Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1dd80e9d-8bfd-47b2-829e-52a369c10d9a.roa
File:                     1dd80e9d-8bfd-47b2-829e-52a369c10d9a.roa (raw, json)
Hash identifier:          SrJ9tegjcTcyV4ZDoeJu496Fn+/4yhDot3BF/cF70no=
Subject key identifier:   B9:42:74:15:4A:95:BA:74:2A:4B:E0:0E:7A:10:08:54:FE:5B:B2:02
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       76B7AC46A368FF470B03A8061CFB8268307D0F55
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1dd80e9d-8bfd-47b2-829e-52a369c10d9a.roa
Signing time:             Fri 14 Apr 2023 00:00:00 +0000
ROA not before:           Fri 14 Apr 2023 00:00:00 +0000
ROA not after:            Mon 17 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:b7:ac:46:a3:68:ff:47:0b:03:a8:06:1c:fb:82:68:30:7d:0f:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 14 00:00:00 2023 GMT
            Not After : Apr 17 23:59:59 2023 GMT
        Subject: serialNumber=12076aa9b4a0f1901fa63f9257422d9f0539f36d1f080799e2b5270ddd6aecb2, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:10:dc:f3:c5:a3:a7:fe:e4:54:c6:63:70:cf:
                    bf:fb:16:a1:24:41:b3:a2:c5:02:b7:13:90:da:85:
                    4b:87:de:0a:79:22:48:8b:f2:81:06:b7:4b:b3:a5:
                    ac:ad:20:8e:4b:48:d8:f7:92:51:b3:55:d8:da:bf:
                    f0:d0:12:96:34:2b:2c:69:ef:ca:db:40:7e:30:72:
                    5c:e8:a4:d1:a2:75:2a:c6:9b:0a:ac:60:1f:93:09:
                    dc:ea:05:db:c7:a4:dd:fe:e8:13:29:f8:9b:93:50:
                    f9:2d:31:a9:6b:64:e6:4e:75:6a:57:0e:39:7b:db:
                    50:8c:3a:d7:92:78:1f:e0:91:8b:15:95:60:1a:be:
                    17:4b:b2:0a:ea:f1:1f:b5:d1:4f:cd:9a:b7:f2:72:
                    3e:ca:9b:90:fc:b7:9e:37:f3:9f:55:f8:f7:b7:f7:
                    c2:bf:1c:a9:aa:00:11:92:2a:c5:53:f4:b6:00:0e:
                    8d:ab:10:8d:c3:9d:c5:d4:84:b0:a6:0c:90:65:32:
                    e3:2d:c3:0c:eb:90:a6:bf:0a:4b:52:54:54:c6:3e:
                    22:82:31:a1:e5:44:db:20:58:09:a0:d5:32:52:41:
                    98:cf:fd:8c:cf:d3:f8:1d:bd:10:40:c5:d4:44:e2:
                    8d:5d:47:c4:fe:57:b9:d9:8d:22:bc:5e:22:e9:72:
                    6b:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:42:74:15:4A:95:BA:74:2A:4B:E0:0E:7A:10:08:54:FE:5B:B2:02
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1dd80e9d-8bfd-47b2-829e-52a369c10d9a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:93:02:63:2f:76:65:d4:5b:6d:bb:02:16:fa:b9:66:d1:84:
         0b:b1:4d:75:ac:15:fd:23:2d:fd:1a:9d:f9:67:f0:43:cf:d6:
         a0:b8:f3:99:28:b3:75:10:2a:ea:bf:d9:75:e2:c5:c0:40:b5:
         72:b0:c2:9b:c7:d5:71:cf:81:4c:0c:a6:73:ba:eb:46:cc:d4:
         82:85:b4:c4:8d:77:f4:04:72:3d:6c:bf:ce:40:4a:22:50:72:
         08:0f:b6:fa:ff:b2:25:10:36:4d:00:2e:55:73:f4:30:bb:88:
         ee:f8:bc:ba:bc:da:8b:c6:ca:90:e2:21:4e:f9:98:f1:9a:ea:
         c5:43:49:4a:f0:f6:ba:8d:61:ea:a9:c3:bd:68:fe:07:53:ef:
         a3:03:92:b7:6d:9b:d3:cb:5c:9e:2d:15:af:4c:5c:3f:dc:6d:
         90:ed:ba:ed:ff:54:95:25:5b:e7:bc:e7:a8:4e:18:fe:69:d5:
         bf:c3:18:e9:ed:18:b0:10:bb:e0:c6:72:5e:92:e0:5d:03:1f:
         8b:dc:9e:dc:70:3e:5c:52:b8:6b:7e:b4:9e:9d:d2:d9:6c:aa:
         d1:8e:13:f8:11:b8:67:ba:15:b7:15:52:7d:0f:f9:14:fa:b0:
         55:02:a8:73:ff:56:49:fd:5d:9b:03:a7:47:ac:c1:7e:76:38:
         bc:2c:a5:fb
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUdresRqNo/0cLA6gGHPuCaDB9D1UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDE0MDAwMDAwWhcNMjMwNDE3MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMTIwNzZhYTliNGEwZjE5MDFmYTYzZjkyNTc0MjJkOWYw
NTM5ZjM2ZDFmMDgwNzk5ZTJiNTI3MGRkZDZhZWNiMjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKcQ3PPFo6f+5FTGY3DPv/sWoSRBs6LFArcTkNqFS4feCnkiSIvy
gQa3S7OlrK0gjktI2PeSUbNV2Nq/8NASljQrLGnvyttAfjByXOik0aJ1KsabCqxg
H5MJ3OoF28ek3f7oEyn4m5NQ+S0xqWtk5k51alcOOXvbUIw615J4H+CRixWVYBq+
F0uyCurxH7XRT82at/JyPsqbkPy3njfzn1X497f3wr8cqaoAEZIqxVP0tgAOjasQ
jcOdxdSEsKYMkGUy4y3DDOuQpr8KS1JUVMY+IoIxoeVE2yBYCaDVMlJBmM/9jM/T
+B29EEDF1ETijV1HxP5XudmNIrxeIulyazsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBS5QnQVSpW6dCpL4A56EAhU/luyAjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMWRkODBlOWQtOGJmZC00N2IyLTgyOWUtNTJhMzY5YzEwZDlhLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJyTAmMvdmXUW227
Ahb6uWbRhAuxTXWsFf0jLf0anfln8EPP1qC485kos3UQKuq/2XXixcBAtXKwwpvH
1XHPgUwMpnO660bM1IKFtMSNd/QEcj1sv85ASiJQcggPtvr/siUQNk0ALlVz9DC7
iO74vLq82ovGypDiIU75mPGa6sVDSUrw9rqNYeqpw71o/gdT76MDkrdtm9PLXJ4t
Fa9MXD/cbZDtuu3/VJUlW+e856hOGP5p1b/DGOntGLAQu+DGcl6S4F0DH4vcntxw
PlxSuGt+tJ6d0tlsqtGOE/gRuGe6FbcVUn0P+RT6sFUCqHP/Vkn9XZsDp0eswX52
OLwspfs=
-----END CERTIFICATE-----