Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/306546ce-38d1-4513-b8e9-2d2a9d8b2319.roa
File:                     306546ce-38d1-4513-b8e9-2d2a9d8b2319.roa (raw, json)
Hash identifier:          nFecwvk+qCz06K/DsX0GY6pgqR9CeML206cE9yEgWo4=
Subject key identifier:   D9:4B:3F:E1:B0:3C:CE:57:69:DD:5C:29:2B:3E:A9:41:A8:BB:79:CA
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       2C20DEE80979E4320E09F8B15A7337C3CCA77847
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/306546ce-38d1-4513-b8e9-2d2a9d8b2319.roa
Signing time:             Tue 18 Apr 2023 00:00:00 +0000
ROA not before:           Tue 18 Apr 2023 00:00:00 +0000
ROA not after:            Fri 21 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:20:de:e8:09:79:e4:32:0e:09:f8:b1:5a:73:37:c3:cc:a7:78:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 18 00:00:00 2023 GMT
            Not After : Apr 21 23:59:59 2023 GMT
        Subject: serialNumber=16c731b8d0518df17328878e504aacb3946ed21ac12f1b8ba0450d26c526060e, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:96:17:b4:55:d9:b3:01:46:e3:e0:fc:ee:bd:
                    3c:52:5a:4c:af:47:f8:a7:92:e5:4f:07:f8:77:08:
                    33:9e:45:ae:7a:87:aa:a5:6a:78:69:72:cc:56:f2:
                    a0:bd:dd:22:bf:56:44:b9:87:af:bb:d8:17:bc:60:
                    7a:84:a9:50:fd:6e:b3:62:a9:5e:63:d0:30:4c:33:
                    06:16:af:4c:45:6d:00:70:1b:7b:b1:8b:56:16:8a:
                    fc:27:77:ef:0b:b0:03:4e:d5:15:a2:5d:38:a6:db:
                    e5:9b:72:21:86:0d:60:69:d8:f2:64:34:70:d9:14:
                    70:de:1c:18:28:e6:6d:0e:ec:c1:f7:c6:f6:e4:b8:
                    44:6f:1d:5c:95:81:d5:9d:62:80:b3:30:ab:85:d2:
                    02:21:4a:52:9e:ef:f9:3a:b1:97:be:21:49:3c:1f:
                    86:51:d2:25:12:93:a7:f3:2c:b8:f5:a4:76:35:1e:
                    1c:ae:95:bb:ba:2f:b5:6a:dc:cc:e7:80:ea:0d:01:
                    5e:98:c4:08:94:0a:d9:e7:17:50:ef:6d:d3:3e:ce:
                    06:7c:47:a7:9e:93:37:2f:28:88:4c:04:c6:1a:19:
                    7e:ec:52:1a:70:d4:41:49:43:b1:f0:6d:f7:2d:e8:
                    e4:2f:55:9f:de:d4:61:5b:67:11:4f:d1:03:81:b0:
                    84:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:4B:3F:E1:B0:3C:CE:57:69:DD:5C:29:2B:3E:A9:41:A8:BB:79:CA
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/306546ce-38d1-4513-b8e9-2d2a9d8b2319.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:e7:13:f1:d6:05:cc:76:c6:bb:98:d2:b8:e3:b5:c5:00:93:
         a0:c9:d0:95:d6:4a:ae:94:c3:d3:fd:00:2d:ad:89:0b:11:6f:
         6c:e5:8c:3c:7f:86:14:ec:ab:d8:e1:fb:30:5c:89:4e:57:14:
         f6:84:8f:f9:f8:ab:1e:8b:fb:c4:f2:3d:64:03:f3:dd:ac:d9:
         69:e0:11:2c:ad:7d:a1:58:37:8e:a7:78:97:ad:13:c8:4e:0f:
         3a:b6:0a:c4:59:1a:e2:d1:de:8b:d3:b1:47:a6:aa:73:97:09:
         e9:4f:2e:86:86:d5:37:63:fa:e8:4e:16:3f:d2:c4:83:82:1a:
         32:e5:29:eb:4a:fe:33:04:90:68:24:5e:52:7d:e7:04:56:2b:
         34:07:df:02:eb:c0:2a:52:8e:96:d9:29:31:9a:40:88:e1:50:
         7e:51:ed:c9:e4:40:26:76:02:aa:8f:0e:c0:ae:ae:1e:06:4c:
         ac:ab:87:d1:85:4c:df:bb:8e:b0:99:ba:8c:6f:7c:67:f8:44:
         fc:ae:10:91:37:ea:74:66:af:8e:df:3b:e3:41:aa:f6:a5:da:
         25:a5:f7:67:23:a2:e0:a0:12:20:fd:26:89:8d:a0:66:93:85:
         78:61:0e:eb:11:25:46:36:31:63:a4:21:ee:ca:0e:2f:ba:2f:
         cc:c6:5d:01
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIULCDe6Al55DIOCfixWnM3w8yneEcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDE4MDAwMDAwWhcNMjMwNDIxMjM1OTU5
WjCBpTFJMEcGA1UEBRNAMTZjNzMxYjhkMDUxOGRmMTczMjg4NzhlNTA0YWFjYjM5
NDZlZDIxYWMxMmYxYjhiYTA0NTBkMjZjNTI2MDYwZTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAOKWF7RV2bMBRuPg/O69PFJaTK9H+KeS5U8H+HcIM55FrnqHqqVq
eGlyzFbyoL3dIr9WRLmHr7vYF7xgeoSpUP1us2KpXmPQMEwzBhavTEVtAHAbe7GL
VhaK/Cd37wuwA07VFaJdOKbb5ZtyIYYNYGnY8mQ0cNkUcN4cGCjmbQ7swffG9uS4
RG8dXJWB1Z1igLMwq4XSAiFKUp7v+Tqxl74hSTwfhlHSJRKTp/MsuPWkdjUeHK6V
u7ovtWrczOeA6g0BXpjECJQK2ecXUO9t0z7OBnxHp56TNy8oiEwExhoZfuxSGnDU
QUlDsfBt9y3o5C9Vn97UYVtnEU/RA4GwhPUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTZSz/hsDzOV2ndXCkrPqlBqLt5yjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMzA2NTQ2Y2UtMzhkMS00NTEzLWI4ZTktMmQyYTlkOGIyMzE5LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAArnE/HWBcx2xruY
0rjjtcUAk6DJ0JXWSq6Uw9P9AC2tiQsRb2zljDx/hhTsq9jh+zBciU5XFPaEj/n4
qx6L+8TyPWQD892s2WngESytfaFYN46neJetE8hODzq2CsRZGuLR3ovTsUemqnOX
CelPLoaG1Tdj+uhOFj/SxIOCGjLlKetK/jMEkGgkXlJ95wRWKzQH3wLrwCpSjpbZ
KTGaQIjhUH5R7cnkQCZ2AqqPDsCurh4GTKyrh9GFTN+7jrCZuoxvfGf4RPyuEJE3
6nRmr47fO+NBqval2iWl92cjouCgEiD9JomNoGaThXhhDusRJUY2MWOkIe7KDi+6
L8zGXQE=
-----END CERTIFICATE-----