Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/23c04ac2-a802-4bcf-b72b-4788f7bb6eca.roa
File:                     23c04ac2-a802-4bcf-b72b-4788f7bb6eca.roa (raw, json)
Hash identifier:          Crn+Oyy4P33Ep1cT7OXqTQ+ZlySYCUCshw2chG8HCDM=
Subject key identifier:   02:24:09:C1:6A:72:5C:F9:42:58:EB:CE:D8:12:D1:66:EB:D7:7E:21
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       725048F42E8548D10230C7097D5F8A5AE52E02DF
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/23c04ac2-a802-4bcf-b72b-4788f7bb6eca.roa
Signing time:             Tue 16 May 2023 00:00:00 +0000
ROA not before:           Tue 16 May 2023 00:00:00 +0000
ROA not after:            Fri 19 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:50:48:f4:2e:85:48:d1:02:30:c7:09:7d:5f:8a:5a:e5:2e:02:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 16 00:00:00 2023 GMT
            Not After : May 19 23:59:59 2023 GMT
        Subject: serialNumber=abf4d1c1d2f5f2241dc75dd99f4a9cffa246579d7bb4687f1c84a3237822a50c, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:1f:3f:3c:20:78:75:80:26:c8:dd:a5:f6:c1:
                    52:23:10:4b:fd:5a:09:54:b6:5a:87:61:96:9c:62:
                    d3:0d:17:37:d9:e4:19:c5:49:e5:c7:3a:5e:da:a6:
                    66:21:7b:14:32:08:ca:ca:45:7c:e4:fb:70:31:27:
                    9a:4f:de:17:6c:1d:78:19:c8:3c:45:ca:b7:fa:13:
                    34:f6:2b:af:73:ab:85:a8:36:3f:bc:55:73:3b:02:
                    cf:d7:4c:d2:fd:4d:a1:8a:74:cf:d0:f1:70:d0:36:
                    61:8e:b7:f0:0a:a7:96:8e:87:4b:e0:48:e9:07:7e:
                    0a:08:e7:14:8b:78:31:82:21:c2:3f:68:1c:e0:ce:
                    0e:61:61:e7:cd:49:fa:f3:88:fd:81:8d:ce:19:3a:
                    bb:d6:bf:83:6b:1b:9e:ff:11:f7:64:65:62:1c:a4:
                    a1:05:8c:4f:3d:48:f8:36:63:82:42:55:16:11:e4:
                    1d:1c:07:bc:46:8b:d0:0f:fe:cd:8b:b8:14:bc:06:
                    10:9d:0a:59:ed:1a:13:55:61:7b:96:7e:ca:09:9d:
                    d7:f1:51:04:3b:43:51:a9:00:3c:f8:25:79:23:14:
                    4d:65:de:cb:25:da:0a:bd:42:79:00:5b:87:23:8f:
                    f3:cf:e1:8a:c4:04:c4:1f:13:67:2a:cf:12:65:96:
                    35:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:24:09:C1:6A:72:5C:F9:42:58:EB:CE:D8:12:D1:66:EB:D7:7E:21
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/23c04ac2-a802-4bcf-b72b-4788f7bb6eca.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:e6:6a:92:f5:6a:31:d9:9d:64:a5:4c:13:fd:b4:37:fa:74:
         d9:c7:46:38:5a:5a:cf:ef:8f:5b:b4:09:42:46:12:62:da:dc:
         67:4b:cc:14:b8:95:c8:8c:3b:77:7b:00:f0:f5:a0:26:d6:5d:
         5c:69:87:fd:a0:e4:56:83:79:76:0d:3c:80:9c:0f:60:ed:61:
         ac:2a:ef:47:d9:43:2b:eb:93:a9:55:6c:77:f6:8f:4b:c9:07:
         3c:b2:cd:e2:82:f8:e1:e6:37:35:c5:56:97:5c:09:1d:f1:4c:
         d8:d6:3e:cf:d7:9d:99:dc:c6:ba:5d:b5:85:6c:22:72:cc:09:
         3e:dd:6a:02:29:41:dc:b2:a9:c3:e9:ed:17:90:04:fe:9d:34:
         69:56:44:d6:a5:18:b7:09:e9:79:0c:0e:5f:43:cb:3d:bf:e6:
         be:09:f1:30:29:ab:ce:2c:16:2e:e0:43:33:06:e0:c3:ee:61:
         b0:9f:4a:3a:0e:0a:dd:8f:3f:c0:94:4c:fd:e4:c7:22:63:56:
         2a:81:8e:3e:63:d8:ea:64:35:74:a4:ab:40:3e:ed:58:9d:fc:
         7d:10:ce:80:23:f0:e6:1f:e9:cb:d4:46:57:e9:79:53:eb:84:
         34:de:69:82:b8:c0:be:85:d2:d4:9e:0a:7e:b6:76:75:e7:a2:
         68:a3:5a:0d
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUclBI9C6FSNECMMcJfV+KWuUuAt8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTE2MDAwMDAwWhcNMjMwNTE5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYWJmNGQxYzFkMmY1ZjIyNDFkYzc1ZGQ5OWY0YTljZmZh
MjQ2NTc5ZDdiYjQ2ODdmMWM4NGEzMjM3ODIyYTUwYzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJwfPzwgeHWAJsjdpfbBUiMQS/1aCVS2Wodhlpxi0w0XN9nkGcVJ
5cc6XtqmZiF7FDIIyspFfOT7cDEnmk/eF2wdeBnIPEXKt/oTNPYrr3Orhag2P7xV
czsCz9dM0v1NoYp0z9DxcNA2YY638Aqnlo6HS+BI6Qd+CgjnFIt4MYIhwj9oHODO
DmFh581J+vOI/YGNzhk6u9a/g2sbnv8R92RlYhykoQWMTz1I+DZjgkJVFhHkHRwH
vEaL0A/+zYu4FLwGEJ0KWe0aE1Vhe5Z+ygmd1/FRBDtDUakAPPgleSMUTWXeyyXa
Cr1CeQBbhyOP88/hisQExB8TZyrPEmWWNVUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQCJAnBanJc+UJY687YEtFm69d+ITAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMjNjMDRhYzItYTgwMi00YmNmLWI3MmItNDc4OGY3YmI2ZWNhLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJrmapL1ajHZnWSl
TBP9tDf6dNnHRjhaWs/vj1u0CUJGEmLa3GdLzBS4lciMO3d7APD1oCbWXVxph/2g
5FaDeXYNPICcD2DtYawq70fZQyvrk6lVbHf2j0vJBzyyzeKC+OHmNzXFVpdcCR3x
TNjWPs/XnZncxrpdtYVsInLMCT7dagIpQdyyqcPp7ReQBP6dNGlWRNalGLcJ6XkM
Dl9Dyz2/5r4J8TApq84sFi7gQzMG4MPuYbCfSjoOCt2PP8CUTP3kxyJjViqBjj5j
2OpkNXSkq0A+7Vid/H0QzoAj8OYf6cvURlfpeVPrhDTeaYK4wL6F0tSeCn62dnXn
omijWg0=
-----END CERTIFICATE-----