Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c4552e9f-dea5-45fd-8600-27609eaf400f.roa
File:                     c4552e9f-dea5-45fd-8600-27609eaf400f.roa (raw, json)
Hash identifier:          3dBosBOlZisp1FmJPQBckyFROxVz2o4QtFXJeXm4e3g=
Subject key identifier:   22:B6:3B:4D:62:2E:E8:B9:8E:9F:E6:FE:9A:34:D7:CC:B4:8F:7C:1D
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       469C914ACE7E84C3C4ABB658E4098495E3FD57C3
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c4552e9f-dea5-45fd-8600-27609eaf400f.roa
Signing time:             Sun 11 Jun 2023 00:00:00 +0000
ROA not before:           Sun 11 Jun 2023 00:00:00 +0000
ROA not after:            Wed 14 Jun 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:9c:91:4a:ce:7e:84:c3:c4:ab:b6:58:e4:09:84:95:e3:fd:57:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jun 11 00:00:00 2023 GMT
            Not After : Jun 14 23:59:59 2023 GMT
        Subject: serialNumber=d349d3404bb2165f63ce80cc186e8b944ede34b6b124a61c6e8849386848c0da, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:cf:98:40:94:8d:8a:28:63:2e:c3:aa:7a:c5:
                    b2:c4:7c:5a:57:cd:30:67:6a:9f:c9:01:9a:50:cb:
                    fa:c4:f4:d1:de:f5:f0:14:7e:c3:e9:dc:5c:3c:55:
                    86:4c:02:db:51:60:f8:5c:76:84:45:5a:45:27:9f:
                    f7:d4:c4:db:e4:a8:8d:5c:27:9a:e3:58:2d:fc:6b:
                    b6:20:0a:2c:3b:e1:46:22:b7:a7:87:5c:ef:ae:ca:
                    11:0e:66:3f:4d:ab:bc:90:9f:a8:cd:d5:8b:a5:7a:
                    ea:83:a5:53:76:d3:7e:7c:1d:6f:20:49:5f:9e:40:
                    da:34:95:8a:d1:24:7f:da:ff:8a:0e:a5:27:b1:e0:
                    08:c8:69:74:6e:c5:a6:81:dc:37:c8:d9:27:26:72:
                    00:f3:6d:c1:42:b4:90:55:a7:92:e1:7d:cc:d2:d2:
                    91:fe:d0:f4:79:ad:71:ef:5c:ba:26:9b:ec:3e:80:
                    2d:ad:11:e2:2d:3b:82:b3:1d:90:a6:a9:75:63:5a:
                    fb:bf:01:09:7f:eb:3e:dd:d7:3c:28:db:e4:5f:eb:
                    14:ef:7c:70:0f:fe:a4:6c:0c:5d:79:aa:31:f6:98:
                    d3:92:06:e5:39:d1:91:49:42:00:18:23:37:cd:ee:
                    00:91:22:82:54:5f:19:2a:3e:9a:21:e9:4b:00:ab:
                    2f:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:B6:3B:4D:62:2E:E8:B9:8E:9F:E6:FE:9A:34:D7:CC:B4:8F:7C:1D
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c4552e9f-dea5-45fd-8600-27609eaf400f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:a0:f5:72:b7:c6:fe:ad:9b:07:66:54:89:27:db:79:54:76:
         a3:30:ca:64:1e:e3:a8:82:ce:86:c4:fc:c4:1c:89:d8:f4:5c:
         5e:d9:86:bc:a5:78:3e:5c:95:e6:16:4f:27:18:85:99:fd:a5:
