Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1c430ce5-56c8-4c46-ae10-e03ac9a1ca82.roa
File:                     1c430ce5-56c8-4c46-ae10-e03ac9a1ca82.roa (raw, json)
Hash identifier:          svw9JQ6IHgwkt9HSmDQ/wRwVrTD0IxEep50kxgsGW/Y=
Subject key identifier:   78:A7:25:34:60:85:F9:83:C1:88:EB:C4:53:C8:05:EC:BB:CF:BA:A7
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       76E602DDAB5FA54E594DE1D61B54273B1B2FC00E
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1c430ce5-56c8-4c46-ae10-e03ac9a1ca82.roa
Signing time:             Mon 24 Apr 2023 00:00:00 +0000
ROA not before:           Mon 24 Apr 2023 00:00:00 +0000
ROA not after:            Thu 27 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:e6:02:dd:ab:5f:a5:4e:59:4d:e1:d6:1b:54:27:3b:1b:2f:c0:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 24 00:00:00 2023 GMT
            Not After : Apr 27 23:59:59 2023 GMT
        Subject: serialNumber=86fc8517cf2b6a1f475f0f1c7c5c108a3c008d059ee43996254a9c254e982e25, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:ba:14:12:2d:fd:a8:85:fc:10:47:5a:3a:c8:
                    f5:96:40:fb:6e:c4:be:b5:fd:72:84:14:93:a8:bf:
                    5b:81:0e:40:c1:85:ff:1f:24:ad:29:32:95:e8:2e:
                    b6:39:2b:58:e5:69:32:81:39:4e:28:21:ce:c9:e8:
                    ad:35:87:75:2a:02:37:f2:b0:f8:54:e2:2e:12:8d:
                    1a:8a:65:6a:13:77:0c:f9:72:d9:b7:f5:4c:a0:3a:
                    d8:68:ab:16:61:a2:01:a2:9f:6e:6a:34:da:1a:8b:
                    e2:60:24:80:2d:44:64:94:cb:3f:a3:e4:c6:17:d7:
                    9f:2c:f7:f0:f4:f1:b4:4c:5f:21:2e:0f:bc:35:90:
                    34:34:5e:d6:85:6c:4c:65:d7:d5:98:cd:79:a4:f8:
                    3f:ec:85:f5:b3:fa:e6:60:77:cc:84:39:fa:4a:08:
                    0d:cd:6c:44:97:8b:73:25:b9:fa:3c:ea:c7:11:cf:
                    a1:b4:c2:47:81:45:f1:f3:05:8d:74:53:3a:5f:66:
                    6f:9c:fa:94:07:8f:8a:f1:ae:cc:e7:b1:7d:7a:56:
                    c1:91:05:ad:ff:d0:ca:21:92:2c:53:34:d7:6d:91:
                    0a:21:66:4a:7c:c6:cc:29:70:73:8d:cc:ef:1a:22:
                    3b:2a:86:fe:cd:b6:ce:48:0f:46:ba:03:05:27:32:
                    f5:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:A7:25:34:60:85:F9:83:C1:88:EB:C4:53:C8:05:EC:BB:CF:BA:A7
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1c430ce5-56c8-4c46-ae10-e03ac9a1ca82.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:e5:e2:6d:11:fa:d9:7a:05:ca:a4:ee:7e:7a:9d:54:8a:14:
         1d:fb:f8:9d:e4:79:4e:68:60:9c:3e:62:2a:1d:c9:5a:58:3d:
         d3:df:d7:bf:17:58:db:e1:29:a7:cb:ed:ee:df:ff:11:96:64:
         21:f2:24:ad:f4:8b:ac:5e:e5:ed:f7:d6:b7:a0:34:79:40:76:
         9e:25:d1:05:34:e6:0f:cc:ac:a8:f4:ea:cc:a5:0c:71:8b:54:
         fa:28:dd:d4:5d:4d:e3:a4:0e:be:7a:58:66:6b:95:51:a0:f9:
         02:8a:ec:78:5c:50:83:b9:1c:d8:70:c0:d8:46:84:aa:ad:06:
         4f:c0:c9:57:d3:1f:c7:9d:82:1b:43:e0:7d:71:04:b2:6a:f5:
         ed:a6:1a:7f:eb:84:c5:ab:54:72:6c:45:0b:b0:8a:eb:92:30:
         cd:47:ec:53:6e:60:48:53:d9:62:b4:0d:67:81:58:dd:36:69:
         ca:b0:0e:54:4b:ec:bb:38:a0:49:e4:1c:39:53:e9:f4:c1:fe:
         c7:64:d7:ca:51:ef:74:14:08:5b:82:2b:2a:e6:1e:e6:e3:3a:
         3d:db:e3:3d:23:c7:81:83:ce:20:72:55:7f:97:5c:86:94:91:
         fd:45:ba:39:83:b4:e8:30:04:45:5a:8a:54:9c:a6:11:6f:da:
         19:19:d4:07
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUduYC3atfpU5ZTeHWG1QnOxsvwA4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDI0MDAwMDAwWhcNMjMwNDI3MjM1OTU5
WjCBpTFJMEcGA1UEBRNAODZmYzg1MTdjZjJiNmExZjQ3NWYwZjFjN2M1YzEwOGEz
YzAwOGQwNTllZTQzOTk2MjU0YTljMjU0ZTk4MmUyNTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJ66FBIt/aiF/BBHWjrI9ZZA+27EvrX9coQUk6i/W4EOQMGF/x8k
rSkylegutjkrWOVpMoE5TighzsnorTWHdSoCN/Kw+FTiLhKNGoplahN3DPly2bf1
TKA62GirFmGiAaKfbmo02hqL4mAkgC1EZJTLP6PkxhfXnyz38PTxtExfIS4PvDWQ
NDRe1oVsTGXX1ZjNeaT4P+yF9bP65mB3zIQ5+koIDc1sRJeLcyW5+jzqxxHPobTC
R4FF8fMFjXRTOl9mb5z6lAePivGuzOexfXpWwZEFrf/QyiGSLFM0122RCiFmSnzG
zClwc43M7xoiOyqG/s22zkgPRroDBScy9bkCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBR4pyU0YIX5g8GI68RTyAXsu8+6pzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMWM0MzBjZTUtNTZjOC00YzQ2LWFlMTAtZTAzYWM5YTFjYTgyLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALXl4m0R+tl6Bcqk
7n56nVSKFB37+J3keU5oYJw+YiodyVpYPdPf178XWNvhKafL7e7f/xGWZCHyJK30
i6xe5e331regNHlAdp4l0QU05g/MrKj06sylDHGLVPoo3dRdTeOkDr56WGZrlVGg
+QKK7HhcUIO5HNhwwNhGhKqtBk/AyVfTH8edghtD4H1xBLJq9e2mGn/rhMWrVHJs
RQuwiuuSMM1H7FNuYEhT2WK0DWeBWN02acqwDlRL7Ls4oEnkHDlT6fTB/sdk18pR
73QUCFuCKyrmHubjOj3b4z0jx4GDziByVX+XXIaUkf1FujmDtOgwBEVailScphFv
2hkZ1Ac=
-----END CERTIFICATE-----