Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/72902d2f-0948-4032-825a-1647d6c9eb8b.roa
File:                     72902d2f-0948-4032-825a-1647d6c9eb8b.roa (raw, json)
Hash identifier:          NqcK1bDTkjgPfX9ohUQDhqob2sMDUXA9eEd+bEGKm7k=
Subject key identifier:   72:16:D3:53:16:D8:72:35:D6:FC:F7:E5:5C:C4:E0:F1:DC:79:B3:93
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       36DA91C708D27186E6AE32F5DD8941D610CCFCF3
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/72902d2f-0948-4032-825a-1647d6c9eb8b.roa
Signing time:             Thu 08 Jun 2023 00:00:00 +0000
ROA not before:           Thu 08 Jun 2023 00:00:00 +0000
ROA not after:            Sun 11 Jun 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:da:91:c7:08:d2:71:86:e6:ae:32:f5:dd:89:41:d6:10:cc:fc:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jun  8 00:00:00 2023 GMT
            Not After : Jun 11 23:59:59 2023 GMT
        Subject: serialNumber=b33dec44dc2631cfcf21f9d42ccf68d0b1984815fa4b234270d647596fe021a9, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:b1:6d:27:16:be:1c:30:b4:51:0d:18:1f:95:
                    6d:0b:3d:e8:4c:f0:4d:38:18:0b:e8:a8:ac:f3:25:
                    97:5d:b4:c5:52:93:9e:16:19:a5:bf:b1:f0:7a:05:
                    04:4a:b5:2a:b8:a4:6b:3b:5a:d8:07:5c:5b:cd:fe:
                    bb:f3:90:5b:83:e8:37:7b:d0:28:95:e0:27:39:b3:
                    98:f1:04:38:23:e5:8a:33:ee:29:22:27:27:c7:d9:
                    e5:45:e3:27:29:7f:03:05:c6:c0:21:fe:67:5e:37:
                    a8:0c:7c:65:f4:c0:42:96:39:4f:62:17:1f:90:d3:
                    9a:38:92:57:7c:36:43:56:0b:b4:6f:26:92:37:a5:
                    a9:9e:f2:bc:d0:db:67:1d:27:60:9f:31:d3:97:8d:
                    95:73:37:22:60:c3:ad:c3:a3:29:69:fe:7f:8b:3c:
                    30:d8:49:0c:f9:1c:1a:62:66:ef:03:33:81:f0:01:
                    b8:4b:c0:a9:21:d1:f0:21:2a:91:2d:53:c7:8b:02:
                    e2:f8:73:3e:04:bf:52:9f:4a:0b:31:c4:ad:79:6d:
                    03:5f:6b:e2:ae:00:e1:4b:9a:9b:f8:a3:91:96:80:
                    e9:ff:f8:ff:9b:b8:51:cb:5e:4f:dd:a0:a8:20:75:
                    f8:dc:64:d0:58:45:6c:fd:e8:1d:70:e4:c0:76:45:
                    a7:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:16:D3:53:16:D8:72:35:D6:FC:F7:E5:5C:C4:E0:F1:DC:79:B3:93
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/72902d2f-0948-4032-825a-1647d6c9eb8b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:f6:43:b5:b4:94:99:3c:db:ec:c1:8e:77:f1:cb:ba:fb:4e:
         cf:ab:9b:8d:e7:be:3a:63:33:99:90:a0:e4:e2:ed:e6:90:a5:
         8a:2c:e6:68:01:de:a6:61:fa:cb:18:3c:ef:99:bc:9a:59:cc:
