIL
YwcCTlRF2qQoqeNjrhuw3GkDp/jfd4NoFBFTX/zF4aA1E6m/CxOQcTMKsfLWtuH8
BK3hNYU/I0Um
-----END CERTIFICATE-----