Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/16cd2e34-a0aa-4fa3-940a-ec075f7133b6.roa
File:                     16cd2e34-a0aa-4fa3-940a-ec075f7133b6.roa (raw, json)
Hash identifier:          o46h1sxhnOBqMyWmoWJphxu2cuh4xpKStCSoGgOvWqM=
Subject key identifier:   11:53:2C:91:E0:B1:FE:71:29:EC:B2:F9:E1:02:B1:A1:B8:18:0D:4C
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       2BB8061C065F06118FDD72B144CB023248CAAFF6
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/16cd2e34-a0aa-4fa3-940a-ec075f7133b6.roa
Signing time:             Sun 19 Mar 2023 00:00:00 +0000
ROA not before:           Sun 19 Mar 2023 00:00:00 +0000
ROA not after:            Wed 22 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:b8:06:1c:06:5f:06:11:8f:dd:72:b1:44:cb:02:32:48:ca:af:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 19 00:00:00 2023 GMT
            Not After : Mar 22 23:59:59 2023 GMT
        Subject: serialNumber=7a9a6bb74bc9762b62c4b3a9e1fa23f6a2bd96d9dbd148b789257a337bf6a136, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:75:23:20:bc:73:49:b4:df:f8:64:fc:b5:fc:
                    ea:1c:89:a5:c1:f1:92:da:d1:88:5c:be:bd:dd:1f:
                    c9:7d:8c:38:b7:79:43:2b:f0:ef:97:36:ac:72:63:
                    e6:4a:a7:b3:f5:95:f4:48:8b:7f:20:e4:22:7f:2a:
                    e4:63:07:29:eb:9d:1a:fd:58:ec:88:a8:6d:58:87:
                    d9:1b:16:95:0c:a5:00:14:b0:b7:7d:7f:e9:a0:f8:
                    6d:d8:a5:fc:1d:66:42:0b:10:ab:ad:5e:fa:0e:1b:
                    8a:50:4d:b0:05:48:ca:b8:00:e5:63:11:5b:bf:02:
                    c9:f9:d2:68:15:52:4b:8e:e7:cb:1a:24:d6:e8:ab:
                    46:11:a1:c7:c5:db:64:71:d4:d4:63:9b:85:d4:c6:
                    cf:af:7c:b2:00:e7:4a:12:56:ff:92:21:4e:a0:41:
                    fc:be:89:7b:dc:89:d0:9f:3a:f7:f7:ee:90:f7:6d:
                    04:ab:0d:a1:36:77:fe:7f:99:2b:3c:b3:d5:da:d6:
                    c7:7f:f3:e6:f2:48:cb:7f:fd:b4:b6:a6:5f:08:b9:
                    32:9f:d7:40:07:ca:0b:99:41:87:dc:6b:d1:6f:3c:
                    ed:77:bb:6d:ef:d5:bf:ee:a0:c2:c8:ba:f4:bd:06:
                    6c:4a:d3:9b:8a:15:14:b6:b9:aa:5c:f5:a9:47:3e:
                    c5:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:53:2C:91:E0:B1:FE:71:29:EC:B2:F9:E1:02:B1:A1:B8:18:0D:4C
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/16cd2e34-a0aa-4fa3-940a-ec075f7133b6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:72:25:b5:49:8d:7a:50:cc:53:43:73:4e:08:25:11:4b:b4:
         f5:ab:4f:02:e0:d7:a2:c1:7c:14:5a:a7:9a:26:6f:d0:04:96:
         86:5d:26:07:c1:e0:4c:c9:03:16:52:6e:59:af:ca:5c:6d:54:
         af:b0:52:29:89:82:89:28:48:4a:5e:1d:ff:e4:5d:39:a4:8e:
         4d:ca:96:9a:f6:5b:9f:a7:54:17:d8:f4:9b:67:c5:46:bc:e6:
         0a:34:97:4f:64:77:78:3b:b4:30:c6:42:62:c5:1b:6a:ad:a9:
         ca:20:d8:ab:69:99:bf:c3:bf:20:5a:11:4a:71:21:0f:06:6b:
         bc:db:cf:2b:2b:cf:f7:e9:03:55:bf:a3:a1:12:6f:b5:45:b4:
         2a:24:94:b3:68:04:3b:c6:77:53:3d:cd:2a:45:03:b5:58:7e:
         20:fa:0e:92:96:29:b2:b6:b4:31:fb:ea:ef:e7:09:f9:b7:19:
         2b:72:0f:b6:5b:e5:68:66:f5:cb:20:0a:32:f5:92:ad:41:9a:
         28:90:13:08:17:38:21:e0:f1:15:31:40:17:88:d3:0a:05:cb:
         86:4a:fd:4e:41:90:dd:d4:f8:e5:2e:3a:51:5b:81:1a:bb:1e:
         66:6c:b0:0e:11:0b:28:92:4f:0c:7c:20:1b:35:72:44:8c:a6:
         cc:a9:c8:41
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUK7gGHAZfBhGP3XKxRMsCMkjKr/YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzE5MDAwMDAwWhcNMjMwMzIyMjM1OTU5
WjCBpTFJMEcGA1UEBRNAN2E5YTZiYjc0YmM5NzYyYjYyYzRiM2E5ZTFmYTIzZjZh
MmJkOTZkOWRiZDE0OGI3ODkyNTdhMzM3YmY2YTEzNjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMJ1IyC8c0m03/hk/LX86hyJpcHxktrRiFy+vd0fyX2MOLd5Qyvw
75c2rHJj5kqns/WV9EiLfyDkIn8q5GMHKeudGv1Y7IiobViH2RsWlQylABSwt31/
6aD4bdil/B1mQgsQq61e+g4bilBNsAVIyrgA5WMRW78CyfnSaBVSS47nyxok1uir
RhGhx8XbZHHU1GObhdTGz698sgDnShJW/5IhTqBB/L6Je9yJ0J869/fukPdtBKsN
oTZ3/n+ZKzyz1drWx3/z5vJIy3/9tLamXwi5Mp/XQAfKC5lBh9xr0W887Xe7be/V
v+6gwsi69L0GbErTm4oVFLa5qlz1qUc+xdcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQRUyyR4LH+cSnssvnhArGhuBgNTDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMTZjZDJlMzQtYTBhYS00ZmEzLTk0MGEtZWMwNzVmNzEzM2I2LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALRyJbVJjXpQzFND
c04IJRFLtPWrTwLg16LBfBRap5omb9AEloZdJgfB4EzJAxZSblmvylxtVK+wUimJ
gokoSEpeHf/kXTmkjk3Klpr2W5+nVBfY9JtnxUa85go0l09kd3g7tDDGQmLFG2qt
qcog2Ktpmb/DvyBaEUpxIQ8Ga7zbzysrz/fpA1W/o6ESb7VFtCoklLNoBDvGd1M9
zSpFA7VYfiD6DpKWKbK2tDH76u/nCfm3GStyD7Zb5Whm9csgCjL1kq1BmiiQEwgX
OCHg8RUxQBeI0woFy4ZK/U5BkN3U+OUuOlFbgRq7HmZssA4RCyiSTwx8IBs1ckSM
psypyEE=
-----END CERTIFICATE-----