Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/df30a346-4c80-415d-a902-8638adb18972.roa
File:                     df30a346-4c80-415d-a902-8638adb18972.roa (raw, json)
Hash identifier:          vD7G+IwRQD7d8YaM0QGdNXr/5pqn36Glj7wp5KOENgg=
Subject key identifier:   A0:61:92:56:FF:72:12:49:E9:AF:63:C5:75:AB:26:7E:2B:9E:01:71
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       11BCB57DCC8AB5598827AB7C2B21EA72B55CBC36
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/df30a346-4c80-415d-a902-8638adb18972.roa
Signing time:             Sat 10 Jun 2023 00:00:00 +0000
ROA not before:           Sat 10 Jun 2023 00:00:00 +0000
ROA not after:            Tue 13 Jun 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:bc:b5:7d:cc:8a:b5:59:88:27:ab:7c:2b:21:ea:72:b5:5c:bc:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jun 10 00:00:00 2023 GMT
            Not After : Jun 13 23:59:59 2023 GMT
        Subject: serialNumber=98fa8555d059a61021f82ad1b39886e73fdb4a64afbb2f2c3e8aff9b7ed8d06f, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:e2:b5:f2:d8:6f:9d:32:0e:9d:d2:9b:91:85:
                    13:31:ac:4a:34:2e:3d:7e:a7:61:c8:e1:ef:13:46:
                    6d:75:12:a2:33:5b:93:d9:20:f5:39:21:0f:2b:08:
                    7f:73:24:16:f4:e2:ec:0c:ef:de:59:8b:80:07:e8:
                    4b:19:09:6b:76:63:32:4b:ae:90:f3:e8:c4:cd:69:
                    fd:d1:00:20:c4:9d:57:b4:33:c6:e7:a3:82:14:20:
                    d8:a1:a7:17:75:eb:f1:26:1f:cf:cf:01:dd:10:c5:
                    19:02:3f:29:b8:66:0b:77:e8:29:e6:4d:9e:8f:14:
                    f5:3b:e1:9f:e9:31:3c:a2:cc:71:8a:84:8f:64:5c:
                    2c:2b:3b:e1:4d:81:15:4d:29:7a:81:9c:45:f4:4e:
                    97:f0:a5:21:a7:15:97:36:c8:db:de:20:d8:95:f7:
                    40:b0:cf:ff:65:74:ca:90:5a:4b:a5:b8:8d:2b:a0:
                    1b:bc:9e:c9:f0:70:86:27:2a:a7:ed:45:b8:7d:d5:
                    99:f6:d7:98:ca:1b:cf:73:b7:ec:0b:ae:dc:d1:be:
                    0e:17:80:c7:b1:9a:07:2d:9c:33:6f:ee:de:4c:43:
                    aa:c6:9b:c8:54:a0:82:a4:6f:4a:04:cd:0b:41:58:
                    0f:a6:06:17:56:64:b4:f0:a5:68:3c:0c:00:84:88:
                    65:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:61:92:56:FF:72:12:49:E9:AF:63:C5:75:AB:26:7E:2B:9E:01:71
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/df30a346-4c80-415d-a902-8638adb18972.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:7c:d5:d3:33:8e:52:9e:ac:4e:4e:6b:8d:c8:38:2b:34:f8:
         e1:00:c1:55:4c:f9:a4:32:da:0b:ed:c1:49:db:2d:91:d9:fb:
         b5:d7:e0:43:47:f3:fc:84:7d:ac:4a:12:52:a3:bc:fb:38:40:
