Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1343b66e-b2e3-4cb3-841f-fbd00c508f89.roa
File:                     1343b66e-b2e3-4cb3-841f-fbd00c508f89.roa (raw, json)
Hash identifier:          1SB42h27J7QpcGJ6Bg1iAfc/OnNHP4H6B2JHVIXBAgw=
Subject key identifier:   8E:45:66:F6:B4:12:74:E3:8F:0A:63:BF:3D:F3:A6:01:99:B5:10:C1
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       27F5BF028EBB6100738FB82AB80A2740132CE831
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1343b66e-b2e3-4cb3-841f-fbd00c508f89.roa
Signing time:             Fri 24 Mar 2023 00:00:00 +0000
ROA not before:           Fri 24 Mar 2023 00:00:00 +0000
ROA not after:            Mon 27 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:f5:bf:02:8e:bb:61:00:73:8f:b8:2a:b8:0a:27:40:13:2c:e8:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 24 00:00:00 2023 GMT
            Not After : Mar 27 23:59:59 2023 GMT
        Subject: serialNumber=1cf76442913632f774f70ddaa24dc288feae1be296f8b9a9c63c8d442f4613c9, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:3b:1b:dd:7b:cf:d0:54:d2:26:d9:c4:72:ad:
                    7b:b9:b9:57:15:57:b9:cc:57:09:bd:7e:37:76:bd:
                    93:f1:4e:de:55:e4:58:b3:14:72:e6:36:f6:e1:c1:
                    dc:64:2b:a6:67:b1:e9:28:e8:56:3c:36:54:25:21:
                    93:9e:b3:e1:46:a5:45:34:d0:ed:d2:bb:38:b7:27:
                    8d:74:b8:fd:ff:5c:16:9c:20:e6:2d:c9:b6:65:a0:
                    44:19:d8:5d:be:9e:b2:af:58:c7:eb:0f:25:9a:f1:
                    63:c3:54:2a:27:c4:3d:73:17:6f:82:5f:74:fd:b7:
                    82:dc:79:4a:54:b7:6b:73:43:90:17:4f:76:10:49:
                    d7:84:a5:78:99:a1:20:8b:c9:ab:9d:62:47:c1:4f:
                    e2:98:df:fa:98:1c:cf:87:66:7a:44:bf:35:11:d6:
                    78:1a:c2:fb:cc:a5:75:ed:01:bb:cf:d9:50:56:00:
                    04:46:b7:d6:34:58:aa:3b:84:65:90:a3:94:c3:2b:
                    f4:b4:1a:13:92:fd:1d:da:da:c3:c2:e2:99:c0:11:
                    42:f8:07:01:d1:08:18:28:14:af:40:76:85:99:b2:
                    4f:05:71:ce:e1:a2:f0:d3:b5:dc:de:b9:19:6e:e4:
                    e4:3b:1f:11:64:77:ad:55:42:bd:85:e1:83:08:d0:
                    11:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:45:66:F6:B4:12:74:E3:8F:0A:63:BF:3D:F3:A6:01:99:B5:10:C1
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1343b66e-b2e3-4cb3-841f-fbd00c508f89.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:f3:c9:45:7f:9d:c0:0b:2f:70:cc:2c:8b:27:b1:b3:1f:d5:
         bf:fd:ac:5d:8e:de:12:a9:30:df:24:dd:05:76:b5:79:bb:18:
         58:6e:3b:19:ad:6b:bc:24:a0:4c:e2:76:a4:b9:25:34:2f:45:
         0b:43:ab:af:05:fa:0d:07:e8:06:02:f4:91:07:bf:2e:ff:93:
         f0:af:5e:a3:57:06:64:4a:5e:21:2b:06:c6:d5:4e:d7:f4:9e:
         42:da:bd:52:9a:83:7a:48:dd:b6:e6:fe:b5:59:35:86:54:e1:
         65:de:01:3c:e5:8f:08:55:a8:34:25:01:f4:fd:bd:44:07:9e:
         be:0e:b0:47:3e:69:ef:65:01:50:d8:43:78:d0:d9:0c:7f:3f:
         31:fe:84:29:e5:2a:60:e3:ca:67:7b:28:d7:16:dc:82:96:e4:
         1b:aa:d6:1d:e0:e8:cb:b0:7b:df:31:17:33:4c:75:9e:c0:3b:
         2a:21:e7:8f:e8:fb:c1:6d:da:a9:cc:6f:3e:02:4f:2d:19:13:
         5b:bf:67:17:22:f0:5e:be:b9:a7:87:f6:62:53:90:05:f8:30:
         e0:c0:84:76:9d:9f:2e:b9:55:20:c4:47:24:c4:f6:5a:4d:25:
         8c:d6:42:3e:c4:b2:e9:68:2d:b7:30:2a:cc:41:59:be:92:94:
         c4:a4:21:9d
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUJ/W/Ao67YQBzj7gquAonQBMs6DEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzI0MDAwMDAwWhcNMjMwMzI3MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMWNmNzY0NDI5MTM2MzJmNzc0ZjcwZGRhYTI0ZGMyODhm
ZWFlMWJlMjk2ZjhiOWE5YzYzYzhkNDQyZjQ2MTNjOTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJ87G917z9BU0ibZxHKte7m5VxVXucxXCb1+N3a9k/FO3lXkWLMU
cuY29uHB3GQrpmex6SjoVjw2VCUhk56z4UalRTTQ7dK7OLcnjXS4/f9cFpwg5i3J
tmWgRBnYXb6esq9Yx+sPJZrxY8NUKifEPXMXb4JfdP23gtx5SlS3a3NDkBdPdhBJ
14SleJmhIIvJq51iR8FP4pjf+pgcz4dmekS/NRHWeBrC+8ylde0Bu8/ZUFYABEa3
1jRYqjuEZZCjlMMr9LQaE5L9Hdraw8LimcARQvgHAdEIGCgUr0B2hZmyTwVxzuGi
8NO13N65GW7k5DsfEWR3rVVCvYXhgwjQEWECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSORWb2tBJ0448KY78986YBmbUQwTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMTM0M2I2NmUtYjJlMy00Y2IzLTg0MWYtZmJkMDBjNTA4Zjg5LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHnzyUV/ncALL3DM
LIsnsbMf1b/9rF2O3hKpMN8k3QV2tXm7GFhuOxmta7wkoEzidqS5JTQvRQtDq68F
+g0H6AYC9JEHvy7/k/CvXqNXBmRKXiErBsbVTtf0nkLavVKag3pI3bbm/rVZNYZU
4WXeATzljwhVqDQlAfT9vUQHnr4OsEc+ae9lAVDYQ3jQ2Qx/PzH+hCnlKmDjymd7
KNcW3IKW5Buq1h3g6Muwe98xFzNMdZ7AOyoh54/o+8Ft2qnMbz4CTy0ZE1u/Zxci
8F6+uaeH9mJTkAX4MODAhHadny65VSDERyTE9lpNJYzWQj7EsuloLbcwKsxBWb6S
lMSkIZ0=
-----END CERTIFICATE-----