Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/068f5e65-6cfe-47f8-8cbb-03765b5dc65a.roa
File:                     068f5e65-6cfe-47f8-8cbb-03765b5dc65a.roa (raw, json)
Hash identifier:          dmMIn8S4LTBfxzXQVeIkERnjn99m2Y6alurUUmBGpRQ=
Subject key identifier:   83:D0:C3:E9:28:F3:63:D8:50:A4:AD:90:F8:5F:C7:83:C7:A1:59:DA
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       31FF0420DAAD33691C69E82D3A2D24C1C6A7C92D
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/068f5e65-6cfe-47f8-8cbb-03765b5dc65a.roa
Signing time:             Thu 13 Apr 2023 00:00:00 +0000
ROA not before:           Thu 13 Apr 2023 00:00:00 +0000
ROA not after:            Sun 16 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:ff:04:20:da:ad:33:69:1c:69:e8:2d:3a:2d:24:c1:c6:a7:c9:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 13 00:00:00 2023 GMT
            Not After : Apr 16 23:59:59 2023 GMT
        Subject: serialNumber=93e3e5338e532d13535e567ea9d52aa76bb67cd887ffcfc3795a2779801fb0e4, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:0d:ed:9a:13:25:d8:9c:4e:d0:63:b4:f1:dc:
                    bf:e0:8d:28:c3:f2:64:4c:51:94:cd:ea:46:ba:c1:
                    d9:28:3c:55:7c:af:09:08:2b:d4:b2:41:b9:7f:be:
                    78:10:5b:dc:4e:7c:ac:8e:ce:f0:6a:5c:0b:dd:ea:
                    3e:a1:58:3e:d9:c3:dc:fc:7f:47:12:91:2c:32:1e:
                    46:de:1e:00:37:83:8f:e6:e2:73:21:06:5b:10:79:
                    ef:0b:5e:04:06:e4:d6:09:dd:c3:9b:53:31:79:2c:
                    e3:ff:38:cb:68:dd:f4:f6:b8:e6:b9:ec:ee:4f:19:
                    ec:e7:f2:89:7b:1d:7d:52:8c:b8:79:ce:cc:7b:36:
                    4b:e2:cf:aa:16:83:2d:45:57:4e:21:88:47:e7:d5:
                    99:38:dc:fc:c3:e5:3b:eb:6e:95:93:10:08:4f:93:
                    a3:1b:98:a4:e3:bb:e7:e0:79:7e:e6:17:f4:a8:e0:
                    5b:1e:d6:a9:2b:ff:59:38:27:32:8a:eb:26:41:5c:
                    52:26:a3:d2:e5:ec:25:66:12:71:a5:a8:38:4a:5b:
                    63:22:f7:a4:ef:14:a4:64:3f:6a:c0:e3:2e:0c:b2:
                    7a:1e:48:12:7f:9b:48:45:62:84:b0:02:8e:f3:66:
                    ee:17:94:e9:59:5f:8f:d0:a1:f7:24:0f:0a:44:87:
                    60:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:D0:C3:E9:28:F3:63:D8:50:A4:AD:90:F8:5F:C7:83:C7:A1:59:DA
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/068f5e65-6cfe-47f8-8cbb-03765b5dc65a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:e4:ce:fc:95:41:2d:93:df:f8:86:5e:c2:ff:dc:03:0f:48:
         6d:3c:d4:7d:d9:ed:5c:10:c0:98:72:85:42:8a:12:35:44:64:
         33:82:27:f7:9a:21:bb:bc:2d:19:63:01:8c:0e:d5:b4:b4:0d:
         b0:7c:6d:b7:c3:52:99:fd:0a:36:a9:7a:4f:00:3a:fa:f1:ef:
         e7:b7:9e:de:e6:dc:2e:81:04:6f:40:dc:f2:f9:3a:4e:6c:ba:
         08:3a:87:da:b0:df:e2:99:95:97:2c:0f:84:d8:91:8b:e6:a7:
         02:50:f1:cc:96:79:d9:b8:be:9b:15:a2:1b:f8:f0:35:c4:ae:
         4b:ed:64:19:b5:bc:92:b8:39:65:bf:01:bc:92:43:d2:31:ad:
         9f:54:2c:c2:81:da:d3:99:6b:f0:05:05:e7:37:a6:e5:10:69:
         8e:b9:94:26:3f:95:1c:97:db:b6:57:a9:1f:d6:6a:ce:91:17:
         43:bb:ac:6b:b9:86:cb:7e:34:de:0a:d5:46:65:97:fa:69:14:
         a5:ac:c9:75:c6:5d:b2:2e:8a:1f:68:e2:14:ad:04:45:e8:f5:
         1f:9c:71:ec:b2:13:94:a6:e0:cd:c1:f8:ad:3e:b0:c2:f4:e6:
         2a:b0:da:39:69:f6:21:43:70:a0:a4:e9:66:da:6d:e4:05:a2:
         8c:45:82:ba
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUMf8EINqtM2kcaegtOi0kwcanyS0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDEzMDAwMDAwWhcNMjMwNDE2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAOTNlM2U1MzM4ZTUzMmQxMzUzNWU1NjdlYTlkNTJhYTc2
YmI2N2NkODg3ZmZjZmMzNzk1YTI3Nzk4MDFmYjBlNDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAN8N7ZoTJdicTtBjtPHcv+CNKMPyZExRlM3qRrrB2Sg8VXyvCQgr
1LJBuX++eBBb3E58rI7O8GpcC93qPqFYPtnD3Px/RxKRLDIeRt4eADeDj+bicyEG
WxB57wteBAbk1gndw5tTMXks4/84y2jd9Pa45rns7k8Z7OfyiXsdfVKMuHnOzHs2
S+LPqhaDLUVXTiGIR+fVmTjc/MPlO+tulZMQCE+ToxuYpOO75+B5fuYX9KjgWx7W
qSv/WTgnMorrJkFcUiaj0uXsJWYScaWoOEpbYyL3pO8UpGQ/asDjLgyyeh5IEn+b
SEVihLACjvNm7heU6Vlfj9Ch9yQPCkSHYG0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSD0MPpKPNj2FCkrZD4X8eDx6FZ2jAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMDY4ZjVlNjUtNmNmZS00N2Y4LThjYmItMDM3NjViNWRjNjVhLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEHkzvyVQS2T3/iG
XsL/3AMPSG081H3Z7VwQwJhyhUKKEjVEZDOCJ/eaIbu8LRljAYwO1bS0DbB8bbfD
Upn9Cjapek8AOvrx7+e3nt7m3C6BBG9A3PL5Ok5sugg6h9qw3+KZlZcsD4TYkYvm
pwJQ8cyWedm4vpsVohv48DXErkvtZBm1vJK4OWW/AbySQ9IxrZ9ULMKB2tOZa/AF
Bec3puUQaY65lCY/lRyX27ZXqR/Was6RF0O7rGu5hst+NN4K1UZll/ppFKWsyXXG
XbIuih9o4hStBEXo9R+cceyyE5Sm4M3B+K0+sML05iqw2jlp9iFDcKCk6WbabeQF
ooxFgro=
-----END CERTIFICATE-----