Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/18d6f3e3-6dd1-4a39-8900-256589866e5a.roa
File:                     18d6f3e3-6dd1-4a39-8900-256589866e5a.roa (raw, json)
Hash identifier:          gAQos+AMbZzfO6nF1Xi8Ul49Le14Qer7y1ht0GZhLwA=
Subject key identifier:   68:58:F3:5A:0F:F7:2F:F9:7D:C3:22:12:17:BE:53:0E:19:90:74:2B
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       2B0C5B7E12330C302F2DEF910D7D042E13EB640C
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/18d6f3e3-6dd1-4a39-8900-256589866e5a.roa
Signing time:             Fri 17 Mar 2023 00:00:00 +0000
ROA not before:           Fri 17 Mar 2023 00:00:00 +0000
ROA not after:            Mon 20 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:0c:5b:7e:12:33:0c:30:2f:2d:ef:91:0d:7d:04:2e:13:eb:64:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 17 00:00:00 2023 GMT
            Not After : Mar 20 23:59:59 2023 GMT
        Subject: serialNumber=3f3758d4609846211033c3d30ebfcc3d7bf372a3a0f3a5e8a4d0d492be39c441, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:1a:f1:d3:60:69:08:3d:a7:20:aa:75:af:9d:
                    55:47:b1:6d:0a:5d:ac:44:d7:ce:75:88:34:9d:0c:
                    e7:1d:f0:04:48:1b:d1:80:4c:52:67:f3:3b:75:1b:
                    94:be:b7:ea:3d:f9:2d:96:3f:93:e3:05:c9:1d:64:
                    f8:01:0c:a8:c8:26:c0:ad:64:45:21:99:9b:78:21:
                    cc:f4:d1:b9:e2:f6:2c:fe:fa:48:29:6c:8c:10:80:
                    54:25:8f:3f:2f:1e:bd:a6:09:7e:95:37:dd:fa:f6:
                    b5:a4:49:89:22:19:91:fb:ab:07:12:25:d5:77:f0:
                    85:07:bd:4c:4a:9f:ed:d5:66:01:ea:fa:db:d9:03:
                    9d:28:46:f3:f3:88:2b:5a:68:ba:a7:c0:07:b3:ca:
                    59:55:64:a3:94:f0:72:b8:14:37:7b:d2:0b:a8:ba:
                    93:f0:be:c8:1b:9d:c5:96:ea:c6:89:d3:4f:de:77:
                    dc:cd:b6:cc:f5:0a:2f:1d:be:bb:64:a0:2a:37:fc:
                    9d:47:17:45:d1:11:b7:48:f6:db:7b:29:ca:42:a9:
                    77:af:1a:2d:4c:08:96:cd:b9:13:a1:73:20:13:96:
                    05:3d:03:d6:57:9c:91:86:1a:50:f7:b4:be:13:a6:
                    87:5c:c0:d7:bb:d8:85:77:4f:4c:cc:10:6e:96:89:
                    e8:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:58:F3:5A:0F:F7:2F:F9:7D:C3:22:12:17:BE:53:0E:19:90:74:2B
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/18d6f3e3-6dd1-4a39-8900-256589866e5a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:92:1e:23:bd:97:c2:64:a3:27:37:9d:b1:87:be:2e:ca:7f:
         a2:b9:6c:5d:80:1d:d5:51:c3:32:21:6d:54:ac:67:c7:27:2e:
         88:f4:d9:90:c7:ee:d1:16:87:d8:27:0c:e1:ad:ad:ef:62:d6:
         fc:d6:50:19:f4:b7:c0:2a:db:e5:ac:62:08:83:21:45:82:dc:
         94:c3:81:bf:31:25:68:0d:f6:96:3a:0b:d3:21:07:b1:32:c2:
         2d:48:46:43:77:82:26:3c:af:08:b0:33:20:8e:cf:fd:72:ad:
         17:13:1e:46:df:ab:79:b4:3e:01:eb:a4:0e:0c:a6:64:ca:7f:
         a4:a0:bd:3e:24:1c:43:a1:84:8d:b7:ef:80:43:17:62:d8:87:
         a7:3e:bf:af:0a:0f:e0:e0:75:b5:75:5a:95:56:6e:52:0c:bc:
         cc:50:9d:6c:94:8e:d0:13:34:48:24:eb:73:07:ca:40:1a:56:
         f5:ce:84:e0:25:6d:34:fa:d4:31:cf:7a:e6:17:f7:62:e4:7f:
         c6:0c:b2:38:a9:f7:8e:64:c4:7b:95:d4:1c:4a:be:b4:f5:3b:
         ee:d1:a0:f1:15:b4:14:43:a0:f8:a6:bf:25:57:69:c0:fd:03:
         6d:0a:3b:0b:92:85:2b:78:61:0c:ff:85:07:83:e7:27:66:8e:
         83:7f:64:d2
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUKwxbfhIzDDAvLe+RDX0ELhPrZAwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzE3MDAwMDAwWhcNMjMwMzIwMjM1OTU5
WjCBpTFJMEcGA1UEBRNAM2YzNzU4ZDQ2MDk4NDYyMTEwMzNjM2QzMGViZmNjM2Q3
YmYzNzJhM2EwZjNhNWU4YTRkMGQ0OTJiZTM5YzQ0MTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALQa8dNgaQg9pyCqda+dVUexbQpdrETXznWINJ0M5x3wBEgb0YBM
UmfzO3UblL636j35LZY/k+MFyR1k+AEMqMgmwK1kRSGZm3ghzPTRueL2LP76SCls
jBCAVCWPPy8evaYJfpU33fr2taRJiSIZkfurBxIl1XfwhQe9TEqf7dVmAer629kD
nShG8/OIK1pouqfAB7PKWVVko5TwcrgUN3vSC6i6k/C+yBudxZbqxonTT9533M22
zPUKLx2+u2SgKjf8nUcXRdERt0j223spykKpd68aLUwIls25E6FzIBOWBT0D1lec
kYYaUPe0vhOmh1zA17vYhXdPTMwQbpaJ6M8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRoWPNaD/cv+X3DIhIXvlMOGZB0KzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMThkNmYzZTMtNmRkMS00YTM5LTg5MDAtMjU2NTg5ODY2ZTVhLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABWSHiO9l8Jkoyc3
nbGHvi7Kf6K5bF2AHdVRwzIhbVSsZ8cnLoj02ZDH7tEWh9gnDOGtre9i1vzWUBn0
t8Aq2+WsYgiDIUWC3JTDgb8xJWgN9pY6C9MhB7Eywi1IRkN3giY8rwiwMyCOz/1y
rRcTHkbfq3m0PgHrpA4MpmTKf6SgvT4kHEOhhI2374BDF2LYh6c+v68KD+DgdbV1
WpVWblIMvMxQnWyUjtATNEgk63MHykAaVvXOhOAlbTT61DHPeuYX92Lkf8YMsjip
945kxHuV1BxKvrT1O+7RoPEVtBRDoPimvyVXacD9A20KOwuShSt4YQz/hQeD5ydm
joN/ZNI=
-----END CERTIFICATE-----