Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/311055bf-b6fd-4a41-a67b-c1c674f5ea78.roa
File:                     311055bf-b6fd-4a41-a67b-c1c674f5ea78.roa (raw, json)
Hash identifier:          4xG58d/axfDzhUCyHUnZnuz8g0Z4WOoJrro2eEATm+E=
Subject key identifier:   D5:69:2F:CD:6C:69:75:8D:53:95:1B:A7:9B:61:6D:79:11:FB:EC:2B
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       314553A2828675B47DAAF50FEB3DE22E08835F74
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/311055bf-b6fd-4a41-a67b-c1c674f5ea78.roa
Signing time:             Tue 18 Apr 2023 00:00:00 +0000
ROA not before:           Tue 18 Apr 2023 00:00:00 +0000
ROA not after:            Fri 21 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:45:53:a2:82:86:75:b4:7d:aa:f5:0f:eb:3d:e2:2e:08:83:5f:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 18 00:00:00 2023 GMT
            Not After : Apr 21 23:59:59 2023 GMT
        Subject: serialNumber=bc46d15ba05f95404fe760504c4cec02efe023e11d26133c3bea16d377054d00, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:68:03:02:93:af:ce:0d:7f:c3:a4:20:2a:54:
                    1d:09:91:49:6f:ca:c5:50:39:10:2d:c7:e6:67:20:
                    fc:84:a9:d8:5e:65:aa:d0:33:fe:c5:4d:25:11:27:
                    91:ad:79:30:6f:23:35:c4:9d:5d:7d:10:76:49:62:
                    63:79:c8:5f:32:bb:bd:1e:f9:62:62:08:56:39:4d:
                    c9:a8:be:63:e6:57:b5:9e:48:49:53:af:c1:68:62:
                    11:75:ef:3b:e5:09:06:c1:37:2a:a1:66:e5:6e:91:
                    63:ad:49:50:e7:ed:73:4f:cf:dc:47:9b:ee:f2:8e:
                    b2:02:92:07:79:31:1f:ad:ca:cc:e7:7d:ba:f8:fc:
                    78:1b:ab:3f:a2:69:2b:7d:69:39:ac:67:55:0c:95:
                    3f:97:97:05:f2:64:8d:9e:4d:92:51:c6:8c:fe:b8:
                    7d:3d:18:d4:fa:86:f4:d3:7f:5b:ac:c4:12:e4:e9:
                    b4:07:cd:30:4a:0a:80:22:1e:ed:32:e3:aa:db:9e:
                    79:40:91:ee:d1:f6:fc:e1:bb:41:7c:c3:05:2f:37:
                    e3:46:b9:67:16:d4:50:b4:bd:6a:f0:c0:a8:1d:da:
                    3c:9d:49:de:d6:70:11:07:d7:ad:69:35:5f:31:be:
                    22:1b:a3:ba:c2:94:7b:6a:71:f3:51:70:c7:a8:b0:
                    37:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:69:2F:CD:6C:69:75:8D:53:95:1B:A7:9B:61:6D:79:11:FB:EC:2B
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/311055bf-b6fd-4a41-a67b-c1c674f5ea78.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c3:c7:e0:a2:66:41:af:f9:b4:11:cc:d1:a1:a0:49:4a:7d:52:
         11:89:dc:d1:a0:e5:e4:65:72:d3:dd:25:e5:b9:18:0d:f2:e4:
         d3:1d:81:b6:59:fe:94:54:22:60:de:53:b5:8b:78:83:45:f0:
         93:4c:40:e7:b3:09:59:53:e1:0e:39:c7:10:10:62:bc:c8:3c:
         d0:15:fa:1d:21:ed:2a:35:c7:88:94:ed:5f:b8:84:d6:02:c7:
         c6:63:7f:09:b5:6c:b4:7b:71:f9:e4:5d:63:b5:ed:a6:ae:9e:
         99:2b:ad:db:83:2e:7d:dd:ba:45:20:c5:22:f1:97:68:79:c7:
         96:97:72:82:bb:b6:a9:93:5b:5a:de:a4:c8:93:16:88:0e:73:
         c2:05:c6:9e:e1:75:50:ac:a6:e8:02:a1:fd:d3:3a:75:99:34:
         73:fb:1b:18:24:cc:07:4b:d5:f5:df:24:01:7f:6a:7f:56:b0:
         b1:8d:09:18:a8:a2:bf:b0:05:61:8a:7b:1f:d5:8d:e1:1e:21:
         2b:3e:bc:d2:e1:ce:a7:ba:65:06:de:7a:91:17:f9:fd:b5:3a:
         76:42:8f:14:5c:24:65:87:3e:f7:53:d0:4f:f4:94:f1:b8:00:
         b3:20:22:5f:6f:c4:0b:31:c0:ad:89:60:fe:14:79:25:07:18:
         10:e8:39:f4
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUMUVTooKGdbR9qvUP6z3iLgiDX3QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDE4MDAwMDAwWhcNMjMwNDIxMjM1OTU5
WjCBpTFJMEcGA1UEBRNAYmM0NmQxNWJhMDVmOTU0MDRmZTc2MDUwNGM0Y2VjMDJl
ZmUwMjNlMTFkMjYxMzNjM2JlYTE2ZDM3NzA1NGQwMDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKdoAwKTr84Nf8OkICpUHQmRSW/KxVA5EC3H5mcg/ISp2F5lqtAz
/sVNJREnka15MG8jNcSdXX0QdkliY3nIXzK7vR75YmIIVjlNyai+Y+ZXtZ5ISVOv
wWhiEXXvO+UJBsE3KqFm5W6RY61JUOftc0/P3Eeb7vKOsgKSB3kxH63KzOd9uvj8
eBurP6JpK31pOaxnVQyVP5eXBfJkjZ5NklHGjP64fT0Y1PqG9NN/W6zEEuTptAfN
MEoKgCIe7TLjqtueeUCR7tH2/OG7QXzDBS8340a5ZxbUULS9avDAqB3aPJ1J3tZw
EQfXrWk1XzG+IhujusKUe2px81Fwx6iwNw8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTVaS/NbGl1jVOVG6ebYW15EfvsKzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMzExMDU1YmYtYjZmZC00YTQxLWE2N2ItYzFjNjc0ZjVlYTc4LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAMPH4KJmQa/5tBHM
0aGgSUp9UhGJ3NGg5eRlctPdJeW5GA3y5NMdgbZZ/pRUImDeU7WLeINF8JNMQOez
CVlT4Q45xxAQYrzIPNAV+h0h7So1x4iU7V+4hNYCx8Zjfwm1bLR7cfnkXWO17aau
npkrrduDLn3dukUgxSLxl2h5x5aXcoK7tqmTW1repMiTFogOc8IFxp7hdVCspugC
of3TOnWZNHP7GxgkzAdL1fXfJAF/an9WsLGNCRioor+wBWGKex/VjeEeISs+vNLh
zqe6ZQbeepEX+f21OnZCjxRcJGWHPvdT0E/0lPG4ALMgIl9vxAsxwK2JYP4UeSUH
GBDoOfQ=
-----END CERTIFICATE-----