Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/02f668e7-ea3f-4bc1-9b4c-59a5749ea003.roa
File:                     02f668e7-ea3f-4bc1-9b4c-59a5749ea003.roa (raw, json)
Hash identifier:          Hd3TZxbsP/g1KeFXQY8K/+fYeAUs260s5tINM4obcJw=
Subject key identifier:   9B:49:1F:5E:65:DC:DD:F3:A6:B3:B9:76:56:AA:5C:7C:D8:1A:74:84
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       46211FE9DF14CA4BBD89ADE9948C25A2C8CC6BFF
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/02f668e7-ea3f-4bc1-9b4c-59a5749ea003.roa
Signing time:             Sat 22 Apr 2023 00:00:00 +0000
ROA not before:           Sat 22 Apr 2023 00:00:00 +0000
ROA not after:            Tue 25 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:21:1f:e9:df:14:ca:4b:bd:89:ad:e9:94:8c:25:a2:c8:cc:6b:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 22 00:00:00 2023 GMT
            Not After : Apr 25 23:59:59 2023 GMT
        Subject: serialNumber=2df2112c0fda7f2a3ad1b495157ca2306fb3c20b88a0c59fbcde2f9979218591, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:96:6d:76:6b:31:b0:81:fe:29:8c:40:8d:12:
                    7b:55:4c:32:08:7e:be:f3:64:e0:2f:f3:31:51:62:
                    09:17:19:ca:25:0d:12:4c:ed:8e:9c:a7:90:05:91:
                    99:7d:f3:db:15:37:5f:af:bc:b8:07:21:0a:f5:b6:
                    da:25:d8:9e:c2:ae:28:4e:9a:c3:06:53:17:f8:62:
                    21:06:b0:32:4d:63:d8:73:b4:5a:f0:33:d6:9d:8b:
                    c8:b2:c2:5c:49:f3:a3:5e:8e:c4:d1:1b:32:94:62:
                    e0:42:8c:a1:29:79:01:b3:94:68:37:e6:2b:a2:92:
                    ad:30:7a:ba:da:2d:e2:57:f5:a3:b8:cf:48:e4:cd:
                    bd:19:39:f9:65:79:f5:41:bf:d8:41:9e:1d:36:ac:
                    88:1e:8c:36:0c:36:fe:39:96:fc:b5:72:a8:36:d1:
                    37:b5:94:a8:34:4d:80:40:1b:e9:0a:ca:9b:ab:00:
                    4e:45:1c:57:25:7c:f7:36:a8:e6:50:2a:58:65:85:
                    00:84:43:7e:9b:fb:70:6a:19:27:37:d7:5c:93:4e:
                    75:8b:ec:a7:0b:3d:2f:34:21:06:74:46:ee:2d:9c:
                    05:8c:09:fa:e0:b4:9c:2a:4b:30:86:6d:75:b6:57:
                    a7:11:74:a2:ff:0c:4a:f3:9e:66:b2:af:c1:75:07:
                    e3:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:49:1F:5E:65:DC:DD:F3:A6:B3:B9:76:56:AA:5C:7C:D8:1A:74:84
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/02f668e7-ea3f-4bc1-9b4c-59a5749ea003.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:c5:27:a7:69:9c:d8:fc:ce:80:17:5b:da:66:a8:61:52:bd:
         35:ba:fa:a9:88:3e:fc:04:1a:89:38:41:0b:92:97:a1:6a:87:
         8e:31:18:46:0b:58:f7:12:e0:34:5d:88:fd:02:26:93:07:6c:
         1a:12:bf:83:1f:32:d6:2a:03:91:1f:42:74:4b:a5:8b:af:f5:
         6f:91:b6:4e:9e:b4:a5:69:03:cd:c0:77:ce:ff:e0:be:2d:a2:
         3b:eb:35:1e:ac:02:d2:8e:87:7d:e6:37:fe:06:ed:0b:81:19:
         6c:fc:58:7b:dc:b1:dd:43:c1:68:f9:21:11:2a:35:1b:22:7c:
         81:eb:2d:c5:39:51:cb:54:c2:31:0e:ae:75:3f:b1:0b:07:49:
         2d:21:ab:f0:1b:9f:42:c6:bc:bb:c2:67:47:09:1c:0f:85:5a:
         79:24:8f:2e:d6:6d:b4:bd:5f:56:cc:97:f3:0b:5d:dc:2b:95:
         77:25:7a:5b:23:15:d1:02:21:05:aa:10:62:b2:03:a8:7a:7c:
         d6:80:f5:2b:75:24:26:f4:ca:bd:78:14:db:2d:2d:bf:6b:14:
         32:19:a4:95:55:90:ff:4d:03:10:9f:b0:04:6b:cc:d7:d2:5f:
         47:7e:76:34:1a:05:d0:2a:a2:bf:6b:6b:7e:91:b3:12:4d:56:
         16:da:38:17
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIURiEf6d8Uyku9ia3plIwlosjMa/8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDIyMDAwMDAwWhcNMjMwNDI1MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMmRmMjExMmMwZmRhN2YyYTNhZDFiNDk1MTU3Y2EyMzA2
ZmIzYzIwYjg4YTBjNTlmYmNkZTJmOTk3OTIxODU5MTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALaWbXZrMbCB/imMQI0Se1VMMgh+vvNk4C/zMVFiCRcZyiUNEkzt
jpynkAWRmX3z2xU3X6+8uAchCvW22iXYnsKuKE6awwZTF/hiIQawMk1j2HO0WvAz
1p2LyLLCXEnzo16OxNEbMpRi4EKMoSl5AbOUaDfmK6KSrTB6utot4lf1o7jPSOTN
vRk5+WV59UG/2EGeHTasiB6MNgw2/jmW/LVyqDbRN7WUqDRNgEAb6QrKm6sATkUc
VyV89zao5lAqWGWFAIRDfpv7cGoZJzfXXJNOdYvspws9LzQhBnRG7i2cBYwJ+uC0
nCpLMIZtdbZXpxF0ov8MSvOeZrKvwXUH400CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSbSR9eZdzd86azuXZWqlx82Bp0hDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMDJmNjY4ZTctZWEzZi00YmMxLTliNGMtNTlhNTc0OWVhMDAzLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEnFJ6dpnNj8zoAX
W9pmqGFSvTW6+qmIPvwEGok4QQuSl6Fqh44xGEYLWPcS4DRdiP0CJpMHbBoSv4Mf
MtYqA5EfQnRLpYuv9W+Rtk6etKVpA83Ad87/4L4tojvrNR6sAtKOh33mN/4G7QuB
GWz8WHvcsd1DwWj5IREqNRsifIHrLcU5UctUwjEOrnU/sQsHSS0hq/Abn0LGvLvC
Z0cJHA+FWnkkjy7WbbS9X1bMl/MLXdwrlXclelsjFdECIQWqEGKyA6h6fNaA9St1
JCb0yr14FNstLb9rFDIZpJVVkP9NAxCfsARrzNfSX0d+djQaBdAqor9ra36RsxJN
VhbaOBc=
-----END CERTIFICATE-----