Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2abcc4f2-84ca-40ec-b3ec-165de7dac751.roa
File:                     2abcc4f2-84ca-40ec-b3ec-165de7dac751.roa (raw, json)
Hash identifier:          KWa+Vk2uJ5IDSs9bNpxWTXs029SHzZlnQFi7aAUzGeE=
Subject key identifier:   F0:F7:4D:7B:8B:57:75:53:86:0A:1B:63:F2:27:15:24:0D:F9:C1:BB
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       4B6EC9B25345BCB0171BACF3CD916451AC25AB6A
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2abcc4f2-84ca-40ec-b3ec-165de7dac751.roa
Signing time:             Tue 04 Apr 2023 00:00:00 +0000
ROA not before:           Tue 04 Apr 2023 00:00:00 +0000
ROA not after:            Fri 07 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:6e:c9:b2:53:45:bc:b0:17:1b:ac:f3:cd:91:64:51:ac:25:ab:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr  4 00:00:00 2023 GMT
            Not After : Apr  7 23:59:59 2023 GMT
        Subject: serialNumber=56f9b42d5bfbc0fc3ba852dabfc30da75eb76078d9595883a32205e7d5cc8c44, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:fe:78:8c:62:f9:6e:6c:1c:2d:6f:9e:80:68:
                    cf:9b:47:d3:1f:dd:5c:0a:39:49:7b:86:c7:47:52:
                    2d:c6:1c:3f:39:01:45:88:0a:c5:7e:1a:37:27:0b:
                    89:92:2b:7e:36:b5:03:8b:a1:f3:71:a9:89:f3:e1:
                    5c:f9:b6:2e:90:e4:78:38:2a:19:5c:38:57:d2:84:
                    31:5b:f0:a0:5a:56:49:ef:55:8f:26:a9:49:34:c9:
                    45:a3:c5:43:5c:56:5f:1d:78:90:91:89:ea:61:11:
                    a5:3e:77:9f:74:af:26:8d:8f:f1:ab:dc:dc:aa:82:
                    75:2b:3f:9e:ce:91:ba:9e:52:a2:67:d9:0f:28:16:
                    ec:31:4e:5e:bd:2d:c9:24:43:c1:74:1f:13:02:20:
                    75:d6:38:9f:31:2a:42:c6:5e:d0:68:e0:58:6d:4f:
                    d5:74:fd:2f:39:3b:25:74:85:ea:41:04:21:84:61:
                    18:10:2b:e3:11:02:54:6d:0c:73:59:f6:ff:9b:b5:
                    47:30:3c:1a:e7:38:74:c4:84:98:d2:26:c4:d3:a9:
                    82:f9:13:2b:48:62:28:6d:46:f3:f9:6c:4c:69:70:
                    c3:49:c5:4c:b9:78:74:93:60:57:c5:c7:20:ef:d6:
                    13:e0:59:b8:6c:59:bd:b9:f7:84:53:cc:3b:2d:5e:
                    89:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:F7:4D:7B:8B:57:75:53:86:0A:1B:63:F2:27:15:24:0D:F9:C1:BB
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2abcc4f2-84ca-40ec-b3ec-165de7dac751.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c4:88:13:66:f8:57:68:98:05:e7:83:26:f7:f0:5d:ac:57:ff:
         08:bf:15:14:65:04:7c:fe:d9:85:7a:e8:ef:ee:e9:06:66:ba:
         9c:65:fc:37:c6:6a:d2:ea:e6:fc:fa:5d:bd:ef:5d:af:60:b1:
         64:f5:bd:ad:65:b9:27:45:db:e0:62:9a:a8:d1:cd:d8:7b:7e:
         89:76:83:f0:a5:94:d1:db:2b:f1:62:10:10:cb:5f:8d:13:b5:
         e0:84:df:75:90:3b:1d:c8:29:67:78:91:54:1b:1b:a6:56:65:
         2b:d0:77:7c:87:99:96:77:8a:0b:34:c0:1f:dc:cf:66:e5:8f:
         bd:05:54:28:28:b5:a4:af:4c:12:ed:e6:b3:f2:d1:b2:04:d5:
         79:eb:3c:aa:63:61:11:5e:74:8b:d3:f8:fe:ab:34:c5:fc:cf:
         d3:85:df:e2:67:da:9b:7c:fd:c4:9e:0b:01:dc:7b:45:57:4a:
         92:47:d5:c6:ad:22:5f:6a:34:93:25:76:29:28:82:95:3e:cc:
         10:63:53:f1:93:0b:df:2f:b6:3b:a0:9b:49:99:e4:8a:b5:6c:
         5e:99:1e:79:50:b8:cd:2d:63:a5:68:d0:89:33:20:4f:ab:c2:
         5a:2d:7c:fa:18:3b:85:8b:49:b3:c8:3f:4f:8b:9d:ff:08:26:
         82:a7:b4:a3
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUS27JslNFvLAXG6zzzZFkUawlq2owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDA0MDAwMDAwWhcNMjMwNDA3MjM1OTU5
WjCBpTFJMEcGA1UEBRNANTZmOWI0MmQ1YmZiYzBmYzNiYTg1MmRhYmZjMzBkYTc1
ZWI3NjA3OGQ5NTk1ODgzYTMyMjA1ZTdkNWNjOGM0NDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKf+eIxi+W5sHC1vnoBoz5tH0x/dXAo5SXuGx0dSLcYcPzkBRYgK
xX4aNycLiZIrfja1A4uh83GpifPhXPm2LpDkeDgqGVw4V9KEMVvwoFpWSe9Vjyap
STTJRaPFQ1xWXx14kJGJ6mERpT53n3SvJo2P8avc3KqCdSs/ns6Rup5SomfZDygW
7DFOXr0tySRDwXQfEwIgddY4nzEqQsZe0GjgWG1P1XT9Lzk7JXSF6kEEIYRhGBAr
4xECVG0Mc1n2/5u1RzA8Guc4dMSEmNImxNOpgvkTK0hiKG1G8/lsTGlww0nFTLl4
dJNgV8XHIO/WE+BZuGxZvbn3hFPMOy1eiW0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTw9017i1d1U4YKG2PyJxUkDfnBuzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMmFiY2M0ZjItODRjYS00MGVjLWIzZWMtMTY1ZGU3ZGFjNzUxLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAMSIE2b4V2iYBeeD
JvfwXaxX/wi/FRRlBHz+2YV66O/u6QZmupxl/DfGatLq5vz6Xb3vXa9gsWT1va1l
uSdF2+BimqjRzdh7fol2g/CllNHbK/FiEBDLX40TteCE33WQOx3IKWd4kVQbG6ZW
ZSvQd3yHmZZ3igs0wB/cz2blj70FVCgotaSvTBLt5rPy0bIE1XnrPKpjYRFedIvT
+P6rNMX8z9OF3+Jn2pt8/cSeCwHce0VXSpJH1catIl9qNJMldikogpU+zBBjU/GT
C98vtjugm0mZ5Iq1bF6ZHnlQuM0tY6Vo0IkzIE+rwlotfPoYO4WLSbPIP0+Lnf8I
JoKntKM=
-----END CERTIFICATE-----