Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/dbe8cd21-8489-4beb-8711-fa15bc260152.roa
File:                     dbe8cd21-8489-4beb-8711-fa15bc260152.roa (raw, json)
Hash identifier:          tx9HEY/7N4/yles3qEToSdVRwDrnaHtjKYnzJ9k+YVQ=
Subject key identifier:   89:00:8D:B1:6C:58:21:29:BD:C7:B1:00:EA:1A:5F:26:5C:20:74:83
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       464C60438463B9017E0009A60252FA6906635B
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/dbe8cd21-8489-4beb-8711-fa15bc260152.roa
Signing time:             Sun 11 Jun 2023 00:00:00 +0000
ROA not before:           Sun 11 Jun 2023 00:00:00 +0000
ROA not after:            Wed 14 Jun 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:4c:60:43:84:63:b9:01:7e:00:09:a6:02:52:fa:69:06:63:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jun 11 00:00:00 2023 GMT
            Not After : Jun 14 23:59:59 2023 GMT
        Subject: serialNumber=781df383d2850847f37adbdfb424d41620e63114eac7964fc3f1574b4363dc01, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:8e:ab:c8:c2:69:21:46:d6:56:fc:78:56:6f:
                    73:56:14:c2:6c:64:9a:7d:f5:4b:6f:b0:e1:83:c2:
                    19:12:a1:3e:84:60:62:9c:43:0c:18:76:fa:57:a7:
                    3a:3c:41:70:e2:3f:97:33:e0:df:0c:1c:b4:59:c4:
                    19:9b:cc:8f:20:72:9a:4b:e5:ce:41:c3:3f:e4:dc:
                    ea:22:b8:4f:49:5e:d9:68:6d:2f:ac:40:63:19:34:
                    ed:a6:93:9b:83:52:29:e5:e6:aa:16:ad:0c:2e:1f:
                    80:b0:4a:ff:1a:8d:9b:83:b8:10:70:d3:35:0a:2e:
                    bf:bf:34:9a:dd:5f:1b:dc:90:4c:39:9f:3c:55:fe:
                    d5:db:05:b3:47:09:8d:38:13:32:2e:49:a0:af:dd:
                    ba:a8:4d:ac:ca:a2:cd:b1:e0:8f:44:e4:a5:31:07:
                    c4:b0:3c:0a:3b:ce:81:67:80:e4:e0:08:7b:ec:28:
                    1d:fb:12:93:96:7a:4c:b7:38:81:27:67:d5:0d:cc:
                    4d:b8:5b:db:f8:08:bf:77:fb:1d:94:bd:62:e4:11:
                    dd:ef:61:11:f4:d8:99:bc:02:c7:a2:9d:ba:17:d2:
                    c2:aa:86:a7:b6:89:55:7a:ab:93:5a:32:82:f4:cb:
                    70:8d:b0:b2:a9:00:38:09:ec:3c:9d:62:01:15:e4:
                    a8:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:00:8D:B1:6C:58:21:29:BD:C7:B1:00:EA:1A:5F:26:5C:20:74:83
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/dbe8cd21-8489-4beb-8711-fa15bc260152.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:b3:0e:6d:e3:67:f0:1e:1a:18:a1:19:f8:78:e0:4a:c3:fd:
         0d:d4:51:a3:e9:95:00:74:09:c6:b0:29:3e:f4:b3:ca:5d:d1:
         ef:69:40:ff:70:90:41:ef:ce:0b:75:1d:66:1d:8e:14:b1:0f:
         fb:1c:17:d1:48:c6:5e:5a:0d:a5:11:2d:ec:9b:0e:69:bc:8f:
