Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0fe672a7-6a77-4537-b5b3-f2f140d91d1c.roa
File:                     0fe672a7-6a77-4537-b5b3-f2f140d91d1c.roa (raw, json)
Hash identifier:          PPGjzFnwC7G+HKO6KvmvyluPzXHmSEll1s3la5dcLEw=
Subject key identifier:   32:FF:15:B5:16:DF:7B:0C:DD:7E:BF:F2:62:7F:F4:DC:09:77:B0:F3
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       04C0FA10F32A1D0D16E91E2C354FB39FA4217EB4
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0fe672a7-6a77-4537-b5b3-f2f140d91d1c.roa
Signing time:             Thu 13 Apr 2023 00:00:00 +0000
ROA not before:           Thu 13 Apr 2023 00:00:00 +0000
ROA not after:            Sun 16 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:c0:fa:10:f3:2a:1d:0d:16:e9:1e:2c:35:4f:b3:9f:a4:21:7e:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 13 00:00:00 2023 GMT
            Not After : Apr 16 23:59:59 2023 GMT
        Subject: serialNumber=4436a17a748eacaafa9e020ce6a8e333aa29f6319cc9683f5022a63749fca005, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:61:a7:3b:16:db:c8:85:77:a7:11:cb:af:29:
                    29:f8:aa:fc:fc:fd:7f:fe:d4:76:6e:85:cf:ad:ac:
                    14:2f:5d:75:8f:10:33:1b:8b:7e:5b:09:44:c3:b6:
                    b2:39:fe:c3:ef:14:1a:75:15:3c:50:de:3a:d4:13:
                    a0:13:e6:ae:27:f8:85:d3:75:32:76:6d:37:14:42:
                    58:3f:19:27:ba:bd:ce:d1:15:ba:ac:c9:c7:e0:10:
                    d3:1d:e3:c9:5a:f3:0d:4b:8e:e1:71:96:3e:d8:84:
                    9f:b3:9e:5c:a1:db:47:da:38:ba:5d:46:2d:e3:96:
                    49:07:cb:a2:75:1a:67:31:b1:50:ff:50:55:32:26:
                    51:47:f4:c9:e6:4f:8e:f7:76:4f:45:24:3b:74:51:
                    6e:97:28:5b:e0:97:5a:3a:c2:8e:7a:28:aa:1c:16:
                    9f:21:5f:3d:68:63:6d:06:43:78:e6:da:f0:02:b4:
                    72:eb:5b:5a:9b:07:dd:8f:a0:12:1e:8b:cd:ab:92:
                    97:bf:e8:90:5b:ae:89:7e:e2:c4:5d:83:01:0a:de:
                    ce:47:8f:31:0c:88:fa:c2:94:61:4f:78:b9:09:4b:
                    6e:90:b3:ed:7a:99:b0:26:b2:c7:db:c7:f8:c6:0e:
                    8c:85:e3:49:1b:06:e0:69:02:c9:eb:1d:78:b3:c8:
                    c5:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:FF:15:B5:16:DF:7B:0C:DD:7E:BF:F2:62:7F:F4:DC:09:77:B0:F3
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0fe672a7-6a77-4537-b5b3-f2f140d91d1c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:be:90:08:25:5d:cd:00:b5:77:e3:f1:4d:85:c1:ba:69:f3:
         27:94:32:5a:a2:8d:1b:ec:4a:ed:f9:e4:c6:93:18:1d:7a:77:
         ad:5b:cb:4d:9e:4c:9e:dc:d7:0c:af:ac:aa:d6:a5:17:42:e3:
         0a:4f:b0:62:2a:fd:42:82:84:b0:b5:54:82:09:cd:7d:d0:aa:
         e7:50:64:72:5b:e4:2c:ea:34:ae:0e:fb:d4:0f:f1:b9:c2:29:
         33:32:9e:10:a7:73:2c:81:aa:63:48:7b:ea:58:f9:da:77:1e:
         a1:36:4b:98:fe:83:c8:2e:f1:4b:fe:26:e0:28:4b:0e:4e:01:
         68:ab:ca:60:f1:24:27:06:a5:5a:99:62:1b:a2:cd:0d:e4:a2:
         50:68:bf:e7:63:4d:06:79:46:67:f2:c7:e0:bb:7c:e9:4a:d8:
         3a:0f:de:71:44:b3:43:74:8c:d6:e9:d8:ad:f0:62:23:8b:3b:
         0d:dc:bb:ef:b5:57:f0:41:48:9a:2d:10:2a:b4:a6:34:27:87:
         db:ab:9d:56:de:f7:2c:5e:ca:e0:47:e5:0d:04:f3:70:d1:a1:
         bd:ea:4a:86:b7:f8:fb:80:2c:1a:c7:c4:39:4b:c8:c3:ee:4d:
         fc:11:62:6c:c6:3a:e3:09:5f:d1:65:03:02:74:4e:07:27:7f:
         47:39:e8:bb
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUBMD6EPMqHQ0W6R4sNU+zn6QhfrQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDEzMDAwMDAwWhcNMjMwNDE2MjM1OTU5
WjCBpTFJMEcGA1UEBRNANDQzNmExN2E3NDhlYWNhYWZhOWUwMjBjZTZhOGUzMzNh
YTI5ZjYzMTljYzk2ODNmNTAyMmE2Mzc0OWZjYTAwNTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAK5hpzsW28iFd6cRy68pKfiq/Pz9f/7Udm6Fz62sFC9ddY8QMxuL
flsJRMO2sjn+w+8UGnUVPFDeOtQToBPmrif4hdN1MnZtNxRCWD8ZJ7q9ztEVuqzJ
x+AQ0x3jyVrzDUuO4XGWPtiEn7OeXKHbR9o4ul1GLeOWSQfLonUaZzGxUP9QVTIm
UUf0yeZPjvd2T0UkO3RRbpcoW+CXWjrCjnooqhwWnyFfPWhjbQZDeOba8AK0cutb
WpsH3Y+gEh6LzauSl7/okFuuiX7ixF2DAQrezkePMQyI+sKUYU94uQlLbpCz7XqZ
sCayx9vH+MYOjIXjSRsG4GkCyesdeLPIxb8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQy/xW1Ft97DN1+v/Jif/TcCXew8zAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMGZlNjcyYTctNmE3Ny00NTM3LWI1YjMtZjJmMTQwZDkxZDFjLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKe+kAglXc0AtXfj
8U2Fwbpp8yeUMlqijRvsSu355MaTGB16d61by02eTJ7c1wyvrKrWpRdC4wpPsGIq
/UKChLC1VIIJzX3QqudQZHJb5CzqNK4O+9QP8bnCKTMynhCncyyBqmNIe+pY+dp3
HqE2S5j+g8gu8Uv+JuAoSw5OAWirymDxJCcGpVqZYhuizQ3kolBov+djTQZ5Rmfy
x+C7fOlK2DoP3nFEs0N0jNbp2K3wYiOLOw3cu++1V/BBSJotECq0pjQnh9urnVbe
9yxeyuBH5Q0E83DRob3qSoa3+PuALBrHxDlLyMPuTfwRYmzGOuMJX9FlAwJ0Tgcn
f0c56Ls=
-----END CERTIFICATE-----