Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4ed8f546-e976-4e80-a1be-ad31fe213584.roa
File:                     4ed8f546-e976-4e80-a1be-ad31fe213584.roa (raw, json)
Hash identifier:          M9BmgOmsIchK4lFgPJzxrl2EBZXi2dVmRgWKDSP2+rc=
Subject key identifier:   BA:CC:BE:23:20:F8:D4:3A:08:87:E3:FB:89:7E:02:41:48:88:98:FD
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       7DF29803ED683F4C12500305D1E99CA682944BB5
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4ed8f546-e976-4e80-a1be-ad31fe213584.roa
Signing time:             Mon 12 Jun 2023 00:00:00 +0000
ROA not before:           Mon 12 Jun 2023 00:00:00 +0000
ROA not after:            Thu 15 Jun 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:f2:98:03:ed:68:3f:4c:12:50:03:05:d1:e9:9c:a6:82:94:4b:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jun 12 00:00:00 2023 GMT
            Not After : Jun 15 23:59:59 2023 GMT
        Subject: serialNumber=eabb7497ddb525c87ea21665cfe7179ef4ae588a795c759b81c9efd90eb710b4, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:09:0e:b0:dd:09:ad:92:8d:78:b2:a7:c6:a5:
                    2c:68:84:3b:34:a6:8c:61:80:d1:7c:61:82:4f:99:
                    23:b7:2c:c9:2f:f0:c2:53:20:b0:b6:91:7d:7f:09:
                    d0:6c:7d:87:5b:91:0b:39:63:b4:0d:08:83:c9:21:
                    c9:f8:30:d2:08:e4:3e:80:1f:c1:10:e1:79:fd:54:
                    a9:e2:95:7d:0f:24:ac:4f:61:5f:70:db:06:a3:e1:
                    14:c0:35:3d:9d:42:b6:a1:ca:a0:1e:9f:18:42:62:
                    cb:92:f2:8e:cc:5c:51:ae:1b:45:e2:7a:df:fd:3a:
                    60:ed:1d:1e:fb:4c:d2:e7:55:9d:f6:1d:d6:37:49:
                    9e:02:31:40:e3:2d:ed:54:8e:db:aa:3f:b2:1d:2f:
                    99:83:71:e0:94:39:60:be:7d:5d:6d:42:1f:ae:b6:
                    c4:67:dc:36:36:c6:fa:40:d4:ba:b5:6a:7d:17:c6:
                    7f:e7:ba:b8:09:c4:75:b1:d5:66:71:d7:42:aa:22:
                    db:04:cd:64:74:5f:46:e7:89:71:15:a7:ba:81:37:
                    3e:96:15:82:28:da:43:57:3b:36:82:10:54:38:62:
                    df:38:bd:ab:87:80:ed:56:10:e2:24:7d:7d:15:67:
                    0f:e8:e4:94:64:2a:3d:aa:f5:66:32:71:bc:84:e3:
                    56:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:CC:BE:23:20:F8:D4:3A:08:87:E3:FB:89:7E:02:41:48:88:98:FD
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4ed8f546-e976-4e80-a1be-ad31fe213584.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:c0:90:a3:fd:31:83:3b:26:a8:49:a6:f2:8a:a2:c6:27:43:
         25:41:62:f5:e8:96:10:1d:97:9a:67:62:cb:10:ef:8b:24:c0:
         74:81:74:0d:aa:55:02:e3:c2:60:cf:af:39:b5:0d:9c:2e:d3:
