Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0eb3da6a-64b8-46f1-8570-05b8bea6cf40.roa
File:                     0eb3da6a-64b8-46f1-8570-05b8bea6cf40.roa (raw, json)
Hash identifier:          rNf2t8prVV0R0+9+h/JDJqgc88oUGW12rT1qh+ZuHGU=
Subject key identifier:   3E:87:C4:CA:6C:BB:4C:B5:C6:F4:45:EC:97:F0:00:66:A7:1F:35:C9
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       556D016FC734670756D28F1C69ECFEAB4BB0546E
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0eb3da6a-64b8-46f1-8570-05b8bea6cf40.roa
Signing time:             Tue 17 Jan 2023 00:00:00 +0000
ROA not before:           Tue 17 Jan 2023 00:00:00 +0000
ROA not after:            Fri 20 Jan 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:6d:01:6f:c7:34:67:07:56:d2:8f:1c:69:ec:fe:ab:4b:b0:54:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jan 17 00:00:00 2023 GMT
            Not After : Jan 20 23:59:59 2023 GMT
        Subject: serialNumber=b2be197231f979e636d9e0a08ee09653335de9a5a044ecd153be87767f2f54ec, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:19:2f:d0:36:ca:6a:be:ca:5a:e7:eb:77:80:
                    e2:6b:dd:4b:6b:31:4a:26:4a:9d:2e:c1:cc:44:98:
                    cc:3a:4f:10:28:4a:9d:42:cc:f1:2a:fc:82:c5:72:
                    11:b6:b6:2e:f2:93:33:13:9a:a5:3f:3c:e9:29:51:
                    1b:32:ac:d2:3a:e9:24:20:9d:4a:df:11:13:62:80:
                    32:b4:8b:5f:f9:33:b5:54:2e:db:f9:1f:b1:b4:b9:
                    04:05:71:0f:2c:e3:8c:9e:62:8d:16:3a:55:4d:c6:
                    87:18:d6:05:c7:5e:13:91:29:aa:67:03:4c:62:fb:
                    0b:ca:4f:73:7b:d7:79:d2:f1:b7:c9:b7:d0:7f:cf:
                    22:0a:24:0c:a7:72:1e:91:7f:69:98:7e:6e:1c:4f:
                    dc:5a:f3:62:ed:d8:b8:6d:fa:f7:7b:0b:7c:eb:e9:
                    d4:72:e0:48:96:37:9a:1d:30:43:71:02:f1:24:80:
                    80:9a:83:ce:a0:c8:a5:e0:be:ed:4c:b2:a2:8c:0b:
                    f8:d8:cc:f6:f9:aa:19:f7:0c:c0:78:f5:55:85:fc:
                    57:76:91:81:b4:6a:d2:a2:5e:c4:e8:5b:86:3e:56:
                    22:d5:71:6d:e9:f2:7c:ec:cd:62:82:6c:38:c0:e3:
                    c3:a3:b3:e3:c9:9e:e7:3e:85:fe:50:c5:9e:c7:4a:
                    13:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:87:C4:CA:6C:BB:4C:B5:C6:F4:45:EC:97:F0:00:66:A7:1F:35:C9
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0eb3da6a-64b8-46f1-8570-05b8bea6cf40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:bb:99:74:13:d3:54:e3:8f:51:8d:ad:e0:3f:5e:44:44:c9:
         80:b8:57:c1:7c:8c:8b:82:c0:4c:70:13:52:fc:08:e0:f5:7d:
         f7:68:59:2a:c1:1c:b9:e0:3b:3b:26:53:ea:d4:35:5e:f2:9b:
         89:d1:45:8c:44:72:80:06:1b:df:c6:d3:81:a6:35:4f:76:7f:
         56:36:a7:af:d0:c6:f2:77:8c:df:76:09:90:bd:6e:7f:ff:1b:
         65:57:bc:60:4b:2e:22:75:00:73:d4:7a:2e:34:3b:b3:77:cf:
         f1:cc:e9:db:f6:59:67:5e:09:e9:b0:a8:c7:d3:d7:81:d5:9b:
         02:fe:48:9d:e7:75:b7:ce:5c:ec:b5:d1:03:14:08:92:5c:02:
         e2:06:fd:03:9e:a2:6d:7a:71:ca:f4:84:3c:08:d6:80:bc:2e:
         3f:28:99:88:a2:3b:06:d1:f6:93:e3:f8:8b:e5:30:75:d1:24:
         8a:a3:7d:f8:85:94:0b:4d:58:02:0d:e0:62:92:08:92:24:02:
         cf:bf:e8:08:3c:1e:a8:6c:9d:c3:99:8b:24:21:27:15:78:dd:
         ce:64:b4:4d:e5:56:61:3e:23:e4:8d:81:4f:d7:ed:14:da:0c:
         99:b3:19:b5:b1:a3:2d:a9:2d:07:02:4e:87:0c:bd:22:b0:a3:
         51:12:da:b5
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUVW0Bb8c0ZwdW0o8caez+q0uwVG4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMTE3MDAwMDAwWhcNMjMwMTIwMjM1OTU5
WjCBpTFJMEcGA1UEBRNAYjJiZTE5NzIzMWY5NzllNjM2ZDllMGEwOGVlMDk2NTMz
MzVkZTlhNWEwNDRlY2QxNTNiZTg3NzY3ZjJmNTRlYzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMsZL9A2ymq+ylrn63eA4mvdS2sxSiZKnS7BzESYzDpPEChKnULM
8Sr8gsVyEba2LvKTMxOapT886SlRGzKs0jrpJCCdSt8RE2KAMrSLX/kztVQu2/kf
sbS5BAVxDyzjjJ5ijRY6VU3GhxjWBcdeE5EpqmcDTGL7C8pPc3vXedLxt8m30H/P
IgokDKdyHpF/aZh+bhxP3FrzYu3YuG3693sLfOvp1HLgSJY3mh0wQ3EC8SSAgJqD
zqDIpeC+7UyyoowL+NjM9vmqGfcMwHj1VYX8V3aRgbRq0qJexOhbhj5WItVxbeny
fOzNYoJsOMDjw6Oz48me5z6F/lDFnsdKE2MCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQ+h8TKbLtMtcb0ReyX8ABmpx81yTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMGViM2RhNmEtNjRiOC00NmYxLTg1NzAtMDViOGJlYTZjZjQwLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAH+7mXQT01Tjj1GN
reA/XkREyYC4V8F8jIuCwExwE1L8COD1ffdoWSrBHLngOzsmU+rUNV7ym4nRRYxE
coAGG9/G04GmNU92f1Y2p6/QxvJ3jN92CZC9bn//G2VXvGBLLiJ1AHPUei40O7N3
z/HM6dv2WWdeCemwqMfT14HVmwL+SJ3ndbfOXOy10QMUCJJcAuIG/QOeom16ccr0
hDwI1oC8Lj8omYiiOwbR9pPj+IvlMHXRJIqjffiFlAtNWAIN4GKSCJIkAs+/6Ag8
HqhsncOZiyQhJxV43c5ktE3lVmE+I+SNgU/X7RTaDJmzGbWxoy2pLQcCTocMvSKw
o1ES2rU=
-----END CERTIFICATE-----