         54:51:f9:25:2e:cc:c9:7f:9c:40:4d:02:83:87:dc:59:6b:40:
         3e:ba:06:46:10:b5:77:6d:21:19:f8:b8:1a:56:28:60:50:39:
         88:0a:ee:ae:5e:33:26:61:15:a4:30:1e:86:7f:95:d0:7d:85:
         b5:7f:d9:5e:c7:ed:c2:ce:c9:bd:c1:98:e3:29:c7:8a:0d:77:
         82:ae:af:9d:b8:33:5e:1c:99:7d:ba:08:ba:b3:8b:11:58:68:
         78:c9:0e:41:dc:31:27:1a:56:72:93:97:05:a5:35:8a:79:17:
         d3:fe:fb:eb:05:62:8a:0c:de:e6:d5:ec:8a:10:76:dc:31:4f:
         24:60:b6:60:11:33:78:f4:09:d4:a9:3c:83:b9:ea:7d:04:cd:
         b4:21:98:94:a0:41:b6:11:0f:29:2b:a0:f2:f8:c7:ab:42:23:
         aa:f1:1f:34:01:df:06:c4:ba:6a:ad:62:87:0b:a9:a6:2e:80:
         90:ea:77:cf:24:65:b0:8d:90:55:5f:59:a2:2f:dd:b5:e6:da:
         bd:a9:d9:d9
-----BEGIN CERTIFICATE-----
MIIGBTCCBO2gAwIBAgIUEby1fcyKtVmIJ6t8KyHqcrVcvDYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNjEwMDAwMDAwWhcNMjMwNjEzMjM1OTU5
WjB6MUkwRwYDVQQFE0A5OGZhODU1NWQwNTlhNjEwMjFmODJhZDFiMzk4ODZlNzNm
ZGI0YTY0YWZiYjJmMmMzZThhZmY5YjdlZDhkMDZmMS0wKwYDVQQDEyQ2YWU0ZTU2
Ny02MzQ4LTRjNGYtOThhOC0wNDIyYzRjNTJmZjMwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCq4rXy2G+dMg6d0puRhRMxrEo0Lj1+p2HI4e8TRm11EqIz
W5PZIPU5IQ8rCH9zJBb04uwM795Zi4AH6EsZCWt2YzJLrpDz6MTNaf3RACDEnVe0
M8bno4IUINihpxd16/EmH8/PAd0QxRkCPym4Zgt36CnmTZ6PFPU74Z/pMTyizHGK
hI9kXCwrO+FNgRVNKXqBnEX0TpfwpSGnFZc2yNveINiV90Cwz/9ldMqQWkuluI0r
oBu8nsnwcIYnKqftRbh91Zn215jKG89zt+wLrtzRvg4XgMexmgctnDNv7t5MQ6rG
m8hUoIKkb0oEzQtBWA+mBhdWZLTwpWg8DACEiGXPAgMBAAGjggK+MIICujAdBgNV
HQ4EFgQUoGGSVv9yEknpr2PFdasmfiueAXEwHwYDVR0jBBgwFoAUkUTtx6QO6ZC3
+jZv9uF9ea3Eg5cwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy83M2YyMWMyYi04
ODIzLTRjMjQtYjI1Yi00M2M4MGNiNmQxYmIvMjc4YWFiODc4ZjI4MzFiYjE4MjNi
NTg3OTRiMDkyZDg2ZmIxZDdhMGY3NGUyODE2MTEuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjY4YTMyZWUtNDU1ZC00ODNhLTk0M2QtMWE1
YmU3NDhiZmVhL2RmMzBhMzQ2LTRjODAtNDE1ZC1hOTAyLTg2MzhhZGIxODk3Mi5y
b2EwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVz
LWVhc3QtMi5hbWF6b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2Et
OTQzZC0xYTViZTc0OGJmZWEvNGJiOGFlNWMtMTI0Yy00MmYzLTg3ZmItNGYzNGU3
NGUzZGEyLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAxyR4MA0GCSqGSIb3DQEBCwUAA4IBAQAGfNXTM45S
nqxOTmuNyDgrNPjhAMFVTPmkMtoL7cFJ2y2R2fu11+BDR/P8hH2sShJSo7z7OEBU
UfklLszJf5xATQKDh9xZa0A+ugZGELV3bSEZ+LgaVihgUDmICu6uXjMmYRWkMB6G
f5XQfYW1f9lex+3Czsm9wZjjKceKDXeCrq+duDNeHJl9ugi6s4sRWGh4yQ5B3DEn
GlZyk5cFpTWKeRfT/vvrBWKKDN7m1eyKEHbcMU8kYLZgETN49AnUqTyDuep9BM20
IZiUoEG2EQ8pK6Dy+MerQiOq8R80Ad8GxLpqrWKHC6mmLoCQ6nfPJGWwjZBVX1mi
L9215tq9qdnZ
-----END CERTIFICATE-----