Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/223e3289-566f-4fdf-aa7d-d8bdc9251426.roa
File:                     223e3289-566f-4fdf-aa7d-d8bdc9251426.roa (raw, json)
Hash identifier:          lhJFkqc+v+Y6lF8CJ2i75UWJ0yHAlQGX5FnuJ8IWshs=
Subject key identifier:   B1:1B:DC:2A:78:D1:94:60:F5:A1:05:7F:50:E9:D5:C4:76:39:1C:0B
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       3F8126A644C473955D49F5D06D93E22E21D1684E
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/223e3289-566f-4fdf-aa7d-d8bdc9251426.roa
Signing time:             Mon 16 Jan 2023 00:00:00 +0000
ROA not before:           Mon 16 Jan 2023 00:00:00 +0000
ROA not after:            Thu 19 Jan 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:81:26:a6:44:c4:73:95:5d:49:f5:d0:6d:93:e2:2e:21:d1:68:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jan 16 00:00:00 2023 GMT
            Not After : Jan 19 23:59:59 2023 GMT
        Subject: serialNumber=a6b530bbcf5535d213284080d80b213bee5c6eecd5782162d2297a356456022e, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:1f:5e:31:98:91:f2:ac:86:a9:f0:d2:0c:30:
                    f7:53:d8:12:46:24:5e:06:bc:01:e3:bb:65:8e:77:
                    bc:3f:02:5b:c0:70:bd:43:48:36:43:85:60:38:3c:
                    4e:f8:14:6f:1d:06:29:9f:12:ce:3c:82:5c:05:b6:
                    ac:3c:a2:3e:5e:12:cf:0a:db:db:96:9b:1d:40:51:
                    1a:ff:f1:22:fa:8f:df:38:a2:95:e2:72:bb:37:a4:
                    cc:82:6e:1c:00:40:e0:94:04:47:47:64:75:ab:b5:
                    9d:70:d8:5a:6a:1d:98:92:27:ac:73:49:66:19:8e:
                    14:af:13:61:6d:a2:cd:fc:e5:ce:cb:1d:2b:b8:cd:
                    2a:36:f4:c0:ce:f1:6c:de:86:d1:ac:5a:c4:ad:46:
                    40:02:93:a8:ca:e3:e0:f0:ee:39:78:7b:3a:ee:ea:
                    57:02:75:d0:8b:bb:cc:33:2d:6b:c6:72:04:8f:5e:
                    54:bc:45:cf:51:54:84:12:80:cc:ed:18:83:ff:cb:
                    61:44:dc:5e:f3:62:63:00:cc:1b:06:db:2f:d6:ad:
                    f9:6e:81:b1:6d:1c:04:80:ee:ff:74:a9:90:6b:51:
                    09:e9:86:f0:98:dc:a4:ce:cb:75:b1:ab:77:13:ec:
                    a4:2b:05:49:c4:41:a3:b1:2b:91:5a:0a:c4:8e:c2:
                    ba:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:1B:DC:2A:78:D1:94:60:F5:A1:05:7F:50:E9:D5:C4:76:39:1C:0B
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/223e3289-566f-4fdf-aa7d-d8bdc9251426.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:77:a8:f1:04:7b:5e:05:45:8a:1a:f3:f5:b9:93:c4:29:5b:
         68:e4:63:e4:e3:96:e6:3c:28:e2:ab:d3:df:52:da:d4:ab:70:
         f4:02:5d:93:8f:4d:09:52:82:3f:96:87:ec:3b:af:2a:32:8b:
         a1:d5:d5:54:fd:59:6f:bc:e9:42:8a:a4:37:4b:07:63:d5:cd:
         16:86:68:73:08:b6:3f:90:6c:fb:aa:44:9b:bd:50:49:6f:0d:
         1f:04:e8:54:48:b0:65:e3:4b:a4:b1:b0:6c:e1:88:11:2f:6e:
         d5:94:19:17:0f:98:9e:42:fc:57:76:a0:30:f5:26:9a:37:30:
         f1:03:4e:06:f8:8f:75:c8:c1:d5:c3:6f:98:8d:22:b8:bf:8c:
         a5:28:07:40:73:93:84:78:d5:e7:3e:79:e0:0f:16:4d:68:af:
         69:21:72:e5:26:73:c5:89:3a:a0:bf:af:56:79:b9:31:e7:28:
         ce:90:f2:57:98:2f:98:6b:4b:52:21:f4:3b:63:fe:58:d8:83:
         83:9e:ad:03:68:1d:b3:f1:8c:85:bc:94:41:d1:08:96:4a:3c:
         0a:40:6c:e8:1d:ab:b0:01:2b:65:e9:6f:4b:d7:d9:4f:71:c2:
         ec:27:d8:0f:28:2f:c0:d4:8b:7e:0c:27:b2:aa:dd:be:bd:b4:
         1d:01:2d:43
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUP4EmpkTEc5VdSfXQbZPiLiHRaE4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMTE2MDAwMDAwWhcNMjMwMTE5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYTZiNTMwYmJjZjU1MzVkMjEzMjg0MDgwZDgwYjIxM2Jl
ZTVjNmVlY2Q1NzgyMTYyZDIyOTdhMzU2NDU2MDIyZTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAM4fXjGYkfKshqnw0gww91PYEkYkXga8AeO7ZY53vD8CW8BwvUNI
NkOFYDg8TvgUbx0GKZ8SzjyCXAW2rDyiPl4Szwrb25abHUBRGv/xIvqP3ziileJy
uzekzIJuHABA4JQER0dkdau1nXDYWmodmJInrHNJZhmOFK8TYW2izfzlzssdK7jN
Kjb0wM7xbN6G0axaxK1GQAKTqMrj4PDuOXh7Ou7qVwJ10Iu7zDMta8ZyBI9eVLxF
z1FUhBKAzO0Yg//LYUTcXvNiYwDMGwbbL9at+W6BsW0cBIDu/3SpkGtRCemG8Jjc
pM7LdbGrdxPspCsFScRBo7ErkVoKxI7Cuh8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSxG9wqeNGUYPWhBX9Q6dXEdjkcCzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMjIzZTMyODktNTY2Zi00ZmRmLWFhN2QtZDhiZGM5MjUxNDI2LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKR3qPEEe14FRYoa
8/W5k8QpW2jkY+TjluY8KOKr099S2tSrcPQCXZOPTQlSgj+Wh+w7ryoyi6HV1VT9
WW+86UKKpDdLB2PVzRaGaHMItj+QbPuqRJu9UElvDR8E6FRIsGXjS6SxsGzhiBEv
btWUGRcPmJ5C/Fd2oDD1Jpo3MPEDTgb4j3XIwdXDb5iNIri/jKUoB0Bzk4R41ec+
eeAPFk1or2khcuUmc8WJOqC/r1Z5uTHnKM6Q8leYL5hrS1Ih9Dtj/ljYg4OerQNo
HbPxjIW8lEHRCJZKPApAbOgdq7ABK2Xpb0vX2U9xwuwn2A8oL8DUi34MJ7Kq3b69
tB0BLUM=
-----END CERTIFICATE-----