Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/091ca6aa-0a02-48df-9cbe-c9c1e4250332.roa
File:                     091ca6aa-0a02-48df-9cbe-c9c1e4250332.roa (raw, json)
Hash identifier:          D92Qgo+W2bq3SqBmkWHme3+fI5qvibMc6tUp9zHcMSc=
Subject key identifier:   E2:26:C4:D3:36:1B:7E:3A:D4:B2:73:C4:E5:22:F3:3A:BB:59:1D:69
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       0D82FD49D1F72A1781443033E7EE01D47D8AC504
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/091ca6aa-0a02-48df-9cbe-c9c1e4250332.roa
Signing time:             Sat 08 Apr 2023 00:00:00 +0000
ROA not before:           Sat 08 Apr 2023 00:00:00 +0000
ROA not after:            Tue 11 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:82:fd:49:d1:f7:2a:17:81:44:30:33:e7:ee:01:d4:7d:8a:c5:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr  8 00:00:00 2023 GMT
            Not After : Apr 11 23:59:59 2023 GMT
        Subject: serialNumber=adb4d3b64c23aa40975d743b3f1bd102f6966d6f68a76b0f9e3591e2e019911c, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:0b:c7:d2:a0:1a:9b:49:10:8d:d2:c6:1a:8e:
                    f9:24:b1:d3:07:c1:27:d6:65:5a:94:88:6e:7b:56:
                    15:4f:3e:35:a4:12:66:95:c0:11:06:f1:b0:8b:65:
                    eb:d4:19:80:00:78:ce:08:e0:2e:a3:a9:b1:71:61:
                    ea:20:12:20:67:91:13:3a:93:53:ca:24:f7:a8:d3:
                    54:14:35:4b:49:1c:e7:0d:f1:61:9d:64:ba:87:52:
                    70:e4:11:87:9b:9f:82:e1:a1:ff:10:9f:48:25:6c:
                    36:ac:8b:3a:ec:b7:6f:65:9b:9a:cb:df:ae:39:1d:
                    43:ef:4c:53:48:14:7c:a1:40:75:8f:6e:80:4c:3d:
                    0e:e0:78:42:80:f7:37:e0:ff:5c:f4:2b:77:80:4e:
                    1f:75:c6:c6:9d:1d:7a:fd:af:45:3a:53:2c:85:55:
                    6e:96:e3:e8:7f:22:6e:25:15:88:6b:6c:d6:b8:29:
                    94:87:63:72:ce:b4:58:cc:6c:28:05:7c:51:7d:fd:
                    ed:cc:50:e1:29:97:c1:5c:8e:6d:f8:e1:ed:63:e0:
                    ac:cb:e2:a1:49:e9:b3:d2:94:82:7b:90:df:c4:37:
                    94:51:0f:3a:50:a1:71:24:f1:86:31:0b:8c:e5:41:
                    00:d5:f9:3d:b3:31:42:62:05:36:33:16:d6:9e:66:
                    ba:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:26:C4:D3:36:1B:7E:3A:D4:B2:73:C4:E5:22:F3:3A:BB:59:1D:69
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/091ca6aa-0a02-48df-9cbe-c9c1e4250332.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:71:1a:c4:00:37:b8:05:89:4e:9e:78:cd:8f:af:46:35:85:
         68:dc:a8:95:20:4a:d1:e2:86:9b:82:d8:3a:b3:96:86:09:2d:
         9d:f1:9e:d3:08:90:8f:fb:c0:3e:17:49:4a:a2:97:07:d1:96:
         07:eb:b5:1b:9d:08:40:2d:f6:62:77:0c:27:97:63:51:15:7c:
         2e:9d:76:14:06:c2:f2:ae:49:3d:3a:ab:73:9a:92:65:92:84:
         84:02:5b:8e:1d:c4:98:87:df:d7:96:69:50:44:69:d5:7b:d3:
         e6:d0:04:1d:6f:72:48:71:68:18:ed:10:6b:e0:3f:07:4f:86:
         92:0f:81:9b:10:46:d8:59:27:9d:43:6e:1c:1c:83:f5:96:c7:
         a8:d3:2a:20:92:38:98:23:b0:85:4f:9d:4f:0e:91:b2:39:66:
         9f:88:bd:b4:2d:64:92:08:e0:e6:d2:f6:83:ea:af:0e:e5:ac:
         49:c5:1b:5d:84:fd:55:de:7b:e7:de:c7:94:23:56:1c:8d:a3:
         a8:c9:f0:ba:18:30:f0:34:90:f4:3f:58:29:b1:07:22:69:0f:
         a2:ff:75:01:66:f6:53:19:a7:2f:4f:f4:c5:c4:a9:4f:ca:52:
         02:8c:18:b1:34:57:1c:cd:69:26:8d:ae:97:31:7b:e1:69:b0:
         d0:4a:26:a7
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUDYL9SdH3KheBRDAz5+4B1H2KxQQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDA4MDAwMDAwWhcNMjMwNDExMjM1OTU5
WjCBpTFJMEcGA1UEBRNAYWRiNGQzYjY0YzIzYWE0MDk3NWQ3NDNiM2YxYmQxMDJm
Njk2NmQ2ZjY4YTc2YjBmOWUzNTkxZTJlMDE5OTExYzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAI4Lx9KgGptJEI3SxhqO+SSx0wfBJ9ZlWpSIbntWFU8+NaQSZpXA
EQbxsItl69QZgAB4zgjgLqOpsXFh6iASIGeREzqTU8ok96jTVBQ1S0kc5w3xYZ1k
uodScOQRh5ufguGh/xCfSCVsNqyLOuy3b2WbmsvfrjkdQ+9MU0gUfKFAdY9ugEw9
DuB4QoD3N+D/XPQrd4BOH3XGxp0dev2vRTpTLIVVbpbj6H8ibiUViGts1rgplIdj
cs60WMxsKAV8UX397cxQ4SmXwVyObfjh7WPgrMvioUnps9KUgnuQ38Q3lFEPOlCh
cSTxhjELjOVBANX5PbMxQmIFNjMW1p5mukMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTiJsTTNht+OtSyc8TlIvM6u1kdaTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMDkxY2E2YWEtMGEwMi00OGRmLTljYmUtYzljMWU0MjUwMzMyLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADtxGsQAN7gFiU6e
eM2Pr0Y1hWjcqJUgStHihpuC2DqzloYJLZ3xntMIkI/7wD4XSUqilwfRlgfrtRud
CEAt9mJ3DCeXY1EVfC6ddhQGwvKuST06q3OakmWShIQCW44dxJiH39eWaVBEadV7
0+bQBB1vckhxaBjtEGvgPwdPhpIPgZsQRthZJ51Dbhwcg/WWx6jTKiCSOJgjsIVP
nU8OkbI5Zp+IvbQtZJII4ObS9oPqrw7lrEnFG12E/VXee+fex5QjVhyNo6jJ8LoY
MPA0kPQ/WCmxByJpD6L/dQFm9lMZpy9P9MXEqU/KUgKMGLE0VxzNaSaNrpcxe+Fp
sNBKJqc=
-----END CERTIFICATE-----