Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2b7208cc-9635-4fee-9a51-6b406e01bef7.roa
File:                     2b7208cc-9635-4fee-9a51-6b406e01bef7.roa (raw, json)
Hash identifier:          Q4ClI2+r81YVo9vBu/5hMtLrKRfPSx1Ry7aAl6sbO1E=
Subject key identifier:   3E:59:45:60:EE:60:FB:7E:B6:27:89:35:B7:12:06:E9:9E:F2:8E:E2
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       68769B4B591B2D93D0340B9C8D3FBC9829389921
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2b7208cc-9635-4fee-9a51-6b406e01bef7.roa
Signing time:             Wed 08 Mar 2023 00:00:00 +0000
ROA not before:           Wed 08 Mar 2023 00:00:00 +0000
ROA not after:            Sat 11 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:76:9b:4b:59:1b:2d:93:d0:34:0b:9c:8d:3f:bc:98:29:38:99:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar  8 00:00:00 2023 GMT
            Not After : Mar 11 23:59:59 2023 GMT
        Subject: serialNumber=35a2e6d6c7f430c7cbc0ce91f3baecaae6db1bf14e80ad942e7758e890e2d5a1, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:cc:03:76:84:fc:02:7e:fa:96:85:88:32:41:
                    8b:1c:1c:a6:d7:4e:18:87:84:84:6e:ac:66:16:48:
                    00:04:b3:1c:9b:44:c1:13:ef:96:98:5e:a5:e7:c6:
                    9f:69:89:1b:84:f4:69:a2:46:a1:91:f9:cd:91:b8:
                    63:1a:24:a2:38:c7:3f:e1:1d:2d:70:b2:9b:f2:8c:
                    88:5b:8e:2c:ed:a4:c4:12:6c:2e:ad:8b:18:69:42:
                    93:37:eb:43:34:91:1f:82:5a:bf:65:5d:74:e6:7b:
                    a5:f4:ef:d2:85:41:a4:2d:17:0b:7f:51:5a:09:2c:
                    f6:1a:3e:94:a6:2e:5e:1d:78:38:30:fd:3f:c7:37:
                    a3:c9:9c:18:b6:ab:9a:36:84:dc:ed:46:37:17:2c:
                    fa:fe:5c:db:bb:73:5e:43:d1:5d:93:48:7c:a9:f3:
                    73:fe:ad:52:2c:07:3a:4c:4c:23:a4:10:f5:30:cd:
                    13:5e:ce:66:ed:d4:b3:ac:85:60:6b:49:32:33:4e:
                    01:95:58:65:75:c8:0c:c3:db:e6:a2:92:0b:41:2b:
                    ad:c2:24:db:09:6b:8c:ab:b1:78:4b:87:2d:74:cc:
                    d7:eb:d8:74:f9:77:a6:0d:08:fb:e2:3b:ee:52:02:
                    75:54:6b:f0:c4:8c:44:ad:42:67:88:51:c4:f4:0a:
                    cc:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:59:45:60:EE:60:FB:7E:B6:27:89:35:B7:12:06:E9:9E:F2:8E:E2
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2b7208cc-9635-4fee-9a51-6b406e01bef7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:ee:56:a9:21:35:49:2f:fc:a3:ef:f5:96:35:5d:48:dc:86:
         29:aa:6c:86:c2:e2:11:10:ae:59:09:16:72:68:d9:28:11:d6:
         bd:76:45:d6:15:74:ff:23:78:78:67:71:c7:4b:7a:8a:0a:94:
         7f:b9:5b:15:4c:c5:ee:80:74:34:cb:32:4f:4c:d8:e7:89:1a:
         47:04:d2:48:45:9a:10:46:37:34:57:88:ca:a9:c7:88:46:e0:
         3b:54:ca:4d:96:8b:c9:8e:41:fc:81:52:db:53:95:11:02:7c:
         a0:20:28:e0:f3:7a:17:38:29:29:16:1d:63:9c:a6:e6:7e:9c:
         a0:0c:96:53:53:1b:d8:8b:eb:46:7a:4c:22:a3:8e:64:91:ef:
         d1:ba:09:7f:a6:c4:dd:84:7b:0c:46:29:7d:62:47:58:11:e0:
         74:27:0c:00:5d:44:58:a5:a5:a8:55:36:93:c3:93:38:b6:8d:
         ab:60:ea:07:00:da:a8:25:12:81:cf:39:96:04:a5:1d:76:1c:
         10:ff:6b:a0:0a:ae:3b:2e:fe:12:3c:0f:95:61:d8:8e:d2:1b:
         d7:b7:3d:d4:06:ab:76:78:5e:05:f3:f2:10:61:d0:cd:3f:7e:
         37:49:98:24:4c:a2:9a:c7:db:5b:48:67:70:3e:4c:e5:3f:7e:
         51:b9:13:88
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUaHabS1kbLZPQNAucjT+8mCk4mSEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzA4MDAwMDAwWhcNMjMwMzExMjM1OTU5
WjCBpTFJMEcGA1UEBRNAMzVhMmU2ZDZjN2Y0MzBjN2NiYzBjZTkxZjNiYWVjYWFl
NmRiMWJmMTRlODBhZDk0MmU3NzU4ZTg5MGUyZDVhMTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJ7MA3aE/AJ++paFiDJBixwcptdOGIeEhG6sZhZIAASzHJtEwRPv
lphepefGn2mJG4T0aaJGoZH5zZG4YxokojjHP+EdLXCym/KMiFuOLO2kxBJsLq2L
GGlCkzfrQzSRH4Jav2VddOZ7pfTv0oVBpC0XC39RWgks9ho+lKYuXh14ODD9P8c3
o8mcGLarmjaE3O1GNxcs+v5c27tzXkPRXZNIfKnzc/6tUiwHOkxMI6QQ9TDNE17O
Zu3Us6yFYGtJMjNOAZVYZXXIDMPb5qKSC0ErrcIk2wlrjKuxeEuHLXTM1+vYdPl3
pg0I++I77lICdVRr8MSMRK1CZ4hRxPQKzHECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQ+WUVg7mD7frYniTW3EgbpnvKO4jAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMmI3MjA4Y2MtOTYzNS00ZmVlLTlhNTEtNmI0MDZlMDFiZWY3LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACLuVqkhNUkv/KPv
9ZY1XUjchimqbIbC4hEQrlkJFnJo2SgR1r12RdYVdP8jeHhnccdLeooKlH+5WxVM
xe6AdDTLMk9M2OeJGkcE0khFmhBGNzRXiMqpx4hG4DtUyk2Wi8mOQfyBUttTlREC
fKAgKODzehc4KSkWHWOcpuZ+nKAMllNTG9iL60Z6TCKjjmSR79G6CX+mxN2EewxG
KX1iR1gR4HQnDABdRFilpahVNpPDkzi2jatg6gcA2qglEoHPOZYEpR12HBD/a6AK
rjsu/hI8D5Vh2I7SG9e3PdQGq3Z4XgXz8hBh0M0/fjdJmCRMoprH21tIZ3A+TOU/
flG5E4g=
-----END CERTIFICATE-----