         89:98:cb:d2:4a:5e:c8:86:87:19:cf:ad:f3:30:af:fc:37:3c:
         c5:b0:19:f6:c2:8a:20:82:78:44:8a:1a:b9:79:1f:bf:24:51:
         51:43:96:d8:3e:ce:60:c3:72:fc:f4:94:48:50:c5:5c:9d:ff:
         35:7d:bc:50:65:98:eb:5d:4c:f3:79:11:c1:50:15:0a:c2:bf:
         b4:c0:17:ef:51:a1:cb:53:a8:12:ee:4e:c9:9c:a1:92:e4:71:
         22:32:bb:15:0b:76:87:65:ec:c4:84:bf:1f:79:c2:08:ef:63:
         7d:d5:e2:51:8e:5b:f2:f8:41:e4:b3:73:86:80:14:aa:0a:bd:
         53:e2:fd:5f:d7:0d:3b:ef:e7:9c:d7:2a:0a:b4:bf:e5:d8:97:
         f2:f8:aa:02:5f:33:56:d3:3c:5b:37:b9:ae:46:2c:a1:f7:ca:
         c1:56:1a:c1:bd:6d:e7:da:4a:29:16:22:60:9b:2d:ee:86:1b:
         75:7d:7b:37:ca:a7:72:ec:8a:b7:04:b6:66:7b:d6:5f:88:ea:
         80:8b:7f:47
-----BEGIN CERTIFICATE-----
MIIGBTCCBO2gAwIBAgIURpyRSs5+hMPEq7ZY5AmEleP9V8MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNjExMDAwMDAwWhcNMjMwNjE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BkMzQ5ZDM0MDRiYjIxNjVmNjNjZTgwY2MxODZlOGI5NDRl
ZGUzNGI2YjEyNGE2MWM2ZTg4NDkzODY4NDhjMGRhMS0wKwYDVQQDEyQ2YWU0ZTU2
Ny02MzQ4LTRjNGYtOThhOC0wNDIyYzRjNTJmZjMwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9z5hAlI2KKGMuw6p6xbLEfFpXzTBnap/JAZpQy/rE9NHe
9fAUfsPp3Fw8VYZMAttRYPhcdoRFWkUnn/fUxNvkqI1cJ5rjWC38a7YgCiw74UYi
t6eHXO+uyhEOZj9Nq7yQn6jN1YuleuqDpVN20358HW8gSV+eQNo0lYrRJH/a/4oO
pSex4AjIaXRuxaaB3DfI2ScmcgDzbcFCtJBVp5LhfczS0pH+0PR5rXHvXLomm+w+
gC2tEeItO4KzHZCmqXVjWvu/AQl/6z7d1zwo2+Rf6xTvfHAP/qRsDF15qjH2mNOS
BuU50ZFJQgAYIzfN7gCRIoJUXxkqPpoh6UsAqy+hAgMBAAGjggK+MIICujAdBgNV
HQ4EFgQUIrY7TWIu6LmOn+b+mjTXzLSPfB0wHwYDVR0jBBgwFoAUkUTtx6QO6ZC3
+jZv9uF9ea3Eg5cwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy83M2YyMWMyYi04
ODIzLTRjMjQtYjI1Yi00M2M4MGNiNmQxYmIvMjc4YWFiODc4ZjI4MzFiYjE4MjNi
NTg3OTRiMDkyZDg2ZmIxZDdhMGY3NGUyODE2MTEuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjY4YTMyZWUtNDU1ZC00ODNhLTk0M2QtMWE1
YmU3NDhiZmVhL2M0NTUyZTlmLWRlYTUtNDVmZC04NjAwLTI3NjA5ZWFmNDAwZi5y
b2EwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVz
LWVhc3QtMi5hbWF6b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2Et
OTQzZC0xYTViZTc0OGJmZWEvNGJiOGFlNWMtMTI0Yy00MmYzLTg3ZmItNGYzNGU3
NGUzZGEyLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAxyR4MA0GCSqGSIb3DQEBCwUAA4IBAQCtoPVyt8b+
rZsHZlSJJ9t5VHajMMpkHuOogs6GxPzEHInY9Fxe2Ya8pXg+XJXmFk8nGIWZ/aWJ
mMvSSl7IhocZz63zMK/8NzzFsBn2wooggnhEihq5eR+/JFFRQ5bYPs5gw3L89JRI
UMVcnf81fbxQZZjrXUzzeRHBUBUKwr+0wBfvUaHLU6gS7k7JnKGS5HEiMrsVC3aH
ZezEhL8fecII72N91eJRjlvy+EHks3OGgBSqCr1T4v1f1w077+ec1yoKtL/l2Jfy
+KoCXzNW0zxbN7muRiyh98rBVhrBvW3n2kopFiJgmy3uhht1fXs3yqdy7Iq3BLZm
e9ZfiOqAi39H
-----END CERTIFICATE-----