Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1092fa25-8dba-4a11-a955-32a659bd28e0.roa
File:                     1092fa25-8dba-4a11-a955-32a659bd28e0.roa (raw, json)
Hash identifier:          MUn8e0dC/qZnG2+F/bFp002NB/Q+owEOOeYFIrKI8Vs=
Subject key identifier:   35:C1:BC:B6:0F:60:94:A0:77:86:B3:10:BF:3A:C5:92:FD:EE:9D:A2
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       367DD70794FA121A8DD15B2D33208B8362DF5EA4
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1092fa25-8dba-4a11-a955-32a659bd28e0.roa
Signing time:             Mon 27 Feb 2023 00:00:00 +0000
ROA not before:           Mon 27 Feb 2023 00:00:00 +0000
ROA not after:            Thu 02 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:7d:d7:07:94:fa:12:1a:8d:d1:5b:2d:33:20:8b:83:62:df:5e:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 27 00:00:00 2023 GMT
            Not After : Mar  2 23:59:59 2023 GMT
        Subject: serialNumber=df24be6ea959d865f9ee3ed5defd460718391952874b85f30bef719f5e44e882, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ba:0d:c2:04:73:7b:15:fa:29:27:df:eb:6e:
                    cd:ff:6a:aa:97:8c:c1:e9:8f:0d:1f:b3:ab:3b:7a:
                    ac:94:c9:06:0c:28:9f:9a:e5:22:b9:1f:e2:d8:c4:
                    aa:f8:6b:35:83:72:f2:e8:d0:2b:6d:9e:2c:37:55:
                    16:81:e2:eb:9c:84:8e:1a:2f:bd:e4:f2:f0:52:30:
                    c9:3e:e8:c4:63:be:ee:a3:9d:be:b9:90:dd:95:87:
                    c8:35:2e:80:40:72:60:c6:75:ba:81:d7:1f:98:63:
                    09:e7:c0:9c:12:06:7c:b5:fe:3a:a0:09:88:b2:87:
                    dd:ed:ae:3f:05:86:85:33:df:f6:91:ac:8c:77:54:
                    c2:84:11:e3:5a:f5:f4:dc:34:4d:33:2d:ce:2d:dc:
                    e9:17:ae:07:c3:94:e7:45:3b:d6:15:39:d7:94:b2:
                    62:75:bc:8d:3d:ad:87:6a:03:2f:fd:f5:cf:56:20:
                    3f:59:20:84:c2:f2:73:cb:37:2b:46:19:a1:53:98:
                    2b:9c:12:49:bf:e7:65:0e:bb:57:2f:a8:8e:f3:63:
                    5d:f9:48:8e:a3:50:94:40:93:76:d6:e1:ac:5f:7e:
                    2e:14:17:b0:3c:8a:76:63:6e:d9:a8:34:e9:8a:ae:
                    3c:74:16:db:45:76:81:a2:d6:6d:d0:66:51:4f:ac:
                    70:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:C1:BC:B6:0F:60:94:A0:77:86:B3:10:BF:3A:C5:92:FD:EE:9D:A2
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1092fa25-8dba-4a11-a955-32a659bd28e0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:51:f6:2b:bf:6b:92:f0:f9:70:80:de:ec:f7:7d:11:ab:2d:
         5d:c4:b5:34:40:17:39:45:b7:b3:76:e3:1f:da:9f:d3:f4:24:
         98:a8:5d:be:8c:7f:50:aa:ce:33:7d:04:37:95:db:7b:db:e1:
         a4:fa:a4:ff:ec:11:86:d0:65:fb:54:aa:4f:3e:9b:9f:22:1e:
         fc:48:5d:4c:5f:51:09:cd:d2:67:2c:cc:43:00:4c:b1:3d:aa:
         80:a3:89:69:17:0a:d6:76:06:6e:77:1d:df:f0:a4:fa:20:92:
         e3:c0:40:52:47:e8:62:5b:e9:aa:e6:80:f7:08:94:c6:59:bc:
         9a:73:45:43:0a:82:d4:8b:b3:2b:56:fa:6c:16:cd:b0:48:18:
         b0:c7:90:ec:04:5c:45:97:de:6c:27:e2:e7:21:16:5c:92:85:
         4f:40:51:82:7a:2b:84:b4:f6:d0:67:ba:2f:40:13:1e:2f:57:
         80:4f:6e:d1:7a:7d:17:ad:fa:0e:67:44:68:80:f7:7b:68:71:
         47:5d:8e:09:89:12:41:76:6c:5e:e1:e4:b0:e6:63:5e:4d:f1:
         8a:1d:4f:72:2b:aa:e4:a4:bc:e2:14:a7:33:02:10:b7:35:e2:
         57:e6:21:b2:d7:f2:5d:e5:b0:28:18:43:40:69:9a:21:a3:f6:
         c0:71:4a:07
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUNn3XB5T6EhqN0VstMyCLg2LfXqQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjI3MDAwMDAwWhcNMjMwMzAyMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZGYyNGJlNmVhOTU5ZDg2NWY5ZWUzZWQ1ZGVmZDQ2MDcx
ODM5MTk1Mjg3NGI4NWYzMGJlZjcxOWY1ZTQ0ZTg4MjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALO6DcIEc3sV+ikn3+tuzf9qqpeMwemPDR+zqzt6rJTJBgwon5rl
Irkf4tjEqvhrNYNy8ujQK22eLDdVFoHi65yEjhovveTy8FIwyT7oxGO+7qOdvrmQ
3ZWHyDUugEByYMZ1uoHXH5hjCefAnBIGfLX+OqAJiLKH3e2uPwWGhTPf9pGsjHdU
woQR41r19Nw0TTMtzi3c6ReuB8OU50U71hU515SyYnW8jT2th2oDL/31z1YgP1kg
hMLyc8s3K0YZoVOYK5wSSb/nZQ67Vy+ojvNjXflIjqNQlECTdtbhrF9+LhQXsDyK
dmNu2ag06YquPHQW20V2gaLWbdBmUU+scNsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQ1wby2D2CUoHeGsxC/OsWS/e6dojAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMTA5MmZhMjUtOGRiYS00YTExLWE5NTUtMzJhNjU5YmQyOGUwLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAChR9iu/a5Lw+XCA
3uz3fRGrLV3EtTRAFzlFt7N24x/an9P0JJioXb6Mf1CqzjN9BDeV23vb4aT6pP/s
EYbQZftUqk8+m58iHvxIXUxfUQnN0mcszEMATLE9qoCjiWkXCtZ2Bm53Hd/wpPog
kuPAQFJH6GJb6armgPcIlMZZvJpzRUMKgtSLsytW+mwWzbBIGLDHkOwEXEWX3mwn
4uchFlyShU9AUYJ6K4S09tBnui9AEx4vV4BPbtF6fRet+g5nRGiA93tocUddjgmJ
EkF2bF7h5LDmY15N8YodT3IrquSkvOIUpzMCELc14lfmIbLX8l3lsCgYQ0BpmiGj
9sBxSgc=
-----END CERTIFICATE-----