         31:e3:d2:31:4c:10:7e:a4:ef:f5:9c:43:2a:5b:eb:d7:6a:b5:
         d2:26:22:96:2b:c8:b0:93:ea:90:23:df:7b:7c:ce:26:d3:74:
         1c:92:73:86:27:8e:69:38:f8:a9:14:a8:69:12:f7:e1:a2:54:
         92:cb:5f:90:22:d2:d8:80:66:e7:65:45:b0:ac:14:e7:42:f6:
         53:0d:48:fc:ba:f6:bb:a2:e7:de:f3:c7:01:84:4b:37:5f:16:
         0e:6b:3c:82:56:6d:22:44:c5:08:4e:48:d5:7a:82:fd:e9:72:
         24:1a:46:5a:68:aa:ba:59:9c:46:5f:5b:e4:d7:5d:49:bf:51:
         f4:ed:25:67:bb:ed:f7:86:e8:0f:f8:2a:a2:cb:8a:01:15:10:
         a6:38:20:12:36:b8:41:21:67:fc:b9:50:b2:1b:db:ca:f0:d3:
         80:18:27:d3:78:25:47:20:9d:c0:62:68:d5:00:50:af:bc:02:
         be:d1:ca:b6:76:08:ae:60:ab:32:8c:8b:7c:e4:ba:89:23:cd:
         f9:ae:af:1c
-----BEGIN CERTIFICATE-----
MIIGBTCCBO2gAwIBAgIUffKYA+1oP0wSUAMF0emcpoKUS7UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNjEyMDAwMDAwWhcNMjMwNjE1MjM1OTU5
WjB6MUkwRwYDVQQFE0BlYWJiNzQ5N2RkYjUyNWM4N2VhMjE2NjVjZmU3MTc5ZWY0
YWU1ODhhNzk1Yzc1OWI4MWM5ZWZkOTBlYjcxMGI0MS0wKwYDVQQDEyQ2YWU0ZTU2
Ny02MzQ4LTRjNGYtOThhOC0wNDIyYzRjNTJmZjMwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCwCQ6w3Qmtko14sqfGpSxohDs0poxhgNF8YYJPmSO3LMkv
8MJTILC2kX1/CdBsfYdbkQs5Y7QNCIPJIcn4MNII5D6AH8EQ4Xn9VKnilX0PJKxP
YV9w2waj4RTANT2dQrahyqAenxhCYsuS8o7MXFGuG0Xiet/9OmDtHR77TNLnVZ32
HdY3SZ4CMUDjLe1UjtuqP7IdL5mDceCUOWC+fV1tQh+utsRn3DY2xvpA1Lq1an0X
xn/nurgJxHWx1WZx10KqItsEzWR0X0bniXEVp7qBNz6WFYIo2kNXOzaCEFQ4Yt84
vauHgO1WEOIkfX0VZw/o5JRkKj2q9WYycbyE41YFAgMBAAGjggK+MIICujAdBgNV
HQ4EFgQUusy+IyD41DoIh+P7iX4CQUiImP0wHwYDVR0jBBgwFoAUkUTtx6QO6ZC3
+jZv9uF9ea3Eg5cwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy83M2YyMWMyYi04
ODIzLTRjMjQtYjI1Yi00M2M4MGNiNmQxYmIvMjc4YWFiODc4ZjI4MzFiYjE4MjNi
NTg3OTRiMDkyZDg2ZmIxZDdhMGY3NGUyODE2MTEuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjY4YTMyZWUtNDU1ZC00ODNhLTk0M2QtMWE1
YmU3NDhiZmVhLzRlZDhmNTQ2LWU5NzYtNGU4MC1hMWJlLWFkMzFmZTIxMzU4NC5y
b2EwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVz
LWVhc3QtMi5hbWF6b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2Et
OTQzZC0xYTViZTc0OGJmZWEvNGJiOGFlNWMtMTI0Yy00MmYzLTg3ZmItNGYzNGU3
NGUzZGEyLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAxyR4MA0GCSqGSIb3DQEBCwUAA4IBAQCLwJCj/TGD
OyaoSabyiqLGJ0MlQWL16JYQHZeaZ2LLEO+LJMB0gXQNqlUC48Jgz685tQ2cLtMx
49IxTBB+pO/1nEMqW+vXarXSJiKWK8iwk+qQI997fM4m03QcknOGJ45pOPipFKhp
EvfholSSy1+QItLYgGbnZUWwrBTnQvZTDUj8uva7oufe88cBhEs3XxYOazyCVm0i
RMUITkjVeoL96XIkGkZaaKq6WZxGX1vk111Jv1H07SVnu+33hugP+Cqiy4oBFRCm
OCASNrhBIWf8uVCyG9vK8NOAGCfTeCVHIJ3AYmjVAFCvvAK+0cq2dgiuYKsyjIt8
5LqJI835rq8c
-----END CERTIFICATE-----