Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/20421632-4cc5-4264-a2a9-bedc45b55b3b.roa
File:                     20421632-4cc5-4264-a2a9-bedc45b55b3b.roa (raw, json)
Hash identifier:          zkesGtnpqA8lJsb5pDYt7bJzPbp/3LXWvyYQJn9Mss4=
Subject key identifier:   81:52:36:F0:6B:4E:28:E2:B6:DD:1B:3D:70:86:46:55:8B:32:FE:50
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       2D8AA587394B6C664B856833E6E609D8FED72999
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/20421632-4cc5-4264-a2a9-bedc45b55b3b.roa
Signing time:             Mon 20 Mar 2023 00:00:00 +0000
ROA not before:           Mon 20 Mar 2023 00:00:00 +0000
ROA not after:            Thu 23 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:8a:a5:87:39:4b:6c:66:4b:85:68:33:e6:e6:09:d8:fe:d7:29:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 20 00:00:00 2023 GMT
            Not After : Mar 23 23:59:59 2023 GMT
        Subject: serialNumber=b0a1f1a45d49cb07686d598d872aafdc3b97a6e85362a907c592b7b0d54e1eea, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:00:8a:96:74:df:be:36:b7:63:df:d7:fd:14:
                    79:4e:4b:f8:bc:b9:25:ec:46:69:86:6f:02:85:90:
                    b2:e9:81:76:d4:37:16:12:0b:1b:59:1e:c9:53:a4:
                    de:4c:c0:87:81:9b:88:6b:34:b2:ee:28:db:60:0f:
                    7a:13:fa:a0:4d:a9:ba:0d:be:d5:30:ab:2d:24:11:
                    62:3d:55:3d:eb:f2:e1:48:ea:59:dd:c3:6b:7f:d4:
                    cd:83:6e:5a:a8:6e:5d:e9:12:45:a2:95:76:7c:fd:
                    42:65:09:f3:59:46:60:14:f4:92:68:3d:93:90:17:
                    37:0f:2a:ce:8b:30:1d:c7:8f:80:34:f4:95:73:e5:
                    9f:67:c3:1d:72:18:7a:c7:f5:61:4b:a9:17:8f:b4:
                    82:19:a3:b1:71:f2:49:a2:5c:f8:99:d7:49:34:9a:
                    bd:ab:91:40:5b:21:58:1a:e6:67:9b:57:75:58:58:
                    b6:b6:10:12:47:93:2c:2f:15:0c:02:52:62:3f:f4:
                    43:e7:7e:dc:91:59:af:94:17:9f:ee:07:53:76:6f:
                    d8:08:18:99:23:f1:6a:df:02:5b:1d:0d:93:1f:ca:
                    72:d7:04:95:b0:02:94:7a:a8:29:fb:56:7e:41:c4:
                    0f:ed:e9:61:79:3b:e8:09:1e:3e:55:63:c0:2a:28:
                    b1:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:52:36:F0:6B:4E:28:E2:B6:DD:1B:3D:70:86:46:55:8B:32:FE:50
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/20421632-4cc5-4264-a2a9-bedc45b55b3b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:03:0c:68:da:48:e3:20:0e:04:2f:d5:d8:97:71:cf:c5:4a:
         ba:66:06:d1:fc:92:01:8b:1d:2a:99:c1:a8:e3:93:15:e2:ae:
         15:bd:d4:17:25:b9:bf:4a:a6:47:16:4b:77:72:f1:a6:41:4a:
         e3:2c:8a:ba:e1:53:f2:65:5b:62:2f:8f:ee:a7:fd:f3:f7:e1:
         a7:2f:09:12:56:4d:48:a4:62:c6:a5:e7:2e:e8:56:8f:5b:67:
         f1:32:f9:19:81:e2:d5:f7:0a:74:4b:5e:44:85:8b:b5:d6:6c:
         2d:e6:7f:a7:2c:48:53:58:f5:dd:3f:9b:01:c0:38:58:97:eb:
         9b:93:96:08:b4:f7:9b:63:b5:dd:3f:b1:4c:6a:05:94:db:10:
         5b:e3:b2:3f:e8:f6:62:38:b8:fc:ac:eb:c3:d2:0f:2d:9a:4b:
         9d:4b:63:d8:bb:57:cb:c9:b8:7c:02:e3:48:64:51:d6:c9:52:
         a9:92:1d:ff:07:4e:b6:62:79:bf:fe:df:ad:96:68:02:ec:0f:
         f6:f7:35:19:f7:8e:2f:7f:e4:4e:57:94:50:79:4c:0e:c6:8b:
         3c:cd:ff:d8:09:7d:1a:09:cd:6e:fc:0e:de:b6:b9:59:f9:50:
         46:ee:61:51:41:26:9f:95:56:49:48:8c:c3:92:f0:89:50:a0:
         06:04:a1:e8
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIULYqlhzlLbGZLhWgz5uYJ2P7XKZkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzIwMDAwMDAwWhcNMjMwMzIzMjM1OTU5
WjCBpTFJMEcGA1UEBRNAYjBhMWYxYTQ1ZDQ5Y2IwNzY4NmQ1OThkODcyYWFmZGMz
Yjk3YTZlODUzNjJhOTA3YzU5MmI3YjBkNTRlMWVlYTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAK8AipZ03742t2Pf1/0UeU5L+Ly5JexGaYZvAoWQsumBdtQ3FhIL
G1keyVOk3kzAh4GbiGs0su4o22APehP6oE2pug2+1TCrLSQRYj1VPevy4UjqWd3D
a3/UzYNuWqhuXekSRaKVdnz9QmUJ81lGYBT0kmg9k5AXNw8qzoswHcePgDT0lXPl
n2fDHXIYesf1YUupF4+0ghmjsXHySaJc+JnXSTSavauRQFshWBrmZ5tXdVhYtrYQ
EkeTLC8VDAJSYj/0Q+d+3JFZr5QXn+4HU3Zv2AgYmSPxat8CWx0Nkx/KctcElbAC
lHqoKftWfkHED+3pYXk76AkePlVjwCoose0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSBUjbwa04o4rbdGz1whkZVizL+UDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMjA0MjE2MzItNGNjNS00MjY0LWEyYTktYmVkYzQ1YjU1YjNiLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHEDDGjaSOMgDgQv
1diXcc/FSrpmBtH8kgGLHSqZwajjkxXirhW91Bclub9KpkcWS3dy8aZBSuMsirrh
U/JlW2Ivj+6n/fP34acvCRJWTUikYsal5y7oVo9bZ/Ey+RmB4tX3CnRLXkSFi7XW
bC3mf6csSFNY9d0/mwHAOFiX65uTlgi095tjtd0/sUxqBZTbEFvjsj/o9mI4uPys
68PSDy2aS51LY9i7V8vJuHwC40hkUdbJUqmSHf8HTrZieb/+362WaALsD/b3NRn3
ji9/5E5XlFB5TA7GizzN/9gJfRoJzW78Dt62uVn5UEbuYVFBJp+VVklIjMOS8IlQ
oAYEoeg=
-----END CERTIFICATE-----