Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/22648fb8-2c4f-4561-bb85-a1bb99dcf669.roa
File:                     22648fb8-2c4f-4561-bb85-a1bb99dcf669.roa (raw, json)
Hash identifier:          1dOmtywV1bm+UclnQyUlKSHEiPQe91KogtPR2MDem2M=
Subject key identifier:   8A:1A:B2:29:17:1F:C6:DE:97:3A:DC:CB:5E:7A:47:51:90:B5:81:A7
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       43907A0BEC3F344CEA788EC1E3F4B10027CD970F
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/22648fb8-2c4f-4561-bb85-a1bb99dcf669.roa
Signing time:             Thu 16 Mar 2023 00:00:00 +0000
ROA not before:           Thu 16 Mar 2023 00:00:00 +0000
ROA not after:            Sun 19 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:90:7a:0b:ec:3f:34:4c:ea:78:8e:c1:e3:f4:b1:00:27:cd:97:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 16 00:00:00 2023 GMT
            Not After : Mar 19 23:59:59 2023 GMT
        Subject: serialNumber=2c73cf5eb6ae35ecff6ee4f90f073a45db2f86c6749fbfe8a699882ad06ced68, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:c3:45:f7:7c:0c:63:cc:6b:aa:e8:73:1d:ec:
                    ea:d8:4f:20:41:8d:7a:07:f8:23:9f:49:c7:e2:b0:
                    bf:53:95:84:43:54:74:9d:05:03:24:72:54:81:36:
                    09:ca:50:8b:db:b9:48:ae:94:88:75:fd:4e:94:5f:
                    0b:ff:d1:d6:5b:81:94:53:06:e1:cd:f5:bf:5c:5f:
                    db:c5:79:c2:34:3f:e3:c7:61:45:f3:60:d7:df:1f:
                    40:df:c4:a3:85:8b:e2:df:ba:da:19:65:b6:c8:44:
                    94:f3:e5:6d:e3:fe:82:9c:37:76:1e:4b:b5:c9:86:
                    3a:7b:46:8c:16:9d:11:44:ac:82:d1:0e:be:f9:ee:
                    9a:e8:7d:f9:1f:08:5a:b4:cc:23:8f:3d:1b:d3:27:
                    02:03:90:bb:c8:01:fa:08:97:44:45:ec:2c:e1:95:
                    ce:5a:f4:d2:85:ba:21:39:cb:15:20:8e:d9:33:63:
                    12:40:f1:ec:58:70:e3:cd:b7:ab:4a:7f:a5:ae:1e:
                    06:4f:b0:ee:89:5c:2b:55:b5:b0:e5:b0:16:da:48:
                    c2:d2:7f:08:67:a3:c2:93:d2:31:fe:3b:75:5f:ee:
                    d9:19:fd:9c:04:29:c7:54:16:3f:8b:01:58:20:4e:
                    7c:3f:00:32:37:ba:ec:e5:54:db:d8:4e:8a:c9:7f:
                    16:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:1A:B2:29:17:1F:C6:DE:97:3A:DC:CB:5E:7A:47:51:90:B5:81:A7
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/22648fb8-2c4f-4561-bb85-a1bb99dcf669.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:35:37:73:17:b7:66:9a:4c:67:ce:a0:4a:ec:12:e5:b6:0b:
         1b:2c:d3:3b:c0:81:7a:9b:c1:bf:53:71:33:8e:39:68:73:fb:
         e3:44:13:54:66:bd:0a:b3:b1:79:58:df:ff:0e:df:fb:79:22:
         d4:e5:a6:ce:dc:45:b4:f3:df:d7:e4:3c:88:d7:de:9c:8d:7a:
         af:fb:56:82:8d:84:53:7d:7c:16:5a:41:df:8c:a7:53:c5:43:
         c2:33:af:48:dc:80:7d:0d:0c:7b:c4:d8:41:8c:99:ac:71:ae:
         2d:2a:d0:cf:a6:59:cf:98:64:39:55:c2:e1:87:be:b9:20:09:
         d0:8c:a5:0c:62:dd:ec:70:25:c3:da:d0:1e:57:11:0c:a1:75:
         06:e6:f2:54:c4:c0:39:da:41:64:0d:37:5d:44:d9:31:5e:84:
         5d:ec:0e:a0:c9:08:1a:3e:84:2e:0f:47:a6:87:ff:80:d4:f8:
         94:24:09:67:75:89:9a:8e:64:af:4f:46:b8:91:64:c1:9c:c5:
         67:b6:c1:bd:a7:ab:52:50:81:6f:a8:73:4f:1d:9f:da:86:78:
         16:04:ee:30:d5:ff:68:bd:34:61:c9:6d:ac:60:4e:82:40:9f:
         0f:27:ac:1c:97:47:47:81:7c:b5:8c:6d:4a:b5:a8:a1:cb:07:
         8b:2f:4b:7a
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUQ5B6C+w/NEzqeI7B4/SxACfNlw8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzE2MDAwMDAwWhcNMjMwMzE5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMmM3M2NmNWViNmFlMzVlY2ZmNmVlNGY5MGYwNzNhNDVk
YjJmODZjNjc0OWZiZmU4YTY5OTg4MmFkMDZjZWQ2ODEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANPDRfd8DGPMa6rocx3s6thPIEGNegf4I59Jx+Kwv1OVhENUdJ0F
AyRyVIE2CcpQi9u5SK6UiHX9TpRfC//R1luBlFMG4c31v1xf28V5wjQ/48dhRfNg
198fQN/Eo4WL4t+62hlltshElPPlbeP+gpw3dh5LtcmGOntGjBadEUSsgtEOvvnu
muh9+R8IWrTMI489G9MnAgOQu8gB+giXREXsLOGVzlr00oW6ITnLFSCO2TNjEkDx
7Fhw4823q0p/pa4eBk+w7olcK1W1sOWwFtpIwtJ/CGejwpPSMf47dV/u2Rn9nAQp
x1QWP4sBWCBOfD8AMje67OVU29hOisl/FtMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSKGrIpFx/G3pc63MteekdRkLWBpzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMjI2NDhmYjgtMmM0Zi00NTYxLWJiODUtYTFiYjk5ZGNmNjY5LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFY1N3MXt2aaTGfO
oErsEuW2Cxss0zvAgXqbwb9TcTOOOWhz++NEE1RmvQqzsXlY3/8O3/t5ItTlps7c
RbTz39fkPIjX3pyNeq/7VoKNhFN9fBZaQd+Mp1PFQ8Izr0jcgH0NDHvE2EGMmaxx
ri0q0M+mWc+YZDlVwuGHvrkgCdCMpQxi3exwJcPa0B5XEQyhdQbm8lTEwDnaQWQN
N11E2TFehF3sDqDJCBo+hC4PR6aH/4DU+JQkCWd1iZqOZK9PRriRZMGcxWe2wb2n
q1JQgW+oc08dn9qGeBYE7jDV/2i9NGHJbaxgToJAnw8nrByXR0eBfLWMbUq1qKHL
B4svS3o=
-----END CERTIFICATE-----