Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0101e0f3-b54d-45a9-961a-7a03a6961a51.roa
File:                     0101e0f3-b54d-45a9-961a-7a03a6961a51.roa (raw, json)
Hash identifier:          P1T0F8m+jgekqBjxHxnZlOYeDg5As4vds5OUBFpc3Og=
Subject key identifier:   86:91:6A:5F:5C:47:CD:0D:4A:F6:62:26:B6:B6:32:C9:8B:C6:D9:41
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       2E0D33259CBFF9098421FC552D22A216B4602E48
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0101e0f3-b54d-45a9-961a-7a03a6961a51.roa
Signing time:             Sat 25 Feb 2023 00:00:00 +0000
ROA not before:           Sat 25 Feb 2023 00:00:00 +0000
ROA not after:            Tue 28 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:0d:33:25:9c:bf:f9:09:84:21:fc:55:2d:22:a2:16:b4:60:2e:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 25 00:00:00 2023 GMT
            Not After : Feb 28 23:59:59 2023 GMT
        Subject: serialNumber=db8abe1c5aee0c8eaed5f3c7cf523c5bd5944bd717608dd1f6634b4f4d949634, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:1b:14:29:2c:60:53:93:0b:8c:07:d4:ed:a9:
                    92:f7:38:3b:04:3b:91:4e:28:f1:b7:d2:32:0f:a9:
                    e3:3e:62:b3:8a:82:6b:57:60:a4:23:f1:cf:5b:d9:
                    aa:3d:fe:d7:01:a2:c9:ab:e7:80:75:1b:7a:13:12:
                    64:bb:f1:73:f0:ec:bf:78:a2:a2:da:ae:cf:00:88:
                    de:bd:c0:38:fd:a1:f6:15:b1:c8:fa:2e:75:ab:a5:
                    a7:40:7f:21:6e:95:3f:1c:c6:d1:ec:b4:ab:a5:01:
                    90:79:d1:a8:a6:ad:d9:2d:db:19:5a:6b:65:52:e2:
                    3b:20:9d:bd:1f:78:89:61:64:42:bf:84:8d:99:5e:
                    fa:c2:d5:af:1e:b9:0d:38:de:ac:e7:08:a5:c1:7c:
                    0a:66:12:76:27:7d:30:40:f9:e1:1c:cd:5e:8a:1f:
                    8c:7e:87:b5:88:39:ee:cf:ea:f5:60:fc:bc:3f:c6:
                    6f:1d:74:b9:d1:71:93:d8:f6:4f:99:a6:5f:22:00:
                    03:42:87:6b:8e:a3:95:95:6e:52:45:31:ed:89:b8:
                    74:46:85:60:19:06:ee:2d:59:9f:18:8a:4a:ff:95:
                    96:9e:e0:a7:bc:f9:c9:3d:f8:91:4e:f6:ab:2a:b5:
                    c6:f0:31:8f:ca:65:4c:44:a0:62:3c:60:d4:1f:ce:
                    f6:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:91:6A:5F:5C:47:CD:0D:4A:F6:62:26:B6:B6:32:C9:8B:C6:D9:41
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0101e0f3-b54d-45a9-961a-7a03a6961a51.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:95:af:36:38:01:f2:e3:cb:04:af:7c:87:03:cb:5d:40:3e:
         74:1e:c7:cf:94:70:2f:ac:ad:07:11:52:04:43:0c:6f:d8:09:
         66:60:f0:89:94:18:cc:4b:f3:df:09:d3:c3:8b:a1:d3:dc:c7:
         3c:64:c3:b0:9d:3d:cb:e2:8c:db:9e:e2:2a:d7:b3:c9:3b:36:
         1c:a8:aa:20:f7:8c:19:7f:10:41:eb:4d:23:47:c9:ae:11:04:
         a2:b0:1b:33:68:80:e7:c6:8a:da:75:2e:ce:b8:2d:0e:fe:6b:
         f8:40:6e:a3:a1:02:57:f8:19:44:12:c0:e7:5e:ea:5c:18:53:
         64:c9:d4:b9:2b:e4:aa:fa:3b:fb:29:64:ac:8b:f7:ae:ea:4c:
         ff:2f:a0:66:5e:d2:7d:1b:7b:22:68:e9:b4:75:21:75:7f:ee:
         0c:2e:de:cb:4f:cb:39:b6:0a:92:f5:88:b2:44:e3:d0:4f:c5:
         45:39:d7:f8:9c:cc:56:c7:9b:ae:12:3c:77:e7:2e:fa:60:99:
         b7:d0:c2:ca:19:51:7e:9b:d6:fa:36:3d:46:8c:1b:3d:5b:51:
         94:60:6f:6d:e9:e8:d6:e5:52:90:2c:c9:2b:a0:c0:86:26:cb:
         0e:42:7d:a0:36:89:1d:58:d6:5a:e5:b9:3b:f0:20:b9:5b:de:
         63:cf:ba:45
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIULg0zJZy/+QmEIfxVLSKiFrRgLkgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjI1MDAwMDAwWhcNMjMwMjI4MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZGI4YWJlMWM1YWVlMGM4ZWFlZDVmM2M3Y2Y1MjNjNWJk
NTk0NGJkNzE3NjA4ZGQxZjY2MzRiNGY0ZDk0OTYzNDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMEbFCksYFOTC4wH1O2pkvc4OwQ7kU4o8bfSMg+p4z5is4qCa1dg
pCPxz1vZqj3+1wGiyavngHUbehMSZLvxc/Dsv3iiotquzwCI3r3AOP2h9hWxyPou
daulp0B/IW6VPxzG0ey0q6UBkHnRqKat2S3bGVprZVLiOyCdvR94iWFkQr+EjZle
+sLVrx65DTjerOcIpcF8CmYSdid9MED54RzNXoofjH6HtYg57s/q9WD8vD/Gbx10
udFxk9j2T5mmXyIAA0KHa46jlZVuUkUx7Ym4dEaFYBkG7i1ZnxiKSv+Vlp7gp7z5
yT34kU72qyq1xvAxj8plTESgYjxg1B/O9icCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSGkWpfXEfNDUr2Yia2tjLJi8bZQTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMDEwMWUwZjMtYjU0ZC00NWE5LTk2MWEtN2EwM2E2OTYxYTUxLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAC6VrzY4AfLjywSv
fIcDy11APnQex8+UcC+srQcRUgRDDG/YCWZg8ImUGMxL898J08OLodPcxzxkw7Cd
PcvijNue4irXs8k7NhyoqiD3jBl/EEHrTSNHya4RBKKwGzNogOfGitp1Ls64LQ7+
a/hAbqOhAlf4GUQSwOde6lwYU2TJ1Lkr5Kr6O/spZKyL967qTP8voGZe0n0beyJo
6bR1IXV/7gwu3stPyzm2CpL1iLJE49BPxUU51/iczFbHm64SPHfnLvpgmbfQwsoZ
UX6b1vo2PUaMGz1bUZRgb23p6NblUpAsySugwIYmyw5CfaA2iR1Y1lrluTvwILlb
3mPPukU=
-----END CERTIFICATE-----