Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/91a4946a-34c0-433e-9caf-555f182c567e.roa
File:                     91a4946a-34c0-433e-9caf-555f182c567e.roa (raw, json)
Hash identifier:          ncNzAZPxNya/Te84oyFtPrevD8WST3Uq7EZVoS0bJrs=
Subject key identifier:   D9:23:D0:08:91:E9:6B:1F:FD:05:83:B0:72:AF:59:62:1B:CC:0B:00
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       2B6C1A1C72159C525830C652842928EE3E10BA4C
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/91a4946a-34c0-433e-9caf-555f182c567e.roa
Signing time:             Fri 09 Jun 2023 00:00:00 +0000
ROA not before:           Fri 09 Jun 2023 00:00:00 +0000
ROA not after:            Mon 12 Jun 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:6c:1a:1c:72:15:9c:52:58:30:c6:52:84:29:28:ee:3e:10:ba:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jun  9 00:00:00 2023 GMT
            Not After : Jun 12 23:59:59 2023 GMT
        Subject: serialNumber=8ca5e2628f16ebb1db1a1fa824c97496eb3681f58d08cf303cb7246e25d309f5, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:c5:40:45:53:14:cb:ce:97:8f:f1:bc:3a:b6:
                    50:e3:d0:79:84:89:bb:ce:24:2d:15:c7:51:0d:a8:
                    da:1a:f6:5e:e2:d9:38:39:42:1e:0f:3b:ff:35:9e:
                    a5:a5:14:30:bb:de:a8:b5:5d:6b:09:9a:56:4c:00:
                    be:16:ee:99:89:69:99:ce:b4:c3:e2:99:73:67:0a:
                    88:ce:c3:b5:f1:42:f3:f0:63:0c:72:b5:e3:28:7c:
                    9e:dc:21:5d:b7:fb:86:83:20:12:24:f0:5d:7a:be:
                    08:10:72:ca:ae:82:2a:8e:58:f8:6f:3b:17:77:10:
                    96:10:f2:ce:dc:83:06:ae:3f:05:64:fb:1e:b0:b4:
                    29:a4:99:d6:a1:b7:8a:d4:17:42:6d:69:f4:87:d0:
                    bb:b0:91:0f:b3:ca:36:24:82:c7:a7:c4:0c:50:14:
                    21:72:4b:8f:f9:a4:03:19:2f:07:63:d9:d3:d7:46:
                    7d:e6:65:1a:d4:df:ae:89:f9:64:a9:52:b8:be:6b:
                    fe:84:94:97:16:dd:48:90:c7:ea:2a:db:44:07:a8:
                    85:be:fb:ad:1b:7f:a5:89:e4:a1:d1:ec:2b:40:a3:
                    e2:46:cc:91:ac:26:5e:a7:7b:f1:72:d4:1f:0d:ba:
                    24:e6:6d:73:48:08:c4:6e:04:17:09:db:27:b3:6b:
                    a0:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:23:D0:08:91:E9:6B:1F:FD:05:83:B0:72:AF:59:62:1B:CC:0B:00
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/91a4946a-34c0-433e-9caf-555f182c567e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:c0:a3:36:f2:1c:41:3d:8d:50:14:fd:22:af:68:27:0e:2d:
         82:a4:e2:fa:6b:81:9c:19:5b:cd:67:1a:03:86:b6:5e:98:b9:
         f6:90:8f:a6:3c:40:fa:37:8d:29:e4:f5:18:d7:f5:b0:4b:cb:
