Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/26005b18-0ef5-4382-ad9e-0c9359866f58.roa
File:                     26005b18-0ef5-4382-ad9e-0c9359866f58.roa (raw, json)
Hash identifier:          hpnyQ6xMn6G0vWZAwb5rxOESIs7Q/G1a9wnWmI8sxHQ=
Subject key identifier:   C1:C9:D0:41:C0:53:10:06:ED:AA:27:09:00:FD:E4:2F:67:92:8A:6B
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       1BC8175A2FD82BEABB06489200CD78C8DC40D02D
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/26005b18-0ef5-4382-ad9e-0c9359866f58.roa
Signing time:             Tue 14 Feb 2023 00:00:00 +0000
ROA not before:           Tue 14 Feb 2023 00:00:00 +0000
ROA not after:            Fri 17 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:c8:17:5a:2f:d8:2b:ea:bb:06:48:92:00:cd:78:c8:dc:40:d0:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 14 00:00:00 2023 GMT
            Not After : Feb 17 23:59:59 2023 GMT
        Subject: serialNumber=711fcaecbd776d978756eda83ec26f8af5eca5e8d8e4f5dde5c9b6b761c0c95e, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:5d:ee:a8:6b:7e:fa:76:bd:5f:65:34:7b:2c:
                    bd:1f:81:3c:90:a7:ae:19:99:19:63:7e:be:32:2f:
                    63:35:6b:36:0f:cf:a8:73:85:05:b5:33:f5:c0:e0:
                    37:6f:2e:ed:fd:5d:9b:3d:b1:53:66:53:82:ad:4e:
                    db:cd:fe:ee:bc:e3:d2:2f:08:7c:da:30:bf:44:1e:
                    0d:6b:fa:c6:36:46:74:36:d8:da:bb:5a:ea:eb:aa:
                    09:52:da:d3:de:3f:bc:89:d7:36:de:03:a1:22:77:
                    f9:03:2f:5d:7a:a9:91:a6:67:23:cc:89:45:88:b6:
                    ca:f1:64:b7:2c:1f:14:98:12:2c:aa:b5:53:94:f5:
                    61:9c:c1:20:ac:86:27:93:5a:c2:c4:8b:50:04:9d:
                    3d:99:38:08:9c:83:c8:6d:bd:44:d7:ce:65:39:98:
                    3b:31:6e:fa:e8:96:67:a7:13:77:63:69:d1:19:3a:
                    d8:b6:f4:25:79:32:d5:23:ae:24:2f:b9:f2:5a:cf:
                    ed:a0:b3:57:1e:19:bd:b0:aa:88:69:c5:31:61:95:
                    73:2d:0c:a8:d5:4b:22:75:1b:a5:c0:76:99:6e:6f:
                    42:2a:f4:a1:cb:5d:9a:fa:3d:c9:79:a3:26:15:7c:
                    a3:d5:56:eb:df:b7:f6:a5:52:f5:05:27:1a:53:a0:
                    3b:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:C9:D0:41:C0:53:10:06:ED:AA:27:09:00:FD:E4:2F:67:92:8A:6B
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/26005b18-0ef5-4382-ad9e-0c9359866f58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:23:7f:8d:35:4b:21:3f:5c:17:0e:86:72:35:8b:db:fe:6f:
         69:0a:ae:2b:1c:b5:39:67:5e:22:7f:9d:bc:52:7f:1c:68:fb:
         50:e4:54:46:df:99:93:f6:c8:10:47:a7:dd:2d:95:64:f8:44:
         6d:db:54:c9:5d:3a:94:6f:ec:47:29:07:fd:e0:68:2c:ff:2a:
         9a:1d:c3:dc:c3:42:e6:04:4c:14:33:ff:6e:2f:52:e7:0a:ab:
         e0:b6:a5:c3:50:d9:ef:4e:88:51:26:c1:6a:82:4b:96:6c:45:
         bf:ea:f9:1a:76:ea:6c:79:e7:c7:24:de:cc:50:0b:8e:48:3a:
         00:d2:77:27:eb:fc:f8:f2:01:4d:5c:03:7f:fc:4c:53:06:c5:
         cc:c7:d2:df:cc:30:0b:35:1b:17:93:36:e9:e8:c9:a2:01:e7:
         f9:4b:50:e5:28:d5:94:a5:29:f2:c8:03:a8:13:22:da:7f:37:
         38:61:1b:13:15:35:68:51:f5:48:97:f9:a5:1c:fa:b3:fb:e3:
         d9:b7:7a:0f:42:24:0a:64:6b:5a:8c:a5:4b:4f:8c:7f:f4:5a:
         82:f1:16:db:17:f2:6a:42:51:3a:8a:6d:96:6d:26:9f:9f:5c:
         7b:21:f1:ca:9f:07:33:ea:f4:83:26:c8:87:fa:1a:b4:50:f4:
         48:86:63:28
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUG8gXWi/YK+q7BkiSAM14yNxA0C0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjE0MDAwMDAwWhcNMjMwMjE3MjM1OTU5
WjCBpTFJMEcGA1UEBRNANzExZmNhZWNiZDc3NmQ5Nzg3NTZlZGE4M2VjMjZmOGFm
NWVjYTVlOGQ4ZTRmNWRkZTVjOWI2Yjc2MWMwYzk1ZTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJxd7qhrfvp2vV9lNHssvR+BPJCnrhmZGWN+vjIvYzVrNg/PqHOF
BbUz9cDgN28u7f1dmz2xU2ZTgq1O283+7rzj0i8IfNowv0QeDWv6xjZGdDbY2rta
6uuqCVLa094/vInXNt4DoSJ3+QMvXXqpkaZnI8yJRYi2yvFktywfFJgSLKq1U5T1
YZzBIKyGJ5NawsSLUASdPZk4CJyDyG29RNfOZTmYOzFu+uiWZ6cTd2Np0Rk62Lb0
JXky1SOuJC+58lrP7aCzVx4ZvbCqiGnFMWGVcy0MqNVLInUbpcB2mW5vQir0octd
mvo9yXmjJhV8o9VW69+39qVS9QUnGlOgOy0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTBydBBwFMQBu2qJwkA/eQvZ5KKazAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMjYwMDViMTgtMGVmNS00MzgyLWFkOWUtMGM5MzU5ODY2ZjU4LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADkjf401SyE/XBcO
hnI1i9v+b2kKrisctTlnXiJ/nbxSfxxo+1DkVEbfmZP2yBBHp90tlWT4RG3bVMld
OpRv7EcpB/3gaCz/Kpodw9zDQuYETBQz/24vUucKq+C2pcNQ2e9OiFEmwWqCS5Zs
Rb/q+Rp26mx558ck3sxQC45IOgDSdyfr/PjyAU1cA3/8TFMGxczH0t/MMAs1GxeT
NunoyaIB5/lLUOUo1ZSlKfLIA6gTItp/NzhhGxMVNWhR9UiX+aUc+rP749m3eg9C
JApka1qMpUtPjH/0WoLxFtsX8mpCUTqKbZZtJp+fXHsh8cqfBzPq9IMmyIf6GrRQ
9EiGYyg=
-----END CERTIFICATE-----