Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3ad93e0f-78d0-4d41-ac2d-0202a66e69c4.roa
File:                     3ad93e0f-78d0-4d41-ac2d-0202a66e69c4.roa (raw, json)
Hash identifier:          tD4yBYVycNRxkcIcbq9abRL7I9/NgKw5FS9mDdXPfF0=
Subject key identifier:   20:F1:03:F7:F7:4A:59:7D:9A:58:00:4C:17:9F:D3:EB:1C:E1:75:D9
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       4A72AB5A125313549B79CE047115093804505F1B
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3ad93e0f-78d0-4d41-ac2d-0202a66e69c4.roa
Signing time:             Sat 01 Apr 2023 00:00:00 +0000
ROA not before:           Sat 01 Apr 2023 00:00:00 +0000
ROA not after:            Tue 04 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:72:ab:5a:12:53:13:54:9b:79:ce:04:71:15:09:38:04:50:5f:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr  1 00:00:00 2023 GMT
            Not After : Apr  4 23:59:59 2023 GMT
        Subject: serialNumber=2c2ea32b29aa96735138d19854cbb9320e141446dd9527643d7ce5ba03d2bde0, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:4c:52:c6:ab:15:b6:cb:d7:30:9c:c0:81:ae:
                    6e:02:02:02:86:a0:e9:e3:7f:5e:8f:3e:15:5a:2b:
                    c5:9d:64:a0:61:f7:91:d7:05:fb:6c:9c:53:d5:90:
                    97:b9:43:11:61:7c:d5:cb:bc:14:20:21:89:86:46:
                    9e:f9:85:e6:ec:ac:5b:79:c1:5e:d5:77:61:77:87:
                    c3:f7:62:5b:5e:41:15:a8:82:f2:4c:0d:31:55:38:
                    82:70:75:61:26:cc:65:df:ae:b2:a5:d9:fa:9b:92:
                    4b:14:5b:fc:0e:49:50:e9:1a:bf:44:8a:57:fd:61:
                    67:93:83:b4:a7:ed:26:2d:b6:7d:0a:1a:f0:5c:5e:
                    5b:5f:35:ce:27:53:b3:32:68:8e:f4:79:24:a7:81:
                    07:0d:e1:7c:f8:4e:a1:48:38:08:2d:af:bb:78:17:
                    9a:bb:05:20:bd:5d:61:97:24:6c:5b:60:7c:1c:99:
                    83:b0:e1:dc:c9:ae:5f:e1:12:ef:b1:a3:4b:f7:6a:
                    42:48:2a:a9:1d:71:f5:cf:c3:41:14:a6:7a:49:82:
                    1c:8f:e4:79:70:b7:2a:42:dd:e7:e0:a9:20:e9:99:
                    08:0a:c2:7b:df:83:4d:17:fc:fe:11:32:cf:66:dc:
                    1d:cb:3b:88:4a:07:23:21:d7:c2:d2:11:d2:63:38:
                    c4:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:F1:03:F7:F7:4A:59:7D:9A:58:00:4C:17:9F:D3:EB:1C:E1:75:D9
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3ad93e0f-78d0-4d41-ac2d-0202a66e69c4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:fd:33:05:63:00:74:25:0c:d7:30:06:02:55:4f:b7:cc:ac:
         ba:66:c0:c3:05:d2:ce:14:3c:32:04:82:aa:04:88:30:c5:96:
         e0:0a:cd:c5:67:ce:27:0f:8e:f3:f2:16:09:ca:bb:ab:07:02:
         83:c1:2f:d6:0b:82:8c:87:44:d0:8e:02:35:71:03:ce:22:df:
         49:17:3b:78:10:c7:25:7e:bd:09:2d:00:a9:46:6f:ad:f1:11:
         55:84:ad:43:5b:e3:cc:83:19:8f:44:17:ae:85:06:61:80:66:
         1b:80:d3:06:63:eb:41:dc:1c:1a:e3:f5:9a:81:49:8a:af:c8:
         1e:5c:1a:3a:b8:79:a5:3e:c5:30:13:d1:4d:96:bc:a8:3e:39:
         67:a3:2d:60:c4:8b:9e:63:46:e6:6d:29:61:85:f4:e4:09:56:
         6a:1e:14:7d:ff:68:61:1a:4a:ad:18:0f:c7:60:21:9f:66:c1:
         da:7a:9e:bd:a9:24:d0:0b:90:b9:40:f7:36:9a:6c:b3:9c:54:
         e8:12:93:81:a9:21:fc:9e:1d:f3:21:16:93:eb:94:83:f6:ec:
         a6:5c:13:bb:90:d6:fe:f2:45:21:17:e9:98:db:39:d1:05:f7:
         60:12:66:ea:60:82:6a:e1:8d:3f:e2:6b:5a:10:38:5f:c7:02:
         31:03:cd:2f
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUSnKrWhJTE1Sbec4EcRUJOARQXxswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDAxMDAwMDAwWhcNMjMwNDA0MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMmMyZWEzMmIyOWFhOTY3MzUxMzhkMTk4NTRjYmI5MzIw
ZTE0MTQ0NmRkOTUyNzY0M2Q3Y2U1YmEwM2QyYmRlMDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAO1MUsarFbbL1zCcwIGubgICAoag6eN/Xo8+FVorxZ1koGH3kdcF
+2ycU9WQl7lDEWF81cu8FCAhiYZGnvmF5uysW3nBXtV3YXeHw/diW15BFaiC8kwN
MVU4gnB1YSbMZd+usqXZ+puSSxRb/A5JUOkav0SKV/1hZ5ODtKftJi22fQoa8Fxe
W181zidTszJojvR5JKeBBw3hfPhOoUg4CC2vu3gXmrsFIL1dYZckbFtgfByZg7Dh
3MmuX+ES77GjS/dqQkgqqR1x9c/DQRSmekmCHI/keXC3KkLd5+CpIOmZCArCe9+D
TRf8/hEyz2bcHcs7iEoHIyHXwtIR0mM4xAMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQg8QP390pZfZpYAEwXn9PrHOF12TAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvM2FkOTNlMGYtNzhkMC00ZDQxLWFjMmQtMDIwMmE2NmU2OWM0LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALj9MwVjAHQlDNcw
BgJVT7fMrLpmwMMF0s4UPDIEgqoEiDDFluAKzcVnzicPjvPyFgnKu6sHAoPBL9YL
goyHRNCOAjVxA84i30kXO3gQxyV+vQktAKlGb63xEVWErUNb48yDGY9EF66FBmGA
ZhuA0wZj60HcHBrj9ZqBSYqvyB5cGjq4eaU+xTAT0U2WvKg+OWejLWDEi55jRuZt
KWGF9OQJVmoeFH3/aGEaSq0YD8dgIZ9mwdp6nr2pJNALkLlA9zaabLOcVOgSk4Gp
IfyeHfMhFpPrlIP27KZcE7uQ1v7yRSEX6ZjbOdEF92ASZupggmrhjT/ia1oQOF/H
AjEDzS8=
-----END CERTIFICATE-----