Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/00cdbc6c-9a86-4d7b-80b7-b7485d2d72ea.roa
File:                     00cdbc6c-9a86-4d7b-80b7-b7485d2d72ea.roa (raw, json)
Hash identifier:          JwuzIJBPwNMzhMqZy+4s7ZBccwnr4IwF8o/x6CtYhR8=
Subject key identifier:   6A:3F:1C:6C:AF:EB:90:2A:27:62:CA:C6:60:C0:BA:E9:84:D9:21:07
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       28685EC02890446F9C3A974D48CD0DBBF0636F3B
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/00cdbc6c-9a86-4d7b-80b7-b7485d2d72ea.roa
Signing time:             Tue 21 Mar 2023 00:00:00 +0000
ROA not before:           Tue 21 Mar 2023 00:00:00 +0000
ROA not after:            Fri 24 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:68:5e:c0:28:90:44:6f:9c:3a:97:4d:48:cd:0d:bb:f0:63:6f:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 21 00:00:00 2023 GMT
            Not After : Mar 24 23:59:59 2023 GMT
        Subject: serialNumber=2fc080dbd372a96d50b008fa943aba9e727902a0cdd2a594f935d605f6fa23b4, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:bd:54:61:09:e2:4c:81:e0:90:43:35:f2:d4:
                    2c:3c:88:e1:5f:55:31:53:a4:8c:19:47:bc:12:54:
                    21:d3:fa:8f:7b:3a:d8:61:05:6d:66:4a:7e:78:b0:
                    3c:b7:3e:6a:33:ca:cd:33:6a:68:7a:76:3e:35:a5:
                    f5:1a:4e:b9:3a:12:1c:25:e3:f4:0e:5b:84:f2:6c:
                    30:f1:ca:eb:35:7c:36:3b:9e:85:ae:a4:80:01:7f:
                    44:d0:3c:07:79:ad:dd:04:a4:36:00:d7:08:8a:28:
                    e0:95:5b:02:54:fe:0f:32:5b:8f:93:05:7b:30:e7:
                    64:2a:b9:03:c1:e8:68:1e:04:bf:44:44:0e:11:d4:
                    8c:a8:c0:81:13:f1:e2:d2:d1:67:e4:63:46:aa:15:
                    65:34:fa:e3:e3:3c:8a:2b:e9:f4:85:30:4b:0d:55:
                    b6:70:64:68:f7:b3:18:2d:a9:de:67:be:33:40:1e:
                    ed:97:37:c8:48:7d:71:2e:48:33:a0:4d:dc:0b:e6:
                    57:f6:a8:c0:1e:af:43:23:4e:fe:d1:55:67:bc:cf:
                    ae:ef:41:63:ee:06:b6:25:f0:e0:cc:81:63:90:ba:
                    73:aa:e8:1b:45:22:e1:58:34:bc:ec:bd:f4:32:22:
                    61:89:8e:47:91:8f:b9:bd:8b:75:20:c8:a7:fa:0c:
                    21:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:3F:1C:6C:AF:EB:90:2A:27:62:CA:C6:60:C0:BA:E9:84:D9:21:07
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/00cdbc6c-9a86-4d7b-80b7-b7485d2d72ea.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:7a:f1:26:b0:f0:aa:b2:29:4e:d2:51:74:3f:44:a0:b0:a7:
         3e:9a:ea:3c:0d:0c:dd:de:8b:81:e7:6d:5a:9e:f9:90:58:f2:
         07:7a:0e:8d:52:47:72:58:bf:07:e7:d3:48:e2:fc:cc:07:35:
         91:d4:e1:a6:e7:65:bf:57:47:fe:f7:e6:00:0c:6c:f3:b1:57:
         1b:58:fc:73:d0:48:ec:09:dc:0c:62:1d:c4:c3:12:02:f6:0c:
         5b:cc:57:b4:64:fa:20:76:e9:62:a0:da:d2:59:fb:88:8b:a4:
         cd:e0:9a:d3:33:42:b7:c5:8c:9b:35:85:d6:64:23:8e:61:ab:
         47:45:6f:b8:c0:81:38:a8:94:cc:09:ef:25:12:37:66:51:26:
         55:28:b6:79:3a:c6:35:d9:03:69:33:d0:15:2b:f4:5e:e7:a5:
         ef:1d:0e:ca:a0:9d:4f:15:a1:7a:14:7e:19:b0:12:24:46:8a:
         70:be:75:41:27:bf:9c:f9:62:7c:7d:b6:87:67:30:00:95:fc:
         f7:f9:87:5d:63:06:c5:67:58:70:96:21:0d:77:6d:57:e9:f2:
         07:f9:2d:96:15:ce:81:38:00:11:e5:b2:1f:52:f0:53:e5:c0:
         46:60:96:97:f1:ac:c9:10:8f:b8:ce:24:5e:83:fd:ee:9e:dc:
         19:1b:c5:89
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUKGhewCiQRG+cOpdNSM0Nu/BjbzswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzIxMDAwMDAwWhcNMjMwMzI0MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMmZjMDgwZGJkMzcyYTk2ZDUwYjAwOGZhOTQzYWJhOWU3
Mjc5MDJhMGNkZDJhNTk0ZjkzNWQ2MDVmNmZhMjNiNDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANO9VGEJ4kyB4JBDNfLULDyI4V9VMVOkjBlHvBJUIdP6j3s62GEF
bWZKfniwPLc+ajPKzTNqaHp2PjWl9RpOuToSHCXj9A5bhPJsMPHK6zV8Njueha6k
gAF/RNA8B3mt3QSkNgDXCIoo4JVbAlT+DzJbj5MFezDnZCq5A8HoaB4Ev0REDhHU
jKjAgRPx4tLRZ+RjRqoVZTT64+M8iivp9IUwSw1VtnBkaPezGC2p3me+M0Ae7Zc3
yEh9cS5IM6BN3AvmV/aowB6vQyNO/tFVZ7zPru9BY+4GtiXw4MyBY5C6c6roG0Ui
4Vg0vOy99DIiYYmOR5GPub2LdSDIp/oMIacCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRqPxxsr+uQKidiysZgwLrphNkhBzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMDBjZGJjNmMtOWE4Ni00ZDdiLTgwYjctYjc0ODVkMmQ3MmVhLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAI568Saw8KqyKU7S
UXQ/RKCwpz6a6jwNDN3ei4HnbVqe+ZBY8gd6Do1SR3JYvwfn00ji/MwHNZHU4abn
Zb9XR/735gAMbPOxVxtY/HPQSOwJ3AxiHcTDEgL2DFvMV7Rk+iB26WKg2tJZ+4iL
pM3gmtMzQrfFjJs1hdZkI45hq0dFb7jAgTiolMwJ7yUSN2ZRJlUotnk6xjXZA2kz
0BUr9F7npe8dDsqgnU8VoXoUfhmwEiRGinC+dUEnv5z5Ynx9todnMACV/Pf5h11j
BsVnWHCWIQ13bVfp8gf5LZYVzoE4ABHlsh9S8FPlwEZglpfxrMkQj7jOJF6D/e6e
3BkbxYk=
-----END CERTIFICATE-----