Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2502bebd-49f6-4330-86ed-1ff96a61dca6.roa
File:                     2502bebd-49f6-4330-86ed-1ff96a61dca6.roa (raw, json)
Hash identifier:          Tw1FoWj1GWgW0gRIr82dCuP0ZjGGd4a4lTLrTDu6Egw=
Subject key identifier:   82:C2:F9:A7:E6:EC:4A:ED:2D:BD:4F:10:59:8F:89:2B:8C:7B:65:4F
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       61457228CCCE2301EFF091470E9846D3EF788222
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2502bebd-49f6-4330-86ed-1ff96a61dca6.roa
Signing time:             Sat 03 Jun 2023 00:00:00 +0000
ROA not before:           Sat 03 Jun 2023 00:00:00 +0000
ROA not after:            Tue 06 Jun 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:45:72:28:cc:ce:23:01:ef:f0:91:47:0e:98:46:d3:ef:78:82:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jun  3 00:00:00 2023 GMT
            Not After : Jun  6 23:59:59 2023 GMT
        Subject: serialNumber=42255658eeb3a3c57dc397939105be0babc92bc8ab54a9bdd6084306ede2956f, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:24:ec:3c:38:b4:24:d5:9e:4a:c6:92:c3:b7:
                    b3:cf:b7:26:14:b2:ae:30:32:a2:7d:eb:da:35:ec:
                    9d:12:fb:2a:55:e5:e4:63:87:80:4a:9b:8a:cf:78:
                    33:a4:cc:af:e2:76:87:3f:91:31:19:5b:21:3e:ec:
                    60:1a:8e:91:2b:f2:d1:2d:3c:f6:4d:ea:a8:2e:23:
                    8f:d7:f5:d6:57:0d:5e:5a:1a:7a:ad:ea:36:f2:b6:
                    93:95:9b:57:83:bd:f1:2a:73:3d:6c:7c:2b:73:50:
                    61:b1:82:f1:3e:58:4d:f6:93:57:a1:78:65:5d:5e:
                    c1:39:47:ea:86:71:71:74:2a:95:48:e3:a2:d0:c8:
                    a6:38:4d:1c:06:59:73:74:a7:01:2d:dc:46:22:76:
                    83:56:b4:28:84:58:f1:c9:e1:19:6e:14:a7:4e:c4:
                    f4:ea:a7:49:bc:45:7a:4a:a7:9b:53:9d:7e:b4:c1:
                    5b:cf:5c:61:0e:e1:27:89:2d:83:e0:90:07:77:fc:
                    20:d9:ab:17:9c:67:84:8b:30:38:96:be:77:e7:b0:
                    ac:66:f1:55:70:4a:ec:6a:23:48:59:24:df:05:5b:
                    06:44:f2:d4:13:88:68:8f:35:34:48:6c:8a:3f:81:
                    47:f6:d3:45:cc:7e:3f:27:47:48:ed:cf:fc:f7:63:
                    04:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:C2:F9:A7:E6:EC:4A:ED:2D:BD:4F:10:59:8F:89:2B:8C:7B:65:4F
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2502bebd-49f6-4330-86ed-1ff96a61dca6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:a6:af:97:04:b7:4e:b0:ec:88:c7:64:63:62:ca:43:75:c5:
         05:74:45:98:d5:e9:c8:0e:b7:d1:80:78:51:e4:45:4a:be:29:
         c7:05:12:b1:ab:62:da:61:e2:e0:37:3d:21:f0:c9:42:28:0a:
         45:3d:e9:b6:17:d0:b3:11:96:ec:17:8c:5f:41:d8:d1:1b:0a:
         b4:09:82:41:b1:98:5d:fb:bc:c2:7f:36:fe:5d:f2:7a:50:64:
         21:eb:78:fa:e8:4a:56:a3:72:28:57:a1:7e:36:fb:be:68:ff:
         4b:b9:a5:cb:60:56:49:11:aa:75:11:3b:5b:16:54:39:ef:10:
         06:a7:78:11:d9:f1:bf:e6:d8:ee:b6:47:ad:db:e0:4f:c7:53:
         0f:c3:b6:ca:87:2d:ea:6e:41:13:e4:f1:07:36:12:6f:50:67:
         72:00:68:bb:89:b9:eb:e9:8d:a7:41:c7:e0:10:01:26:0b:b5:
         0a:3e:ad:af:a5:24:fd:9e:e3:fb:74:cd:44:95:8c:03:e1:aa:
         08:c0:20:d2:89:05:43:a8:2c:08:00:66:06:1b:36:6b:4b:0e:
         11:ef:8e:44:20:7d:32:f7:fa:c3:a2:5b:b5:2e:28:0e:01:80:
         8f:cf:f1:99:8a:b5:f4:bf:64:f8:3c:69:20:5a:23:f2:7e:b9:
         d2:4b:6d:e7
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUYUVyKMzOIwHv8JFHDphG0+94giIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNjAzMDAwMDAwWhcNMjMwNjA2MjM1OTU5
WjCBpTFJMEcGA1UEBRNANDIyNTU2NThlZWIzYTNjNTdkYzM5NzkzOTEwNWJlMGJh
YmM5MmJjOGFiNTRhOWJkZDYwODQzMDZlZGUyOTU2ZjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAK4k7Dw4tCTVnkrGksO3s8+3JhSyrjAyon3r2jXsnRL7KlXl5GOH
gEqbis94M6TMr+J2hz+RMRlbIT7sYBqOkSvy0S089k3qqC4jj9f11lcNXloaeq3q
NvK2k5WbV4O98SpzPWx8K3NQYbGC8T5YTfaTV6F4ZV1ewTlH6oZxcXQqlUjjotDI
pjhNHAZZc3SnAS3cRiJ2g1a0KIRY8cnhGW4Up07E9OqnSbxFekqnm1OdfrTBW89c
YQ7hJ4ktg+CQB3f8INmrF5xnhIswOJa+d+ewrGbxVXBK7GojSFkk3wVbBkTy1BOI
aI81NEhsij+BR/bTRcx+PydHSO3P/PdjBB0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSCwvmn5uxK7S29TxBZj4krjHtlTzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMjUwMmJlYmQtNDlmNi00MzMwLTg2ZWQtMWZmOTZhNjFkY2E2LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACSmr5cEt06w7IjH
ZGNiykN1xQV0RZjV6cgOt9GAeFHkRUq+KccFErGrYtph4uA3PSHwyUIoCkU96bYX
0LMRluwXjF9B2NEbCrQJgkGxmF37vMJ/Nv5d8npQZCHreProSlajcihXoX42+75o
/0u5pctgVkkRqnURO1sWVDnvEAaneBHZ8b/m2O62R63b4E/HUw/DtsqHLepuQRPk
8Qc2Em9QZ3IAaLuJuevpjadBx+AQASYLtQo+ra+lJP2e4/t0zUSVjAPhqgjAINKJ
BUOoLAgAZgYbNmtLDhHvjkQgfTL3+sOiW7UuKA4BgI/P8ZmKtfS/ZPg8aSBaI/J+
udJLbec=
-----END CERTIFICATE-----