Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1db9fdd9-f977-41bb-ae8f-369a846a0086.roa
File:                     1db9fdd9-f977-41bb-ae8f-369a846a0086.roa (raw, json)
Hash identifier:          V0pugi/ajAFIrRfOF8C/e4heXd9nYbO299n104X1Aps=
Subject key identifier:   9E:80:46:60:5C:FD:44:18:10:10:7B:96:FC:68:E6:15:E1:2D:04:D1
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       67C3F2CA47015FFC9C42AECDC174E2B0F18D3808
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1db9fdd9-f977-41bb-ae8f-369a846a0086.roa
Signing time:             Sat 18 Mar 2023 00:00:00 +0000
ROA not before:           Sat 18 Mar 2023 00:00:00 +0000
ROA not after:            Tue 21 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:c3:f2:ca:47:01:5f:fc:9c:42:ae:cd:c1:74:e2:b0:f1:8d:38:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 18 00:00:00 2023 GMT
            Not After : Mar 21 23:59:59 2023 GMT
        Subject: serialNumber=2ba2c948395329e4688e29d4f0b072240235972d11d69172c52971737fdba3cb, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:15:53:d4:ed:85:3e:27:cd:fe:cc:e4:86:42:
                    1e:02:24:c2:86:51:b2:18:c1:af:cf:a0:80:f2:8a:
                    62:3e:43:00:29:b5:14:24:f8:de:03:21:35:3f:e9:
                    18:fc:0d:b5:69:20:c2:08:e5:43:b4:15:eb:64:7f:
                    46:71:20:80:8c:9e:95:5e:5b:df:7c:90:ed:48:7a:
                    7c:2b:ba:71:ab:1f:60:65:e2:0a:3d:6b:56:cc:04:
                    33:47:98:6b:2a:f3:40:39:6e:fc:68:de:02:d3:8e:
                    a6:7f:d6:41:7d:b3:36:49:fd:c3:15:dd:a7:f7:9d:
                    5c:03:80:2a:a3:48:bc:d9:c6:53:06:ea:67:da:fd:
                    53:78:8d:aa:df:a7:87:e3:0a:4a:f2:de:ba:fe:af:
                    1f:bb:43:b8:b2:07:13:8c:e4:a3:1d:0d:ad:ec:e1:
                    34:15:bd:ee:88:10:dd:e2:43:a8:ce:05:5b:28:36:
                    49:0e:13:1f:a5:eb:fe:36:fd:65:76:3d:7a:28:d8:
                    27:27:ed:b7:10:d4:56:aa:44:3f:56:30:12:01:12:
                    c2:dd:90:24:5d:83:86:cf:df:ca:3b:2a:bc:fb:0a:
                    02:b5:81:20:92:fc:3c:d5:ab:cb:de:56:de:9b:62:
                    21:6d:e7:2f:c6:6b:4b:54:a9:c5:0b:ab:53:cd:61:
                    b0:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:80:46:60:5C:FD:44:18:10:10:7B:96:FC:68:E6:15:E1:2D:04:D1
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1db9fdd9-f977-41bb-ae8f-369a846a0086.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cb:93:dd:8d:76:83:a9:f6:84:b5:50:35:d8:c7:c8:9a:87:b4:
         13:8b:89:78:9e:a4:a8:d4:1e:5a:3f:04:fc:f1:a2:10:ab:e8:
         ac:f1:51:aa:ad:73:52:96:27:78:52:c8:c0:9a:f6:91:07:47:
         de:18:66:fe:35:94:8c:1a:dc:26:3b:01:84:e5:26:5c:9b:e2:
         26:b6:b7:17:74:bc:b8:fc:76:8a:82:48:79:5d:af:1a:4c:5b:
         76:ca:30:52:2f:ce:e3:0c:c2:4a:2a:76:c1:f4:66:87:3a:6a:
         ce:d1:0c:b1:ba:eb:9a:15:e6:32:5c:24:d0:b4:1c:30:61:2f:
         fa:0f:a2:3d:86:f2:46:b0:56:89:51:2e:84:1b:cd:c6:d8:18:
         0b:19:89:0c:9a:38:8b:a4:5d:b5:d2:7a:25:4c:f0:4f:fd:4f:
         f0:f3:65:c2:6e:a4:74:f4:5e:50:27:e4:46:7b:1d:da:47:9d:
         c2:87:c0:77:cc:a4:8a:a7:ef:2b:e1:8d:17:ab:67:1e:9f:ae:
         10:5c:a0:6c:86:72:40:73:a4:24:bc:d7:a9:5d:33:52:b0:fd:
         89:32:e2:a1:a7:6a:30:7f:89:40:a5:88:68:7f:d7:86:79:33:
         50:28:8e:11:20:34:bd:c2:ac:7b:15:20:bc:04:61:f5:3e:9c:
         63:89:b1:a9
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUZ8PyykcBX/ycQq7NwXTisPGNOAgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzE4MDAwMDAwWhcNMjMwMzIxMjM1OTU5
WjCBpTFJMEcGA1UEBRNAMmJhMmM5NDgzOTUzMjllNDY4OGUyOWQ0ZjBiMDcyMjQw
MjM1OTcyZDExZDY5MTcyYzUyOTcxNzM3ZmRiYTNjYjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMgVU9TthT4nzf7M5IZCHgIkwoZRshjBr8+ggPKKYj5DACm1FCT4
3gMhNT/pGPwNtWkgwgjlQ7QV62R/RnEggIyelV5b33yQ7Uh6fCu6casfYGXiCj1r
VswEM0eYayrzQDlu/GjeAtOOpn/WQX2zNkn9wxXdp/edXAOAKqNIvNnGUwbqZ9r9
U3iNqt+nh+MKSvLeuv6vH7tDuLIHE4zkox0NrezhNBW97ogQ3eJDqM4FWyg2SQ4T
H6Xr/jb9ZXY9eijYJyfttxDUVqpEP1YwEgESwt2QJF2Dhs/fyjsqvPsKArWBIJL8
PNWry95W3ptiIW3nL8ZrS1SpxQurU81hsJECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSegEZgXP1EGBAQe5b8aOYV4S0E0TAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMWRiOWZkZDktZjk3Ny00MWJiLWFlOGYtMzY5YTg0NmEwMDg2LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAMuT3Y12g6n2hLVQ
NdjHyJqHtBOLiXiepKjUHlo/BPzxohCr6KzxUaqtc1KWJ3hSyMCa9pEHR94YZv41
lIwa3CY7AYTlJlyb4ia2txd0vLj8doqCSHldrxpMW3bKMFIvzuMMwkoqdsH0Zoc6
as7RDLG665oV5jJcJNC0HDBhL/oPoj2G8kawVolRLoQbzcbYGAsZiQyaOIukXbXS
eiVM8E/9T/DzZcJupHT0XlAn5EZ7HdpHncKHwHfMpIqn7yvhjRerZx6frhBcoGyG
ckBzpCS816ldM1Kw/Yky4qGnajB/iUCliGh/14Z5M1AojhEgNL3CrHsVILwEYfU+
nGOJsak=
-----END CERTIFICATE-----