Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2eb39ff3-80c7-4c7a-b39d-1aacbb3291a3.roa
File:                     2eb39ff3-80c7-4c7a-b39d-1aacbb3291a3.roa (raw, json)
Hash identifier:          WQ4LV2h/dxURYRhWahH7YpqvTHS9aKAs9UQoRhBiAo0=
Subject key identifier:   D1:06:CD:E7:DB:80:54:E9:A5:C9:56:40:3F:D2:46:45:BF:A9:76:BC
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       128293E52AFAB6007466F32790BEAF2D9873394C
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2eb39ff3-80c7-4c7a-b39d-1aacbb3291a3.roa
Signing time:             Sun 02 Apr 2023 00:00:00 +0000
ROA not before:           Sun 02 Apr 2023 00:00:00 +0000
ROA not after:            Wed 05 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:82:93:e5:2a:fa:b6:00:74:66:f3:27:90:be:af:2d:98:73:39:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr  2 00:00:00 2023 GMT
            Not After : Apr  5 23:59:59 2023 GMT
        Subject: serialNumber=e968b8535dacf1b5d42bcaca589048f145095673c2ddb8eb4d25598d83800d91, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:c6:30:a0:a8:b9:96:59:2f:f2:b1:1a:35:b9:
                    a5:75:58:98:ce:71:14:6d:c9:72:3a:fe:9e:53:02:
                    65:b5:d0:b6:c1:00:bb:35:82:57:b0:a8:f4:1b:ce:
                    42:be:9e:b3:4e:b1:b6:7d:a6:d3:fb:40:a0:ff:04:
                    83:b9:5e:8a:06:53:10:56:bc:51:27:3c:c0:12:18:
                    0a:f7:5b:d0:2d:6b:1d:f4:7c:86:f7:0e:d2:c2:32:
                    9b:42:53:99:a5:b4:35:ae:fe:54:0a:2b:82:ed:b0:
                    2f:c7:c3:d7:40:b5:fb:d0:d8:ad:ac:32:d9:53:06:
                    e5:b3:40:c8:f6:91:ef:57:0f:d0:ce:6e:a1:fa:32:
                    71:7e:cd:a6:9d:b1:bc:57:9c:f0:d0:6a:cc:1d:b9:
                    4e:c3:bc:30:b8:39:bb:14:49:d2:3d:f0:c4:7f:19:
                    8d:2f:9b:de:1f:31:46:1e:da:32:24:58:61:b4:a2:
                    c6:f8:72:71:8a:04:8b:3f:4c:cd:a2:58:38:07:e8:
                    a3:0b:25:42:da:2f:77:8e:3f:5b:d8:fe:0d:de:63:
                    a8:9e:70:40:13:1e:6b:2a:bd:ae:29:7c:36:66:67:
                    a5:ee:04:85:12:29:80:1e:44:3d:03:ae:1d:f3:63:
                    e2:d9:a6:32:e3:70:7a:3b:0a:e8:c6:12:b8:a0:39:
                    23:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:06:CD:E7:DB:80:54:E9:A5:C9:56:40:3F:D2:46:45:BF:A9:76:BC
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2eb39ff3-80c7-4c7a-b39d-1aacbb3291a3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:0b:51:40:6f:dd:3f:69:61:4c:9c:ac:b9:bb:0e:bb:8f:3d:
         72:77:71:3b:b6:af:12:5d:19:9f:ec:7f:c2:eb:23:6a:d1:6f:
         51:8d:4f:fb:89:b6:ad:9e:8c:8f:b0:fc:96:47:13:78:15:19:
         92:da:a7:db:33:96:8d:05:b2:0c:3f:44:a1:25:7e:4d:88:fe:
         0b:77:09:2a:ec:05:ed:24:8c:c6:97:e6:b9:35:7d:a1:0f:ab:
         81:b7:4b:c1:05:bb:16:a6:98:fb:11:26:82:cf:79:a3:73:ca:
         7f:c8:38:12:4a:ac:02:1f:ca:70:da:98:54:23:24:97:b0:e4:
         df:a0:e2:18:00:a2:c1:e0:a9:2a:61:05:53:70:6d:41:d9:4e:
         b9:a6:a2:58:1e:77:40:ed:40:6c:53:61:92:e7:52:41:a5:a1:
         84:a9:f1:3b:8f:ec:e8:9e:6c:d1:39:1b:5d:04:76:63:e4:f7:
         43:0e:76:64:5a:ce:a3:0e:fe:17:9d:b3:28:a4:82:4b:76:04:
         1d:70:7b:d6:32:2f:aa:e6:fc:84:42:b5:47:15:ab:6a:34:89:
         c6:c2:78:8b:62:de:38:65:1c:b7:9f:b1:75:16:29:fd:d3:86:
         5d:cb:0e:cc:12:bc:dd:8d:a1:4e:1a:9b:f2:3a:09:c6:c9:41:
         c4:2c:85:ca
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUEoKT5Sr6tgB0ZvMnkL6vLZhzOUwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDAyMDAwMDAwWhcNMjMwNDA1MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZTk2OGI4NTM1ZGFjZjFiNWQ0MmJjYWNhNTg5MDQ4ZjE0
NTA5NTY3M2MyZGRiOGViNGQyNTU5OGQ4MzgwMGQ5MTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANzGMKCouZZZL/KxGjW5pXVYmM5xFG3Jcjr+nlMCZbXQtsEAuzWC
V7Co9BvOQr6es06xtn2m0/tAoP8Eg7leigZTEFa8USc8wBIYCvdb0C1rHfR8hvcO
0sIym0JTmaW0Na7+VAorgu2wL8fD10C1+9DYrawy2VMG5bNAyPaR71cP0M5uofoy
cX7Npp2xvFec8NBqzB25TsO8MLg5uxRJ0j3wxH8ZjS+b3h8xRh7aMiRYYbSixvhy
cYoEiz9MzaJYOAfoowslQtovd44/W9j+Dd5jqJ5wQBMeayq9ril8NmZnpe4EhRIp
gB5EPQOuHfNj4tmmMuNwejsK6MYSuKA5I5MCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTRBs3n24BU6aXJVkA/0kZFv6l2vDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMmViMzlmZjMtODBjNy00YzdhLWIzOWQtMWFhY2JiMzI5MWEzLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAF0LUUBv3T9pYUyc
rLm7DruPPXJ3cTu2rxJdGZ/sf8LrI2rRb1GNT/uJtq2ejI+w/JZHE3gVGZLap9sz
lo0Fsgw/RKElfk2I/gt3CSrsBe0kjMaX5rk1faEPq4G3S8EFuxammPsRJoLPeaNz
yn/IOBJKrAIfynDamFQjJJew5N+g4hgAosHgqSphBVNwbUHZTrmmolged0DtQGxT
YZLnUkGloYSp8TuP7OiebNE5G10EdmPk90MOdmRazqMO/hedsyikgkt2BB1we9Yy
L6rm/IRCtUcVq2o0icbCeIti3jhlHLefsXUWKf3Thl3LDswSvN2NoU4am/I6CcbJ
QcQshco=
-----END CERTIFICATE-----