Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/21031b60-ca7e-4a7b-ba08-83aa5823e832.roa
File:                     21031b60-ca7e-4a7b-ba08-83aa5823e832.roa (raw, json)
Hash identifier:          J6CMQ/hW9Vg9EIXg77ir0i+nrI81OOi7Cs47QoYbHBE=
Subject key identifier:   97:EE:6A:FA:D0:FF:6A:0D:03:A2:11:07:C2:87:26:37:A2:EA:F6:89
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       02AA4CA499E6D79CFCB5F4A48CB9FC5C6F7D6F5A
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/21031b60-ca7e-4a7b-ba08-83aa5823e832.roa
Signing time:             Tue 21 Feb 2023 00:00:00 +0000
ROA not before:           Tue 21 Feb 2023 00:00:00 +0000
ROA not after:            Fri 24 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:aa:4c:a4:99:e6:d7:9c:fc:b5:f4:a4:8c:b9:fc:5c:6f:7d:6f:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 21 00:00:00 2023 GMT
            Not After : Feb 24 23:59:59 2023 GMT
        Subject: serialNumber=7c3a067bd26f18d9a1ebff9d0d36b7c711c20fc2ab31d574d0a5282ff0d50364, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:d3:33:51:fe:79:54:3d:0f:75:15:ed:6f:8d:
                    1b:4e:2f:99:e4:b4:2d:c1:9b:73:d0:21:9a:15:e2:
                    4b:48:23:e6:5c:4b:e7:f7:f9:e5:e2:f6:6b:a8:60:
                    ae:e1:e6:c7:09:5b:48:87:e8:cb:f5:d4:5e:42:8b:
                    13:9a:db:7a:7c:0e:68:a7:db:94:80:4a:e2:e2:79:
                    92:39:6d:9d:be:0d:96:9f:b8:1a:44:57:db:dc:45:
                    bc:4c:5a:20:69:79:7b:f2:a4:6a:60:98:6b:e1:00:
                    ee:66:16:0a:3d:07:ae:a7:29:4c:67:70:5b:a0:27:
                    77:29:aa:77:43:21:61:9c:6b:3f:ec:f0:c5:ce:c6:
                    68:e9:0d:6d:c2:6d:2f:e2:4c:e8:64:06:c2:3c:bf:
                    13:34:e1:7f:d6:6d:74:3f:5f:2d:95:b8:63:79:bf:
                    38:f5:7c:f2:6d:3e:2c:aa:4b:c4:99:4e:35:17:3c:
                    20:79:28:17:f2:47:89:fe:1f:8b:cd:f5:fd:95:19:
                    67:ac:ce:15:f5:6a:45:dc:08:d7:4b:23:a9:ad:29:
                    ee:35:f2:22:b0:59:95:17:a7:38:07:42:33:3c:63:
                    dd:67:b7:c4:e3:24:f8:45:cb:94:b6:fe:35:ac:5b:
                    6e:7b:e2:d4:48:5b:41:a4:f9:ba:4c:b9:02:eb:f1:
                    76:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:EE:6A:FA:D0:FF:6A:0D:03:A2:11:07:C2:87:26:37:A2:EA:F6:89
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/21031b60-ca7e-4a7b-ba08-83aa5823e832.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:2c:08:44:3e:69:fd:94:a1:a2:e6:a4:bb:7b:97:41:1c:c4:
         ba:67:ed:a7:2f:8d:b8:a6:61:2d:80:4b:65:5f:f4:05:51:9a:
         27:92:8c:9f:64:6d:4a:be:fc:c8:5e:91:d0:11:85:6b:59:01:
         a3:b4:66:89:fe:be:3a:cd:fb:2e:a4:4a:ca:8b:b2:64:c4:c2:
         86:02:6c:f1:b2:b4:ea:84:bb:92:24:d0:71:f5:20:cd:83:bd:
         cc:07:9c:90:71:93:4b:88:22:05:c2:c6:dd:6d:47:02:f5:1a:
         5e:64:50:44:77:d2:9b:0f:f9:d2:f1:57:0a:66:0d:73:44:b2:
         82:b4:11:4f:f3:5b:3c:15:11:54:56:a3:22:46:21:c6:d3:86:
         be:fc:8e:a2:ed:74:f5:10:ec:9f:cc:aa:18:df:66:f0:b8:39:
         08:6f:e4:39:ed:4b:26:64:76:3a:00:72:9e:69:5a:d4:98:02:
         fc:3e:d2:3b:43:04:99:b1:e3:f7:0c:da:b1:f8:e5:ed:ba:95:
         54:6a:25:52:4b:ae:9f:c1:82:00:5d:9c:ac:49:a3:bf:1d:2e:
         f5:64:52:aa:3a:f1:a3:64:2b:60:94:37:70:60:59:7d:e2:9c:
         eb:77:68:a2:92:f5:59:1b:b0:44:bb:31:44:5c:67:86:d4:a6:
         7d:f9:63:3f
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUAqpMpJnm15z8tfSkjLn8XG99b1owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjIxMDAwMDAwWhcNMjMwMjI0MjM1OTU5
WjCBpTFJMEcGA1UEBRNAN2MzYTA2N2JkMjZmMThkOWExZWJmZjlkMGQzNmI3Yzcx
MWMyMGZjMmFiMzFkNTc0ZDBhNTI4MmZmMGQ1MDM2NDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALvTM1H+eVQ9D3UV7W+NG04vmeS0LcGbc9AhmhXiS0gj5lxL5/f5
5eL2a6hgruHmxwlbSIfoy/XUXkKLE5rbenwOaKfblIBK4uJ5kjltnb4Nlp+4GkRX
29xFvExaIGl5e/KkamCYa+EA7mYWCj0HrqcpTGdwW6Andymqd0MhYZxrP+zwxc7G
aOkNbcJtL+JM6GQGwjy/EzThf9ZtdD9fLZW4Y3m/OPV88m0+LKpLxJlONRc8IHko
F/JHif4fi831/ZUZZ6zOFfVqRdwI10sjqa0p7jXyIrBZlRenOAdCMzxj3We3xOMk
+EXLlLb+Naxbbnvi1EhbQaT5uky5AuvxdsECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSX7mr60P9qDQOiEQfChyY3our2iTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMjEwMzFiNjAtY2E3ZS00YTdiLWJhMDgtODNhYTU4MjNlODMyLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACgsCEQ+af2UoaLm
pLt7l0EcxLpn7acvjbimYS2AS2Vf9AVRmieSjJ9kbUq+/MhekdARhWtZAaO0Zon+
vjrN+y6kSsqLsmTEwoYCbPGytOqEu5Ik0HH1IM2DvcwHnJBxk0uIIgXCxt1tRwL1
Gl5kUER30psP+dLxVwpmDXNEsoK0EU/zWzwVEVRWoyJGIcbThr78jqLtdPUQ7J/M
qhjfZvC4OQhv5DntSyZkdjoAcp5pWtSYAvw+0jtDBJmx4/cM2rH45e26lVRqJVJL
rp/BggBdnKxJo78dLvVkUqo68aNkK2CUN3BgWX3inOt3aKKS9VkbsES7MURcZ4bU
pn35Yz8=
-----END CERTIFICATE-----