Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/28fa7c5b-77a7-4d92-86d9-fcb45ec5d5a7.roa
File:                     28fa7c5b-77a7-4d92-86d9-fcb45ec5d5a7.roa (raw, json)
Hash identifier:          J5UdpbJC5tbMJKGveuFfDVYQOU7XMjyM5v5pFeBOj40=
Subject key identifier:   32:C5:55:F1:AA:2C:C2:66:C4:0A:52:FB:A3:0D:79:B8:49:24:A3:47
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       1F0E7CF6F4B7068CB2B4D87FC2AC5C23C1359C0B
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/28fa7c5b-77a7-4d92-86d9-fcb45ec5d5a7.roa
Signing time:             Sun 23 Apr 2023 00:00:00 +0000
ROA not before:           Sun 23 Apr 2023 00:00:00 +0000
ROA not after:            Wed 26 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:0e:7c:f6:f4:b7:06:8c:b2:b4:d8:7f:c2:ac:5c:23:c1:35:9c:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 23 00:00:00 2023 GMT
            Not After : Apr 26 23:59:59 2023 GMT
        Subject: serialNumber=96bd2abd18986a26fbf34c03077f57c909bf753092d18c4d55c5cf552c9440d0, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:39:a4:fb:57:18:84:c4:96:3a:96:c3:d8:64:
                    7a:4c:e5:e8:19:5d:ef:e0:d2:22:e9:44:b8:82:b8:
                    3a:74:e5:36:ff:d4:59:f4:27:5b:fa:87:81:3c:c9:
                    ce:c9:d8:fa:48:6a:4a:2a:95:70:00:99:c9:85:5d:
                    dc:c0:1a:23:fd:ba:59:86:b9:0b:a5:4a:44:f9:7c:
                    e9:43:8e:f6:1e:71:8a:ce:04:38:af:6c:d2:aa:b0:
                    76:a7:c8:5d:e6:4c:c2:74:55:a1:28:2c:12:96:49:
                    88:b6:a2:57:5b:7e:6e:4d:21:50:2e:d5:3a:4d:00:
                    21:a8:a9:78:f6:66:e3:10:e5:f3:61:4d:62:e9:17:
                    88:2d:62:e6:13:48:d1:17:8d:02:c2:e5:12:98:1b:
                    d0:ed:39:91:25:e1:84:c5:23:05:c5:6a:af:3a:9f:
                    35:c2:eb:eb:73:5c:df:d9:8d:9c:25:0f:8b:e4:d6:
                    84:1c:78:00:61:31:a0:e3:01:bc:55:27:5b:61:08:
                    80:7c:c1:c3:67:9a:bf:3d:8e:71:6d:21:b4:5b:6d:
                    3b:fb:69:f2:54:2d:1e:a4:88:4a:25:d2:e6:4f:29:
                    f1:4b:67:10:c1:1f:e2:7c:2e:90:c5:62:0e:f6:8d:
                    e3:e9:57:36:b1:5f:1b:ff:0d:bc:8f:e4:df:a5:4e:
                    14:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:C5:55:F1:AA:2C:C2:66:C4:0A:52:FB:A3:0D:79:B8:49:24:A3:47
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/28fa7c5b-77a7-4d92-86d9-fcb45ec5d5a7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:8c:f5:c8:c4:cb:e9:28:67:f6:3b:a7:80:5a:16:c2:5f:9a:
         e7:c8:ac:d2:83:da:d1:02:3b:26:83:80:68:5a:d4:27:ec:9f:
         22:c7:74:cb:90:04:dd:09:e0:01:01:69:e0:d4:38:20:ef:08:
         c0:cd:7f:9f:71:80:a9:ec:e5:8c:fb:df:f1:37:19:e9:5d:f2:
         fc:61:2c:13:75:fb:49:45:1c:7c:04:6c:ee:c9:42:88:1f:f8:
         a9:e9:89:07:67:3e:13:38:2d:07:56:57:6e:54:b2:b9:3e:e0:
         1c:58:a9:4e:04:b8:fa:96:2e:28:a0:fe:24:47:27:be:67:36:
         b0:4e:a2:0e:5c:df:5f:7a:e4:63:db:a7:01:08:96:aa:b2:8c:
         95:75:98:12:5d:85:98:97:3f:ec:4c:4f:ed:ff:0a:6b:64:85:
         f6:b8:a1:8b:78:48:49:94:a1:49:b5:27:50:f5:c9:3d:8b:8d:
         15:ed:57:88:da:74:16:5b:2a:32:e1:b6:06:59:0c:ff:68:1c:
         46:51:26:01:e0:33:1f:58:92:84:87:18:67:66:16:43:81:5f:
         92:83:a7:39:b5:dc:84:00:6f:b3:aa:c3:d0:d9:ea:49:7f:94:
         76:e2:38:53:bf:02:27:31:8b:5d:2a:c0:37:03:d1:ac:26:89:
         9d:42:cc:ad
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUHw589vS3BoyytNh/wqxcI8E1nAswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDIzMDAwMDAwWhcNMjMwNDI2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAOTZiZDJhYmQxODk4NmEyNmZiZjM0YzAzMDc3ZjU3Yzkw
OWJmNzUzMDkyZDE4YzRkNTVjNWNmNTUyYzk0NDBkMDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKE5pPtXGITEljqWw9hkekzl6Bld7+DSIulEuIK4OnTlNv/UWfQn
W/qHgTzJzsnY+khqSiqVcACZyYVd3MAaI/26WYa5C6VKRPl86UOO9h5xis4EOK9s
0qqwdqfIXeZMwnRVoSgsEpZJiLaiV1t+bk0hUC7VOk0AIaipePZm4xDl82FNYukX
iC1i5hNI0ReNAsLlEpgb0O05kSXhhMUjBcVqrzqfNcLr63Nc39mNnCUPi+TWhBx4
AGExoOMBvFUnW2EIgHzBw2eavz2OcW0htFttO/tp8lQtHqSISiXS5k8p8UtnEMEf
4nwukMViDvaN4+lXNrFfG/8NvI/k36VOFFsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQyxVXxqizCZsQKUvujDXm4SSSjRzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMjhmYTdjNWItNzdhNy00ZDkyLTg2ZDktZmNiNDVlYzVkNWE3LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACeM9cjEy+koZ/Y7
p4BaFsJfmufIrNKD2tECOyaDgGha1CfsnyLHdMuQBN0J4AEBaeDUOCDvCMDNf59x
gKns5Yz73/E3Geld8vxhLBN1+0lFHHwEbO7JQogf+KnpiQdnPhM4LQdWV25Usrk+
4BxYqU4EuPqWLiig/iRHJ75nNrBOog5c31965GPbpwEIlqqyjJV1mBJdhZiXP+xM
T+3/Cmtkhfa4oYt4SEmUoUm1J1D1yT2LjRXtV4jadBZbKjLhtgZZDP9oHEZRJgHg
Mx9YkoSHGGdmFkOBX5KDpzm13IQAb7Oqw9DZ6kl/lHbiOFO/Aicxi10qwDcD0awm
iZ1CzK0=
-----END CERTIFICATE-----