Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2e0d82d6-b13e-45d6-b6dd-d83b4bd2ab3d.roa
File:                     2e0d82d6-b13e-45d6-b6dd-d83b4bd2ab3d.roa (raw, json)
Hash identifier:          Piydi8GBgWdF4fIha75UiL23tor0UCuM1B9hxALfOM8=
Subject key identifier:   08:F4:62:8B:CD:81:92:87:7C:5F:A6:5B:24:32:92:D6:8B:E7:D6:94
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       04542EC51EB5558D43C446AD2457C0C68BA5CF52
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2e0d82d6-b13e-45d6-b6dd-d83b4bd2ab3d.roa
Signing time:             Mon 01 May 2023 00:00:00 +0000
ROA not before:           Mon 01 May 2023 00:00:00 +0000
ROA not after:            Thu 04 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:54:2e:c5:1e:b5:55:8d:43:c4:46:ad:24:57:c0:c6:8b:a5:cf:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May  1 00:00:00 2023 GMT
            Not After : May  4 23:59:59 2023 GMT
        Subject: serialNumber=77015c82639fa3d8fdf1a5961804360e87b1036618ee0bc4ee4f7c46e00d2e83, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:f7:51:d7:82:11:4f:35:58:c9:c6:53:b3:d0:
                    1d:23:bb:a1:ad:57:c0:1c:db:2d:79:d6:67:3b:ce:
                    69:5a:50:11:7c:63:d2:71:41:7d:cf:d3:21:c1:37:
                    3c:b2:9b:6a:6a:76:3b:10:6d:9f:f6:94:0e:39:da:
                    53:55:0f:55:77:c5:2b:e4:87:9c:94:1c:28:a7:82:
                    6c:15:28:35:26:2a:53:6d:f7:6f:e4:64:82:c8:46:
                    51:dc:31:c1:b9:89:e8:24:d3:52:1b:43:7a:3d:15:
                    42:40:9d:30:38:bd:95:0d:ad:b6:83:82:f6:a6:03:
                    69:4f:cf:76:bb:de:c9:06:09:0b:6e:a5:18:0e:28:
                    8e:d9:c1:94:f5:be:bf:dd:99:dc:2c:c6:26:f5:aa:
                    77:8f:7d:ca:33:19:f8:8f:8e:7d:12:49:b0:6b:77:
                    f0:aa:15:a3:8a:4a:fc:00:47:67:ec:6f:f1:ac:79:
                    a5:c0:01:18:d2:5a:b8:c1:b3:88:bf:5a:60:88:7f:
                    bd:44:32:8d:c5:cd:c1:05:91:36:74:a1:b6:ec:ff:
                    c0:bc:78:88:3e:ce:dd:1e:8c:9c:29:7d:9c:9a:2a:
                    6e:99:a2:cf:ce:c1:30:99:82:9a:8f:4d:1c:46:b5:
                    da:96:ea:1b:f9:19:ef:ca:3e:15:6c:12:3e:78:b8:
                    b7:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:F4:62:8B:CD:81:92:87:7C:5F:A6:5B:24:32:92:D6:8B:E7:D6:94
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2e0d82d6-b13e-45d6-b6dd-d83b4bd2ab3d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:e9:e0:bf:e7:19:a3:a0:9b:d9:5f:61:af:22:fb:b9:8d:50:
         84:74:d5:7a:72:1f:4a:99:a5:7f:2c:63:60:35:8c:91:7d:f9:
         de:48:8d:ab:1a:0d:42:fc:09:8f:b3:d2:98:24:08:22:6c:c0:
         df:62:9d:1b:2c:32:42:35:c1:ed:0a:dc:9c:12:b3:df:db:78:
         59:ef:7b:8c:19:6b:45:2d:d1:65:73:7c:47:5b:89:65:3e:4b:
         54:d7:22:63:9d:e6:bb:ab:2f:60:cf:48:94:05:1d:ae:ac:bc:
         9f:65:ea:9c:4c:56:7c:c0:77:2b:f1:c9:2e:3b:96:b6:e1:1a:
         57:18:b4:58:99:aa:3f:96:ca:a6:df:6c:b1:e1:7d:49:0f:d7:
         e4:e0:2c:83:40:e7:08:24:a1:59:ac:46:18:d7:31:e6:26:d9:
         7a:62:98:de:2e:c0:37:f4:80:f3:58:51:90:34:12:97:75:a7:
         c4:15:31:25:1d:49:28:a7:ae:70:bb:64:5f:e6:26:f6:74:9b:
         37:eb:66:01:27:b7:ae:1f:16:2a:a1:09:7c:c7:54:fe:5f:6f:
         47:12:01:00:d0:04:02:12:61:e5:00:9e:01:25:aa:d1:6a:eb:
         c0:e4:f0:af:d7:03:cc:4b:eb:82:5b:c7:cd:02:25:89:f5:71:
         1c:0b:1f:6f
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUBFQuxR61VY1DxEatJFfAxoulz1IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTAxMDAwMDAwWhcNMjMwNTA0MjM1OTU5
WjCBpTFJMEcGA1UEBRNANzcwMTVjODI2MzlmYTNkOGZkZjFhNTk2MTgwNDM2MGU4
N2IxMDM2NjE4ZWUwYmM0ZWU0ZjdjNDZlMDBkMmU4MzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAN/3UdeCEU81WMnGU7PQHSO7oa1XwBzbLXnWZzvOaVpQEXxj0nFB
fc/TIcE3PLKbamp2OxBtn/aUDjnaU1UPVXfFK+SHnJQcKKeCbBUoNSYqU233b+Rk
gshGUdwxwbmJ6CTTUhtDej0VQkCdMDi9lQ2ttoOC9qYDaU/PdrveyQYJC26lGA4o
jtnBlPW+v92Z3CzGJvWqd499yjMZ+I+OfRJJsGt38KoVo4pK/ABHZ+xv8ax5pcAB
GNJauMGziL9aYIh/vUQyjcXNwQWRNnShtuz/wLx4iD7O3R6MnCl9nJoqbpmiz87B
MJmCmo9NHEa12pbqG/kZ78o+FWwSPni4t5ECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQI9GKLzYGSh3xfplskMpLWi+fWlDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMmUwZDgyZDYtYjEzZS00NWQ2LWI2ZGQtZDgzYjRiZDJhYjNkLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACzp4L/nGaOgm9lf
Ya8i+7mNUIR01XpyH0qZpX8sY2A1jJF9+d5IjasaDUL8CY+z0pgkCCJswN9inRss
MkI1we0K3JwSs9/beFnve4wZa0Ut0WVzfEdbiWU+S1TXImOd5rurL2DPSJQFHa6s
vJ9l6pxMVnzAdyvxyS47lrbhGlcYtFiZqj+WyqbfbLHhfUkP1+TgLINA5wgkoVms
RhjXMeYm2XpimN4uwDf0gPNYUZA0Epd1p8QVMSUdSSinrnC7ZF/mJvZ0mzfrZgEn
t64fFiqhCXzHVP5fb0cSAQDQBAISYeUAngElqtFq68Dk8K/XA8xL64Jbx80CJYn1
cRwLH28=
-----END CERTIFICATE-----