Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/01c9458f-34d0-408e-9fe7-da4469ea9d93.roa
File:                     01c9458f-34d0-408e-9fe7-da4469ea9d93.roa (raw, json)
Hash identifier:          8eo1RCA1KGPPAVhSqE9cgxta8BQQBspHb9r5SdBEfOo=
Subject key identifier:   A7:F5:CC:67:18:0F:1A:A2:73:0E:F8:5D:79:AF:4C:87:64:A8:6D:C8
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       41D3C80CE9B223D09240C3A29B4BDE7FC48C3A2C
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/01c9458f-34d0-408e-9fe7-da4469ea9d93.roa
Signing time:             Mon 13 Mar 2023 00:00:00 +0000
ROA not before:           Mon 13 Mar 2023 00:00:00 +0000
ROA not after:            Thu 16 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:d3:c8:0c:e9:b2:23:d0:92:40:c3:a2:9b:4b:de:7f:c4:8c:3a:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 13 00:00:00 2023 GMT
            Not After : Mar 16 23:59:59 2023 GMT
        Subject: serialNumber=2fccbd71f85dd5c45cd5ee9ce1ca72cc40211f85042a0230db46311421f4c6c1, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:41:e3:12:08:af:13:fc:c6:71:5f:51:aa:32:
                    af:6b:03:ad:5f:3f:4b:e4:49:30:76:01:9e:00:14:
                    1c:8e:fe:8b:be:49:2b:77:8a:4a:a7:1c:3a:84:4a:
                    f4:b8:42:f0:86:7d:02:e6:0b:0a:68:08:3f:da:06:
                    e1:0e:17:a3:3e:bd:24:3e:3a:f9:37:9d:9c:3c:5f:
                    67:36:38:5b:98:95:99:ed:10:e9:88:5e:90:ad:8b:
                    dc:1a:17:9a:ec:58:f0:ae:f8:cd:8e:8e:e6:e6:5a:
                    cd:02:fd:5b:b3:cf:a1:94:c1:33:e1:60:45:fd:07:
                    9e:76:d5:3f:c6:ce:94:ba:22:fd:b0:39:22:84:1e:
                    b7:be:f1:de:f4:85:b2:3b:92:d4:f8:03:57:fc:a4:
                    be:7d:44:63:4b:4a:57:db:dd:da:2f:8f:87:29:5b:
                    43:1c:f0:80:ce:55:78:09:a3:f2:45:25:a0:ea:d4:
                    7b:8c:a6:40:d5:ec:f8:08:3e:8f:2f:83:a8:86:fa:
                    74:30:28:1a:da:44:37:8b:6f:25:74:5e:4c:28:bb:
                    ec:2d:e5:7e:2f:45:f3:f9:73:c4:32:6e:de:9f:84:
                    26:7c:7a:80:d9:b9:75:44:48:8d:b0:02:c9:c1:01:
                    04:e9:0e:4c:49:19:f3:0d:f6:e0:b7:c4:f8:5c:d6:
                    63:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:F5:CC:67:18:0F:1A:A2:73:0E:F8:5D:79:AF:4C:87:64:A8:6D:C8
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/01c9458f-34d0-408e-9fe7-da4469ea9d93.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:ff:f3:c4:2b:60:02:4b:da:be:fc:d4:99:09:68:c3:b7:f1:
         d3:2f:e2:b8:46:7c:c5:ad:8e:9b:fa:d9:45:6f:23:17:f4:e8:
         aa:a8:84:e4:92:5f:8e:fa:ed:5e:32:5c:05:3e:a2:d9:61:5f:
         67:1d:13:f0:51:60:77:64:34:84:67:f3:eb:27:cd:b2:5b:e1:
         45:8e:dd:88:ed:11:df:1e:19:ba:50:d7:40:73:77:66:34:43:
         3f:6a:42:f7:d5:ac:7b:49:a1:e8:3c:10:2c:dc:6b:23:03:dd:
         98:91:96:d2:65:2e:ca:2f:ec:ed:36:9e:38:55:68:02:f1:eb:
         73:d0:e8:5f:14:dd:bc:b1:f8:e9:fd:e0:f8:80:02:10:87:e8:
         43:24:8d:30:7a:8d:c2:8e:99:ea:36:8c:5e:54:e2:46:fa:89:
         b1:6f:b4:03:66:ee:79:5c:1b:e1:54:61:4b:d6:6e:0c:49:80:
         90:a1:cd:c8:6f:68:56:0d:d3:f7:73:c4:b4:c6:10:5f:3c:fe:
         a7:0e:a9:11:93:a2:8f:52:fa:2a:b9:6a:e7:ec:30:22:80:59:
         ce:81:08:e9:9e:84:3f:74:d8:aa:8f:73:14:99:7f:8f:39:a5:
         d1:0a:1a:a4:7b:54:03:d0:e1:f7:be:ee:a7:5b:ff:6b:3e:8e:
         bd:cb:00:39
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUQdPIDOmyI9CSQMOim0vef8SMOiwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzEzMDAwMDAwWhcNMjMwMzE2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMmZjY2JkNzFmODVkZDVjNDVjZDVlZTljZTFjYTcyY2M0
MDIxMWY4NTA0MmEwMjMwZGI0NjMxMTQyMWY0YzZjMTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANVB4xIIrxP8xnFfUaoyr2sDrV8/S+RJMHYBngAUHI7+i75JK3eK
SqccOoRK9LhC8IZ9AuYLCmgIP9oG4Q4Xoz69JD46+TednDxfZzY4W5iVme0Q6Yhe
kK2L3BoXmuxY8K74zY6O5uZazQL9W7PPoZTBM+FgRf0HnnbVP8bOlLoi/bA5IoQe
t77x3vSFsjuS1PgDV/ykvn1EY0tKV9vd2i+PhylbQxzwgM5VeAmj8kUloOrUe4ym
QNXs+Ag+jy+DqIb6dDAoGtpEN4tvJXReTCi77C3lfi9F8/lzxDJu3p+EJnx6gNm5
dURIjbACycEBBOkOTEkZ8w324LfE+FzWY3MCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSn9cxnGA8aonMO+F15r0yHZKhtyDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMDFjOTQ1OGYtMzRkMC00MDhlLTlmZTctZGE0NDY5ZWE5ZDkzLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKT/88QrYAJL2r78
1JkJaMO38dMv4rhGfMWtjpv62UVvIxf06KqohOSSX4767V4yXAU+otlhX2cdE/BR
YHdkNIRn8+snzbJb4UWO3YjtEd8eGbpQ10Bzd2Y0Qz9qQvfVrHtJoeg8ECzcayMD
3ZiRltJlLsov7O02njhVaALx63PQ6F8U3byx+On94PiAAhCH6EMkjTB6jcKOmeo2
jF5U4kb6ibFvtANm7nlcG+FUYUvWbgxJgJChzchvaFYN0/dzxLTGEF88/qcOqRGT
oo9S+iq5aufsMCKAWc6BCOmehD902KqPcxSZf485pdEKGqR7VAPQ4fe+7qdb/2s+
jr3LADk=
-----END CERTIFICATE-----