Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c625fd49-aad6-4522-bae4-74741d946593.roa
File:                     c625fd49-aad6-4522-bae4-74741d946593.roa (raw, json)
Hash identifier:          QRBSMu7Dl6+ohbIHCGphst4YdQOa8lAWeU5lcvPttJA=
Subject key identifier:   64:4C:3E:19:71:B7:20:F3:2B:E5:75:2E:CC:54:78:35:A0:3E:A7:2E
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       1F7454B3C0B7DBA0154174274C4C9407614CF2D1
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c625fd49-aad6-4522-bae4-74741d946593.roa
Signing time:             Tue 13 Jun 2023 00:00:00 +0000
ROA not before:           Tue 13 Jun 2023 00:00:00 +0000
ROA not after:            Fri 16 Jun 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:74:54:b3:c0:b7:db:a0:15:41:74:27:4c:4c:94:07:61:4c:f2:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jun 13 00:00:00 2023 GMT
            Not After : Jun 16 23:59:59 2023 GMT
        Subject: serialNumber=85bfa2bb74543da23ba9f0dd16def79cda10943caa32835ba7e50179d6ac3b13, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:8e:49:de:96:5e:4b:52:06:86:58:59:71:50:
                    0e:9c:b9:ff:25:34:06:96:b7:4c:10:08:d5:c8:b2:
                    92:3a:b2:a0:15:4e:4a:46:2b:06:5f:2e:84:bd:89:
                    96:99:23:d8:5b:3b:27:2a:66:2c:e3:ff:fb:f6:10:
                    64:63:1b:39:62:bf:41:f4:69:a1:21:b6:3e:08:90:
                    4f:18:7c:bf:d9:ca:63:64:ec:69:98:5b:93:48:91:
                    2a:e3:b1:da:f8:f9:33:2e:2b:7e:5e:ba:d2:c3:0f:
                    26:a4:5c:5f:0a:4e:3e:47:ec:78:ea:11:a4:c3:3c:
                    af:d8:b2:63:79:80:a5:f0:ed:b5:21:b5:e6:5f:20:
                    f4:8f:6b:8a:80:80:55:0b:f8:38:0e:13:2a:a4:7f:
                    cc:41:29:07:47:06:39:10:c0:bf:0b:c2:d1:73:e1:
                    a6:82:79:55:23:5c:88:b3:fe:04:75:63:d9:d6:a0:
                    05:a3:9c:85:a2:13:7b:5a:3e:1e:8a:97:f9:80:a2:
                    28:12:36:41:c0:3f:a9:f8:7e:65:15:7c:b9:2f:fd:
                    9a:45:8a:08:2f:b1:fa:52:d1:b7:fe:bb:14:01:da:
                    1d:66:43:3c:b8:d8:65:7e:f5:b7:83:86:e1:ed:df:
                    27:d6:48:46:79:0c:1c:87:91:39:ce:5d:bc:f1:76:
                    54:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:4C:3E:19:71:B7:20:F3:2B:E5:75:2E:CC:54:78:35:A0:3E:A7:2E
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c625fd49-aad6-4522-bae4-74741d946593.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:d2:b2:ca:65:c3:2e:9b:13:64:dc:42:a8:7b:2e:9b:b0:ab:
         49:f6:de:cd:09:90:ec:95:f0:dc:ca:7e:02:eb:92:7e:94:75:
         28:e1:1f:3a:14:d3:03:64:e1:48:b3:28:05:c7:63:7e:91:a6:
         57:6b:76:26:68:a5:5a:26:dc:20:a5:55:b1:56:fa:d5:af:d8:
         1f:d7:6f:e4:a5:1f:c1:72:db:63:fc:53:4f:0e:26:3d:b1:5f:
         6a:76:72:c2:83:65:24:5e:44:57:ee:e9:fc:71:6d:9d:13:6d:
         0c:19:63:52:91:d4:e7:c5:25:49:89:80:37:be:a0:b1:1b:a7:
         28:46:81:b2:58:c2:80:22:67:7c:b9:c2:c0:7b:89:12:28:01:
         dd:53:0e:48:83:d8:d6:4a:4d:3b:c7:d9:e7:23:f9:ad:fe:2f:
         95:59:1e:36:7b:62:d2:27:9f:bf:64:2b:00:bd:b6:9d:93:8a:
         0d:af:bd:3a:5b:ab:e6:67:8f:fb:04:61:c3:a0:c1:00:13:5e:
         63:3e:b8:5e:41:38:64:6d:d3:42:2e:75:f2:07:06:0f:32:66:
         63:b7:92:5c:29:ce:da:4a:ec:03:1c:20:78:85:4b:a1:14:71:
         b0:e3:86:ac:ca:37:e2:ea:18:11:fd:7e:9e:6d:31:9f:5e:86:
         37:82:ef:13
-----BEGIN CERTIFICATE-----
MIIGBTCCBO2gAwIBAgIUH3RUs8C326AVQXQnTEyUB2FM8tEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNjEzMDAwMDAwWhcNMjMwNjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A4NWJmYTJiYjc0NTQzZGEyM2JhOWYwZGQxNmRlZjc5Y2Rh
MTA5NDNjYWEzMjgzNWJhN2U1MDE3OWQ2YWMzYjEzMS0wKwYDVQQDEyQ2YWU0ZTU2
Ny02MzQ4LTRjNGYtOThhOC0wNDIyYzRjNTJmZjMwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5jknell5LUgaGWFlxUA6cuf8lNAaWt0wQCNXIspI6sqAV
TkpGKwZfLoS9iZaZI9hbOycqZizj//v2EGRjGzliv0H0aaEhtj4IkE8YfL/ZymNk
7GmYW5NIkSrjsdr4+TMuK35eutLDDyakXF8KTj5H7HjqEaTDPK/YsmN5gKXw7bUh
teZfIPSPa4qAgFUL+DgOEyqkf8xBKQdHBjkQwL8LwtFz4aaCeVUjXIiz/gR1Y9nW
oAWjnIWiE3taPh6Kl/mAoigSNkHAP6n4fmUVfLkv/ZpFiggvsfpS0bf+uxQB2h1m
Qzy42GV+9beDhuHt3yfWSEZ5DByHkTnOXbzxdlRjAgMBAAGjggK+MIICujAdBgNV
HQ4EFgQUZEw+GXG3IPMr5XUuzFR4NaA+py4wHwYDVR0jBBgwFoAUkUTtx6QO6ZC3
+jZv9uF9ea3Eg5cwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy83M2YyMWMyYi04
ODIzLTRjMjQtYjI1Yi00M2M4MGNiNmQxYmIvMjc4YWFiODc4ZjI4MzFiYjE4MjNi
NTg3OTRiMDkyZDg2ZmIxZDdhMGY3NGUyODE2MTEuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjY4YTMyZWUtNDU1ZC00ODNhLTk0M2QtMWE1
YmU3NDhiZmVhL2M2MjVmZDQ5LWFhZDYtNDUyMi1iYWU0LTc0NzQxZDk0NjU5My5y
b2EwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVz
LWVhc3QtMi5hbWF6b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2Et
OTQzZC0xYTViZTc0OGJmZWEvNGJiOGFlNWMtMTI0Yy00MmYzLTg3ZmItNGYzNGU3
NGUzZGEyLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAxyR4MA0GCSqGSIb3DQEBCwUAA4IBAQCs0rLKZcMu
mxNk3EKoey6bsKtJ9t7NCZDslfDcyn4C65J+lHUo4R86FNMDZOFIsygFx2N+kaZX
a3YmaKVaJtwgpVWxVvrVr9gf12/kpR/Bcttj/FNPDiY9sV9qdnLCg2UkXkRX7un8
cW2dE20MGWNSkdTnxSVJiYA3vqCxG6coRoGyWMKAImd8ucLAe4kSKAHdUw5Ig9jW
Sk07x9nnI/mt/i+VWR42e2LSJ5+/ZCsAvbadk4oNr706W6vmZ4/7BGHDoMEAE15j
PrheQThkbdNCLnXyBwYPMmZjt5JcKc7aSuwDHCB4hUuhFHGw44asyjfi6hgR/X6e
bTGfXoY3gu8T
-----END CERTIFICATE-----