         b6:c7:3b:ff:d1:d9:44:e6:45:40:d4:bf:e4:88:58:7d:7b:e0:
         e9:48:94:f3:95:c2:c1:fb:0a:26:82:dc:d0:17:4c:7e:ca:b3:
         dd:a1:0a:1b:e9:0a:d9:51:34:93:db:6f:d8:cb:d5:e9:07:0b:
         d2:e4:d4:99:d6:f9:1b:4f:af:b9:7f:9d:85:bd:b6:2a:99:2f:
         3d:f1:16:55:20:e8:67:e8:53:97:a5:f8:73:e6:03:65:56:63:
         0f:1f:5e:9b:f5:93:0b:67:a6:fb:65:d7:03:c8:22:3b:0f:c0:
         91:23:50:50:cc:ad:30:36:40:f2:9c:de:73:1b:5f:0c:14:af:
         8d:ed:46:3b:eb:b9:01:cf:e3:d1:b5:66:7f:6b:da:af:ed:c1:
         f7:f8:cf:ff:b2:e9:35:78:28:66:6d:e4:87:9e:3d:5c:3d:c3:
         e5:b4:fe:b9:3f:34:9b:92:80:03:d3:0e:81:83:63:28:ab:cb:
         df:cd:bb:f9:ab:ee:d2:92:ad:13:6c:40:54:e4:ea:a9:11:b9:
         4b:cb:8e:aa
-----BEGIN CERTIFICATE-----
MIIGBTCCBO2gAwIBAgIUK2waHHIVnFJYMMZShCko7j4QukwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNjA5MDAwMDAwWhcNMjMwNjEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A4Y2E1ZTI2MjhmMTZlYmIxZGIxYTFmYTgyNGM5NzQ5NmVi
MzY4MWY1OGQwOGNmMzAzY2I3MjQ2ZTI1ZDMwOWY1MS0wKwYDVQQDEyQ2YWU0ZTU2
Ny02MzQ4LTRjNGYtOThhOC0wNDIyYzRjNTJmZjMwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDHxUBFUxTLzpeP8bw6tlDj0HmEibvOJC0Vx1ENqNoa9l7i
2Tg5Qh4PO/81nqWlFDC73qi1XWsJmlZMAL4W7pmJaZnOtMPimXNnCojOw7XxQvPw
YwxyteMofJ7cIV23+4aDIBIk8F16vggQcsqugiqOWPhvOxd3EJYQ8s7cgwauPwVk
+x6wtCmkmdaht4rUF0JtafSH0LuwkQ+zyjYkgsenxAxQFCFyS4/5pAMZLwdj2dPX
Rn3mZRrU366J+WSpUri+a/6ElJcW3UiQx+oq20QHqIW++60bf6WJ5KHR7CtAo+JG
zJGsJl6ne/Fy1B8NuiTmbXNICMRuBBcJ2yeza6BjAgMBAAGjggK+MIICujAdBgNV
HQ4EFgQU2SPQCJHpax/9BYOwcq9ZYhvMCwAwHwYDVR0jBBgwFoAUkUTtx6QO6ZC3
+jZv9uF9ea3Eg5cwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy83M2YyMWMyYi04
ODIzLTRjMjQtYjI1Yi00M2M4MGNiNmQxYmIvMjc4YWFiODc4ZjI4MzFiYjE4MjNi
NTg3OTRiMDkyZDg2ZmIxZDdhMGY3NGUyODE2MTEuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjY4YTMyZWUtNDU1ZC00ODNhLTk0M2QtMWE1
YmU3NDhiZmVhLzkxYTQ5NDZhLTM0YzAtNDMzZS05Y2FmLTU1NWYxODJjNTY3ZS5y
b2EwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVz
LWVhc3QtMi5hbWF6b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2Et
OTQzZC0xYTViZTc0OGJmZWEvNGJiOGFlNWMtMTI0Yy00MmYzLTg3ZmItNGYzNGU3
NGUzZGEyLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAxyR4MA0GCSqGSIb3DQEBCwUAA4IBAQBcwKM28hxB
PY1QFP0ir2gnDi2CpOL6a4GcGVvNZxoDhrZemLn2kI+mPED6N40p5PUY1/WwS8u2
xzv/0dlE5kVA1L/kiFh9e+DpSJTzlcLB+womgtzQF0x+yrPdoQob6QrZUTST22/Y
y9XpBwvS5NSZ1vkbT6+5f52FvbYqmS898RZVIOhn6FOXpfhz5gNlVmMPH16b9ZML
Z6b7ZdcDyCI7D8CRI1BQzK0wNkDynN5zG18MFK+N7UY767kBz+PRtWZ/a9qv7cH3
+M//suk1eChmbeSHnj1cPcPltP65PzSbkoAD0w6Bg2Moq8vfzbv5q+7Skq0TbEBU
5OqpEblLy46q
-----END CERTIFICATE-----