         b7:fe:77:92:52:92:66:bc:e1:50:e6:24:51:92:0a:3b:df:7f:
         cc:5a:2a:a5:d5:c8:1b:38:ed:95:2e:b0:1b:01:1a:20:6b:cb:
         a1:3d:ec:c4:1f:03:df:d5:38:fc:e5:95:53:bc:ce:e2:22:df:
         51:ec:a2:53:08:27:85:0a:c0:d1:14:23:d6:d7:2c:86:f4:ed:
         f6:48:46:7f:b2:bc:d7:8b:c8:31:9e:c6:74:f4:4b:65:c7:43:
         38:11:42:bc:f8:38:35:af:b2:9c:99:37:e3:6a:b3:f5:c8:a6:
         20:73:ff:d5:1f:2f:43:f4:84:67:b5:ca:1a:ea:fb:58:e8:cb:
         38:68:68:eb:cd:66:76:d7:cf:a7:47:bc:32:86:66:c2:a7:76:
         a8:ec:25:68:cc:52:83:a6:62:ff:f0:4a:01:86:a5:83:03:7d:
         f1:40:54:63:df:bb:8a:97:6c:19:61:de:47:0d:70:7a:7a:3b:
         dd:0d:d5:5a:a9:37:e6:6d:6f:a5:c6:1a:69:fe:af:86:96:9f:
         0c:c2:d1:ce
-----BEGIN CERTIFICATE-----
MIIGBTCCBO2gAwIBAgIUNtqRxwjScYbmrjL13YlB1hDM/PMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNjA4MDAwMDAwWhcNMjMwNjExMjM1OTU5
WjB6MUkwRwYDVQQFE0BiMzNkZWM0NGRjMjYzMWNmY2YyMWY5ZDQyY2NmNjhkMGIx
OTg0ODE1ZmE0YjIzNDI3MGQ2NDc1OTZmZTAyMWE5MS0wKwYDVQQDEyQ2YWU0ZTU2
Ny02MzQ4LTRjNGYtOThhOC0wNDIyYzRjNTJmZjMwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCwsW0nFr4cMLRRDRgflW0LPehM8E04GAvoqKzzJZddtMVS
k54WGaW/sfB6BQRKtSq4pGs7WtgHXFvN/rvzkFuD6Dd70CiV4Cc5s5jxBDgj5Yoz
7ikiJyfH2eVF4ycpfwMFxsAh/mdeN6gMfGX0wEKWOU9iFx+Q05o4kld8NkNWC7Rv
JpI3pame8rzQ22cdJ2CfMdOXjZVzNyJgw63Doylp/n+LPDDYSQz5HBpiZu8DM4Hw
AbhLwKkh0fAhKpEtU8eLAuL4cz4Ev1KfSgsxxK15bQNfa+KuAOFLmpv4o5GWgOn/
+P+buFHLXk/doKggdfjcZNBYRWz96B1w5MB2RafbAgMBAAGjggK+MIICujAdBgNV
HQ4EFgQUchbTUxbYcjXW/PflXMTg8dx5s5MwHwYDVR0jBBgwFoAUkUTtx6QO6ZC3
+jZv9uF9ea3Eg5cwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy83M2YyMWMyYi04
ODIzLTRjMjQtYjI1Yi00M2M4MGNiNmQxYmIvMjc4YWFiODc4ZjI4MzFiYjE4MjNi
NTg3OTRiMDkyZDg2ZmIxZDdhMGY3NGUyODE2MTEuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjY4YTMyZWUtNDU1ZC00ODNhLTk0M2QtMWE1
YmU3NDhiZmVhLzcyOTAyZDJmLTA5NDgtNDAzMi04MjVhLTE2NDdkNmM5ZWI4Yi5y
b2EwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVz
LWVhc3QtMi5hbWF6b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2Et
OTQzZC0xYTViZTc0OGJmZWEvNGJiOGFlNWMtMTI0Yy00MmYzLTg3ZmItNGYzNGU3
NGUzZGEyLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAxyR4MA0GCSqGSIb3DQEBCwUAA4IBAQDB9kO1tJSZ
PNvswY538cu6+07Pq5uN5746YzOZkKDk4u3mkKWKLOZoAd6mYfrLGDzvmbyaWcy3
/neSUpJmvOFQ5iRRkgo733/MWiql1cgbOO2VLrAbARoga8uhPezEHwPf1Tj85ZVT
vM7iIt9R7KJTCCeFCsDRFCPW1yyG9O32SEZ/srzXi8gxnsZ09Etlx0M4EUK8+Dg1
r7KcmTfjarP1yKYgc//VHy9D9IRntcoa6vtY6Ms4aGjrzWZ218+nR7wyhmbCp3ao
7CVozFKDpmL/8EoBhqWDA33xQFRj37uKl2wZYd5HDXB6ejvdDdVaqTfmbW+lxhpp
/q+Glp8MwtHO
-----END CERTIFICATE-----