Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/13d5a975-0630-466b-a79a-77274ac5902e.roa
File:                     13d5a975-0630-466b-a79a-77274ac5902e.roa (raw, json)
Hash identifier:          ZqRzFPwWIGv/ZVSw0b6LuEvuxqj7QK+1LP3K4Pzvies=
Subject key identifier:   3D:C2:D3:EB:4A:EF:94:42:E7:AE:2C:C9:2D:71:AC:C6:B0:B3:C7:4B
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       025D25815F34DC0092D6EA44F8B5EA835805DE45
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/13d5a975-0630-466b-a79a-77274ac5902e.roa
Signing time:             Mon 17 Apr 2023 00:00:00 +0000
ROA not before:           Mon 17 Apr 2023 00:00:00 +0000
ROA not after:            Thu 20 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:5d:25:81:5f:34:dc:00:92:d6:ea:44:f8:b5:ea:83:58:05:de:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 17 00:00:00 2023 GMT
            Not After : Apr 20 23:59:59 2023 GMT
        Subject: serialNumber=6a928b1be9d9a05436c8b157c6c0cf0048253621328d2eb7dd3ee47c86d36ce2, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:f6:19:54:46:68:ea:c4:4e:22:b4:0b:4b:7f:
                    88:61:90:cf:35:75:da:4d:ab:0f:d2:8d:17:a4:06:
                    19:cb:08:c9:58:3f:aa:98:9d:67:c1:f8:c4:8c:66:
                    bd:ef:31:cf:f0:dd:5d:23:1a:4c:48:1b:56:a5:50:
                    67:fb:4c:10:3a:f2:6b:48:75:19:c3:67:35:0f:35:
                    07:9b:4b:2e:78:51:03:72:e3:2d:c9:27:4f:ee:bd:
                    a2:c0:71:8d:05:3d:f7:71:13:8c:c0:f8:67:ea:7f:
                    13:be:6b:71:cc:09:cd:33:9b:60:24:2d:b4:f1:2f:
                    24:01:26:50:f2:ea:a1:e2:f8:b4:d1:b4:bf:7c:04:
                    ac:af:51:87:2e:94:cb:9b:14:82:52:7f:f5:3a:18:
                    62:82:5a:69:ea:2f:b3:9d:8a:e3:d4:16:42:14:4d:
                    31:96:21:a5:b9:c5:d8:74:61:81:a2:59:08:e4:60:
                    dd:a3:3a:dc:12:71:43:ad:25:17:0a:20:68:12:c0:
                    da:d8:88:90:c3:65:59:8d:e2:f2:60:79:bb:fc:30:
                    82:8a:a0:ae:af:1f:02:6b:23:8f:02:91:eb:00:0d:
                    e7:f8:00:7d:4b:bf:5b:05:eb:71:95:3d:91:0f:47:
                    98:ad:f7:62:09:e8:25:b0:1e:c4:b2:b4:42:60:b1:
                    49:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:C2:D3:EB:4A:EF:94:42:E7:AE:2C:C9:2D:71:AC:C6:B0:B3:C7:4B
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/13d5a975-0630-466b-a79a-77274ac5902e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:5d:03:d5:ee:33:2f:80:3e:a3:1b:9a:ee:e4:c5:ca:da:1e:
         6e:03:f0:c2:15:8d:06:70:fe:dc:d8:b1:ac:a2:ad:49:19:ac:
         92:88:70:8f:7a:5e:70:6c:e4:85:01:57:1e:50:b7:79:fb:00:
         6e:b0:6d:4d:bb:9f:d0:8e:68:a7:64:dd:ab:c0:2b:ea:d3:d2:
         fa:5e:6b:eb:48:39:29:00:c2:24:cc:18:1f:cb:e9:12:95:2c:
         32:e8:ee:8e:fb:9a:19:cf:cf:59:09:f7:c8:1c:5e:80:15:de:
         ac:17:fb:9a:e2:e6:89:72:6d:38:e4:eb:b8:de:d3:2f:fa:a2:
         75:53:ed:c9:e2:7c:84:f8:e2:9a:77:88:9f:96:c4:2b:b9:a3:
         19:c6:d0:3c:91:de:b5:8d:41:41:e4:e7:dd:92:4f:63:16:c0:
         93:85:be:55:76:4a:22:83:71:17:30:82:77:25:2d:c3:8c:53:
         71:aa:50:08:bf:24:d4:82:90:5b:2a:f4:6c:cd:f8:0b:d7:b4:
         1b:23:d9:45:ba:f2:ad:e4:00:0c:74:19:3b:7f:55:ef:5d:9a:
         ab:30:c7:d9:84:02:45:e3:84:82:e5:1b:7d:80:fd:62:8f:22:
         7b:41:53:16:87:39:3e:40:d3:4a:04:0e:f0:8e:55:e6:b0:1a:
         94:3d:33:b8
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUAl0lgV803ACS1upE+LXqg1gF3kUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDE3MDAwMDAwWhcNMjMwNDIwMjM1OTU5
WjCBpTFJMEcGA1UEBRNANmE5MjhiMWJlOWQ5YTA1NDM2YzhiMTU3YzZjMGNmMDA0
ODI1MzYyMTMyOGQyZWI3ZGQzZWU0N2M4NmQzNmNlMjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJ32GVRGaOrETiK0C0t/iGGQzzV12k2rD9KNF6QGGcsIyVg/qpid
Z8H4xIxmve8xz/DdXSMaTEgbVqVQZ/tMEDrya0h1GcNnNQ81B5tLLnhRA3LjLckn
T+69osBxjQU993ETjMD4Z+p/E75rccwJzTObYCQttPEvJAEmUPLqoeL4tNG0v3wE
rK9Rhy6Uy5sUglJ/9ToYYoJaaeovs52K49QWQhRNMZYhpbnF2HRhgaJZCORg3aM6
3BJxQ60lFwogaBLA2tiIkMNlWY3i8mB5u/wwgoqgrq8fAmsjjwKR6wAN5/gAfUu/
WwXrcZU9kQ9HmK33YgnoJbAexLK0QmCxSQcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQ9wtPrSu+UQueuLMktcazGsLPHSzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMTNkNWE5NzUtMDYzMC00NjZiLWE3OWEtNzcyNzRhYzU5MDJlLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAD9dA9XuMy+APqMb
mu7kxcraHm4D8MIVjQZw/tzYsayirUkZrJKIcI96XnBs5IUBVx5Qt3n7AG6wbU27
n9COaKdk3avAK+rT0vpea+tIOSkAwiTMGB/L6RKVLDLo7o77mhnPz1kJ98gcXoAV
3qwX+5ri5olybTjk67je0y/6onVT7cnifIT44pp3iJ+WxCu5oxnG0DyR3rWNQUHk
592ST2MWwJOFvlV2SiKDcRcwgnclLcOMU3GqUAi/JNSCkFsq9GzN+AvXtBsj2UW6
8q3kAAx0GTt/Ve9dmqswx9mEAkXjhILlG32A/WKPIntBUxaHOT5A00oEDvCOVeaw
GpQ9M7g=
-----END CERTIFICATE-----