         f0:9e:a5:91:19:c3:39:c2:77:25:7c:f1:66:87:a5:f7:0b:25:
         52:d6:cd:09:c2:32:b4:8c:cd:66:9a:a7:9e:cd:15:c9:5d:d0:
         d7:d4:57:18:7a:bb:54:92:4f:c7:9d:93:46:b2:bf:a9:88:b0:
         ce:c0:90:b6:a9:3c:26:57:f1:b0:05:b3:3f:11:66:8f:0b:f6:
         9c:e2:c9:ed:10:d6:ed:b7:67:54:1c:c6:7b:3d:1c:c2:af:ad:
         b3:64:9f:82:13:eb:98:f8:cc:c8:b1:46:ea:26:58:b3:9f:50:
         5f:88:34:a5:09:cd:0b:66:08:11:4a:22:c3:5f:16:90:23:a6:
         be:55:3b:c6:4d:e8:ab:3e:0b:fa:97:f2:7a:34:4c:e2:84:2b:
         03:5d:00:d9:71:ef:f7:13:59:fb:d6:1d:73:fb:06:57:3a:ec:
         11:5c:19:6b:f9:00:4c:ba:41:f4:66:47:c9:ef:43:a4:9d:6a:
         80:d8:65:e7
-----BEGIN CERTIFICATE-----
MIIGBDCCBOygAwIBAgITRkxgQ4RjuQF+AAmmAlL6aQZjWzANBgkqhkiG9w0BAQsF
ADA9MTswOQYDVQQDEzIyNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5NGIwOTJkODZm
YjFkN2EwZjc0ZTI4MTYxMTAeFw0yMzA2MTEwMDAwMDBaFw0yMzA2MTQyMzU5NTla
MHoxSTBHBgNVBAUTQDc4MWRmMzgzZDI4NTA4NDdmMzdhZGJkZmI0MjRkNDE2MjBl
NjMxMTRlYWM3OTY0ZmMzZjE1NzRiNDM2M2RjMDExLTArBgNVBAMTJDZhZTRlNTY3
LTYzNDgtNGM0Zi05OGE4LTA0MjJjNGM1MmZmMzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKKOq8jCaSFG1lb8eFZvc1YUwmxkmn31S2+w4YPCGRKhPoRg
YpxDDBh2+lenOjxBcOI/lzPg3wwctFnEGZvMjyBymkvlzkHDP+Tc6iK4T0le2Wht
L6xAYxk07aaTm4NSKeXmqhatDC4fgLBK/xqNm4O4EHDTNQouv780mt1fG9yQTDmf
PFX+1dsFs0cJjTgTMi5JoK/duqhNrMqizbHgj0TkpTEHxLA8CjvOgWeA5OAIe+wo
HfsSk5Z6TLc4gSdn1Q3MTbhb2/gIv3f7HZS9YuQR3e9hEfTYmbwCx6KduhfSwqqG
p7aJVXqrk1oygvTLcI2wsqkAOAnsPJ1iARXkqN0CAwEAAaOCAr4wggK6MB0GA1Ud
DgQWBBSJAI2xbFghKb3HsQDqGl8mXCB0gzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6
Nm/24X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHg
BggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2Fy
aW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMv
MDM1NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4
MjMtNGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1
ODc5NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGR
MIGOMIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTVi
ZTc0OGJmZWEvZGJlOGNkMjEtODQ4OS00YmViLTg3MTEtZmExNWJjMjYwMTUyLnJv
YTCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMt
ZWFzdC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05
NDNkLTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0
ZTNkYTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFizDm3jZ/Ae
GhihGfh44ErD/Q3UUaPplQB0CcawKT70s8pd0e9pQP9wkEHvzgt1HWYdjhSxD/sc
F9FIxl5aDaURLeybDmm8j/CepZEZwznCdyV88WaHpfcLJVLWzQnCMrSMzWaap57N
Fcld0NfUVxh6u1SST8edk0ayv6mIsM7AkLapPCZX8bAFsz8RZo8L9pziye0Q1u23
Z1Qcxns9HMKvrbNkn4IT65j4zMixRuomWLOfUF+INKUJzQtmCBFKIsNfFpAjpr5V
O8ZN6Ks+C/qX8no0TOKEKwNdANlx7/cTWfvWHXP7Blc67BFcGWv5AEy6QfRmR8nv
Q6SdaoDYZec=
-----END CERTIFICATE-----