Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/394e8bd7-84f5-45c7-ac7b-502edc6282c3.roa
File:                     394e8bd7-84f5-45c7-ac7b-502edc6282c3.roa (raw, json)
Hash identifier:          j094VKulTPMBELHnHEaVeMBJhRgP29q6w7SE6LU0UAI=
Subject key identifier:   92:72:2E:47:FB:0F:60:FE:78:65:0B:26:DA:2C:17:22:4D:B1:72:39
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       35813183D612E062DFD6B7AE6D7137A99CE24C2E
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/394e8bd7-84f5-45c7-ac7b-502edc6282c3.roa
Signing time:             Thu 16 Mar 2023 00:00:00 +0000
ROA not before:           Thu 16 Mar 2023 00:00:00 +0000
ROA not after:            Sun 19 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:81:31:83:d6:12:e0:62:df:d6:b7:ae:6d:71:37:a9:9c:e2:4c:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 16 00:00:00 2023 GMT
            Not After : Mar 19 23:59:59 2023 GMT
        Subject: serialNumber=cb0cbe685222c7895d3cde5a6445a70c9635fe46160283f379e504b18753e294, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:49:08:a0:b8:d7:df:1a:c7:bb:2b:1b:c3:f3:
                    58:4f:4d:6e:39:9f:49:10:bd:8d:de:ab:01:70:d5:
                    9d:35:1a:11:6d:d8:c1:5e:09:6f:2e:c1:25:ec:1d:
                    57:8c:1f:6a:b3:9e:8d:be:66:7c:9a:1a:4d:60:0b:
                    23:e4:5f:7e:94:8a:ee:36:18:92:e8:6d:38:b7:ac:
                    fc:ca:f1:9b:3e:dc:5b:fc:bb:c6:1a:78:5b:52:c8:
                    f3:3c:07:47:ff:51:e7:a4:a2:40:57:4f:f0:8c:f8:
                    b2:f4:25:a7:c5:c5:0f:8c:e8:1d:bf:d7:25:27:0f:
                    89:7e:e8:14:92:52:ad:33:86:b4:b1:35:dd:93:44:
                    d7:b1:cd:d2:9d:0d:e3:28:a8:cd:47:31:98:95:37:
                    30:7e:f1:f8:49:96:e5:87:8a:2c:f7:95:1b:bc:11:
                    d6:c1:30:8a:18:a4:48:03:48:b9:0f:4f:20:c6:63:
                    10:a1:1d:d8:3e:59:2b:1f:e9:bf:44:bf:06:70:c6:
                    e6:30:cd:06:98:6b:ff:56:16:79:2e:c0:72:74:08:
                    a9:79:05:35:39:df:ba:fa:db:7a:c9:4c:fa:ff:52:
                    35:7f:95:fe:fb:84:67:48:79:b8:ef:3c:a1:3b:67:
                    33:04:cf:c5:96:2e:41:46:c4:52:4f:bc:b9:86:98:
                    d3:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:72:2E:47:FB:0F:60:FE:78:65:0B:26:DA:2C:17:22:4D:B1:72:39
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/394e8bd7-84f5-45c7-ac7b-502edc6282c3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:3f:20:38:4a:81:aa:31:b5:3d:3b:98:ed:b3:7b:0b:da:24:
         ec:fe:77:94:db:fc:54:4f:83:1c:ed:94:b6:2c:3b:f8:9c:61:
         6a:68:ff:40:44:12:11:3c:43:59:15:a2:71:e4:ce:39:10:24:
         db:6f:27:ea:19:fd:a1:9a:72:b2:b6:96:db:c3:39:8b:4f:32:
         e5:23:f0:30:d4:f2:25:45:71:1e:83:58:65:b6:e9:ea:ed:a2:
         ce:c9:90:8e:26:55:e2:24:6b:d7:57:f7:c6:73:1f:36:46:dc:
         29:1e:63:83:83:00:42:c9:5c:d4:dd:0c:19:db:82:8c:77:a5:
         3a:ae:3b:92:0d:5d:81:c0:41:4b:89:ac:73:08:ea:44:99:39:
         da:f2:75:4e:17:c4:cc:5c:13:de:58:7a:d6:93:fc:ca:0b:07:
         e4:f5:b7:f7:ae:27:35:50:dc:b5:b8:1b:80:40:1d:4a:71:92:
         b2:80:1b:6c:f1:f4:7d:c0:61:d1:04:d6:28:c3:6c:aa:23:3c:
         83:0c:76:08:99:6c:19:6e:c0:9a:87:eb:31:fa:94:75:1a:2a:
         39:77:25:01:11:d7:ed:16:3c:b6:fd:5c:2e:d2:4a:37:b3:d8:
         83:b1:7e:18:9a:af:08:6a:35:02:2f:f8:d5:e8:5d:52:e4:5e:
         5c:1b:5e:e1
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUNYExg9YS4GLf1reubXE3qZziTC4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzE2MDAwMDAwWhcNMjMwMzE5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAY2IwY2JlNjg1MjIyYzc4OTVkM2NkZTVhNjQ0NWE3MGM5
NjM1ZmU0NjE2MDI4M2YzNzllNTA0YjE4NzUzZTI5NDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKxJCKC4198ax7srG8PzWE9NbjmfSRC9jd6rAXDVnTUaEW3YwV4J
by7BJewdV4wfarOejb5mfJoaTWALI+RffpSK7jYYkuhtOLes/Mrxmz7cW/y7xhp4
W1LI8zwHR/9R56SiQFdP8Iz4svQlp8XFD4zoHb/XJScPiX7oFJJSrTOGtLE13ZNE
17HN0p0N4yiozUcxmJU3MH7x+EmW5YeKLPeVG7wR1sEwihikSANIuQ9PIMZjEKEd
2D5ZKx/pv0S/BnDG5jDNBphr/1YWeS7AcnQIqXkFNTnfuvrbeslM+v9SNX+V/vuE
Z0h5uO88oTtnMwTPxZYuQUbEUk+8uYaY0+kCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSSci5H+w9g/nhlCybaLBciTbFyOTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMzk0ZThiZDctODRmNS00NWM3LWFjN2ItNTAyZWRjNjI4MmMzLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAB0/IDhKgaoxtT07
mO2zewvaJOz+d5Tb/FRPgxztlLYsO/icYWpo/0BEEhE8Q1kVonHkzjkQJNtvJ+oZ
/aGacrK2ltvDOYtPMuUj8DDU8iVFcR6DWGW26ertos7JkI4mVeIka9dX98ZzHzZG
3CkeY4ODAELJXNTdDBnbgox3pTquO5INXYHAQUuJrHMI6kSZOdrydU4XxMxcE95Y
etaT/MoLB+T1t/euJzVQ3LW4G4BAHUpxkrKAG2zx9H3AYdEE1ijDbKojPIMMdgiZ
bBluwJqH6zH6lHUaKjl3JQER1+0WPLb9XC7SSjez2IOxfhiarwhqNQIv+NXoXVLk
XlwbXuE=
-----END CERTIFICATE-----