Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1b28267d-189b-4f58-b3e7-75946a9a4fe6.roa
File:                     1b28267d-189b-4f58-b3e7-75946a9a4fe6.roa (raw, json)
Hash identifier:          Ygf0U5fJD59RaXuyL15fyGy+tJSiVHgEP/Y2IpjtvC0=
Subject key identifier:   41:C3:D0:B5:E8:51:B3:92:C1:33:4A:7D:47:63:18:3E:62:93:BD:79
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       5DC7C4ABF6B51CE9A4FBFD5C408804650DD60DD9
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1b28267d-189b-4f58-b3e7-75946a9a4fe6.roa
Signing time:             Thu 12 Jan 2023 00:00:00 +0000
ROA not before:           Thu 12 Jan 2023 00:00:00 +0000
ROA not after:            Sun 15 Jan 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:c7:c4:ab:f6:b5:1c:e9:a4:fb:fd:5c:40:88:04:65:0d:d6:0d:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jan 12 00:00:00 2023 GMT
            Not After : Jan 15 23:59:59 2023 GMT
        Subject: serialNumber=a50d85bf255265062ecd8dcb4e23688e16ffd040f7cdba517b05493cb4811372, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:f5:dd:64:16:7c:ef:b0:b1:e9:a6:f2:4e:5c:
                    ac:b4:26:a8:9d:e9:a1:5a:f2:82:f1:68:f2:d4:f6:
                    d0:b3:62:94:ba:e3:51:53:94:b6:00:2d:44:eb:d3:
                    74:fa:af:79:3c:b3:2c:b7:c7:41:1c:1d:f5:92:07:
                    91:57:17:e4:e9:b1:bb:00:d2:1d:bf:25:c1:b3:65:
                    5e:db:9b:76:ae:7d:fb:9b:6b:8f:e7:2d:23:83:53:
                    ec:7c:8b:e5:80:65:99:1a:b8:89:02:5e:cd:01:19:
                    44:b2:02:23:b2:7e:ee:ae:f6:3f:39:5a:28:4c:79:
                    a5:cf:ca:dd:96:fa:ef:aa:09:e4:3b:cd:ab:96:96:
                    26:95:1d:55:6d:e9:28:47:08:2c:84:d6:21:db:9b:
                    f5:fe:f6:5a:b2:fe:da:7c:de:cc:b6:6b:d5:ba:25:
                    91:33:d7:23:98:47:e6:1d:5c:45:a6:2e:bc:ff:b4:
                    d9:4b:85:8e:ac:6e:93:94:54:f7:b4:2b:9d:eb:0f:
                    3d:5a:ab:cc:09:d5:b1:76:57:37:e2:f6:f9:ca:4b:
                    83:03:30:0c:3f:db:d7:06:06:d6:a1:af:01:8a:d3:
                    60:36:93:7f:69:77:a0:af:a5:c7:20:cc:6e:f3:ac:
                    81:08:70:20:41:4f:7e:5f:32:83:c0:97:cd:7e:61:
                    78:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:C3:D0:B5:E8:51:B3:92:C1:33:4A:7D:47:63:18:3E:62:93:BD:79
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1b28267d-189b-4f58-b3e7-75946a9a4fe6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:2a:dd:f0:b1:93:17:b0:a3:1d:d3:a4:27:65:a4:65:3e:29:
         c7:92:64:55:04:08:4a:7f:0b:d2:b1:c1:de:e0:ec:2d:16:8c:
         f3:a5:7e:b2:1d:86:03:b4:14:86:92:42:86:4c:68:ce:ca:96:
         c1:5d:f1:7f:48:53:95:f2:ba:8a:b9:2e:dd:dd:c2:95:a3:62:
         c8:a5:42:f7:ff:68:14:37:e6:3d:ac:a4:36:35:45:9e:b5:8c:
         43:92:0f:3b:20:d8:7b:46:9c:36:62:e0:49:ff:e6:8b:6b:fd:
         39:56:85:22:08:1e:80:50:83:44:fd:98:fd:56:f3:68:d9:53:
         ca:ef:99:b8:69:1b:fd:e2:34:fe:c1:fb:14:4d:e1:cf:a0:40:
         20:18:a5:61:c4:4f:5d:75:f3:a8:d3:5c:28:25:af:cb:42:3e:
         db:56:76:07:25:a6:41:d7:bd:ed:97:82:05:5f:9e:7b:e2:d2:
         6b:51:8b:ed:35:f0:88:78:0f:37:a0:47:8e:a5:b5:89:33:3e:
         d1:86:8b:66:5e:6c:d5:1a:56:c7:9a:b8:ef:86:d6:ac:53:ee:
         bd:05:96:51:68:3e:78:84:10:f4:7b:33:34:aa:e6:6f:df:c7:
         94:6a:8d:c2:7b:d7:b3:85:84:96:61:3c:e5:2d:63:6b:04:1f:
         5e:74:24:90
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUXcfEq/a1HOmk+/1cQIgEZQ3WDdkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMTEyMDAwMDAwWhcNMjMwMTE1MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYTUwZDg1YmYyNTUyNjUwNjJlY2Q4ZGNiNGUyMzY4OGUx
NmZmZDA0MGY3Y2RiYTUxN2IwNTQ5M2NiNDgxMTM3MjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALv13WQWfO+wsemm8k5crLQmqJ3poVrygvFo8tT20LNilLrjUVOU
tgAtROvTdPqveTyzLLfHQRwd9ZIHkVcX5OmxuwDSHb8lwbNlXtubdq59+5trj+ct
I4NT7HyL5YBlmRq4iQJezQEZRLICI7J+7q72PzlaKEx5pc/K3Zb676oJ5DvNq5aW
JpUdVW3pKEcILITWIdub9f72WrL+2nzezLZr1bolkTPXI5hH5h1cRaYuvP+02UuF
jqxuk5RU97QrnesPPVqrzAnVsXZXN+L2+cpLgwMwDD/b1wYG1qGvAYrTYDaTf2l3
oK+lxyDMbvOsgQhwIEFPfl8yg8CXzX5heB8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRBw9C16FGzksEzSn1HYxg+YpO9eTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMWIyODI2N2QtMTg5Yi00ZjU4LWIzZTctNzU5NDZhOWE0ZmU2LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGwq3fCxkxewox3T
pCdlpGU+KceSZFUECEp/C9Kxwd7g7C0WjPOlfrIdhgO0FIaSQoZMaM7KlsFd8X9I
U5Xyuoq5Lt3dwpWjYsilQvf/aBQ35j2spDY1RZ61jEOSDzsg2HtGnDZi4En/5otr
/TlWhSIIHoBQg0T9mP1W82jZU8rvmbhpG/3iNP7B+xRN4c+gQCAYpWHET11186jT
XCglr8tCPttWdgclpkHXve2XggVfnnvi0mtRi+018Ih4DzegR46ltYkzPtGGi2Ze
bNUaVseauO+G1qxT7r0FllFoPniEEPR7MzSq5m/fx5RqjcJ717OFhJZhPOUtY2sE
H150JJA=
-----END CERTIFICATE-----