Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3cc495c0-8255-4de6-8580-1cd4d998bcc4.roa
File:                     3cc495c0-8255-4de6-8580-1cd4d998bcc4.roa (raw, json)
Hash identifier:          NMidDGsnz8Ah3HQKgN3WCv2kwCgm+uYIJ1iQphVSyMk=
Subject key identifier:   DA:4D:21:4F:DC:6C:04:22:A4:15:7B:0A:8A:C6:12:CD:99:E4:5D:EA
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       1A4FF296A61943B897DCDF05DA5B2EDC15051BC3
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3cc495c0-8255-4de6-8580-1cd4d998bcc4.roa
Signing time:             Sat 11 Feb 2023 00:00:00 +0000
ROA not before:           Sat 11 Feb 2023 00:00:00 +0000
ROA not after:            Tue 14 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:4f:f2:96:a6:19:43:b8:97:dc:df:05:da:5b:2e:dc:15:05:1b:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 11 00:00:00 2023 GMT
            Not After : Feb 14 23:59:59 2023 GMT
        Subject: serialNumber=cc52ecc584dacf3cce280448fc6a933fe5e5bf5cc283982aa2fa211d678ec482, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:35:a7:d1:a5:39:78:1c:b1:ce:5f:46:84:8c:
                    5a:fb:ca:d3:c3:b9:e3:df:4a:93:93:63:ed:5d:8f:
                    e0:2e:c9:c1:2c:e9:2e:b0:ec:d2:41:10:ae:26:66:
                    62:7f:e9:3e:ec:4a:3f:c8:82:2e:65:98:64:f6:27:
                    03:71:aa:5d:7a:d4:2b:4c:d7:00:aa:e2:72:c2:da:
                    03:21:a3:90:ca:ec:f7:d3:07:92:25:df:82:5a:d7:
                    3c:96:b0:98:64:8a:e9:46:6d:20:4a:41:a1:a0:1a:
                    23:59:07:14:cf:f3:93:5a:49:28:b7:e6:1e:7d:56:
                    74:47:34:54:56:ca:d7:18:74:6a:58:61:f0:bb:aa:
                    ac:41:83:2d:9f:8b:4c:9a:89:13:8f:56:29:b9:5f:
                    06:09:25:e3:f3:49:11:0d:b5:2e:7d:83:02:52:b3:
                    3d:80:f8:30:b7:a4:30:d8:12:75:b0:1b:66:04:e1:
                    75:86:ad:67:21:95:7a:11:18:08:5b:67:06:c3:73:
                    1b:b8:d6:39:af:15:53:12:a8:45:61:d6:15:d0:6a:
                    c0:80:4d:93:17:43:4a:0a:bf:13:a5:80:7d:f3:c5:
                    80:27:84:93:3f:09:bd:a6:be:0f:12:f6:fa:fd:05:
                    68:a7:3c:6a:e1:28:10:cc:98:f2:2c:c8:23:52:96:
                    5c:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:4D:21:4F:DC:6C:04:22:A4:15:7B:0A:8A:C6:12:CD:99:E4:5D:EA
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3cc495c0-8255-4de6-8580-1cd4d998bcc4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:9a:36:c6:81:91:11:dc:b7:0b:9d:79:92:fa:a8:1f:b0:9d:
         ec:ed:c5:f8:c3:3c:de:d8:32:34:38:c0:26:14:12:d1:50:01:
         b9:06:a7:9e:84:8e:27:c5:34:35:24:11:32:45:46:20:71:d2:
         80:77:9e:93:48:04:2a:fb:b2:26:1d:c5:5e:ee:be:05:87:1d:
         39:be:8b:61:d6:b5:2c:82:32:12:53:aa:75:79:83:3f:bf:31:
         69:00:20:05:2b:cc:b4:cb:fd:1c:46:c9:27:90:7f:6a:a7:67:
         fb:02:28:e1:5f:5d:4a:48:6e:a3:76:54:a0:ec:74:a8:47:d5:
         15:02:22:bf:d5:d8:62:d9:ba:0d:82:46:d7:73:6c:38:9e:99:
         2a:f7:c9:ef:46:da:4e:e6:2c:4d:91:a4:df:a9:ac:92:b5:83:
         3b:1d:27:d2:df:1b:93:87:44:e1:3b:d0:56:10:79:f3:d9:c7:
         06:fe:62:ce:44:53:6d:4a:f4:a9:2d:95:c2:af:7e:5f:15:93:
         3c:78:87:5a:33:58:38:b3:f3:16:1e:c8:a6:38:04:df:14:65:
         9c:83:9d:82:28:7e:03:ec:4e:2b:85:b7:5b:02:19:d2:25:76:
         40:8d:1e:31:a3:81:74:b2:f0:db:db:25:14:01:0b:1d:73:9a:
         87:f7:43:34
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUGk/ylqYZQ7iX3N8F2lsu3BUFG8MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjExMDAwMDAwWhcNMjMwMjE0MjM1OTU5
WjCBpTFJMEcGA1UEBRNAY2M1MmVjYzU4NGRhY2YzY2NlMjgwNDQ4ZmM2YTkzM2Zl
NWU1YmY1Y2MyODM5ODJhYTJmYTIxMWQ2NzhlYzQ4MjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANw1p9GlOXgcsc5fRoSMWvvK08O5499Kk5Nj7V2P4C7JwSzpLrDs
0kEQriZmYn/pPuxKP8iCLmWYZPYnA3GqXXrUK0zXAKricsLaAyGjkMrs99MHkiXf
glrXPJawmGSK6UZtIEpBoaAaI1kHFM/zk1pJKLfmHn1WdEc0VFbK1xh0alhh8Luq
rEGDLZ+LTJqJE49WKblfBgkl4/NJEQ21Ln2DAlKzPYD4MLekMNgSdbAbZgThdYat
ZyGVehEYCFtnBsNzG7jWOa8VUxKoRWHWFdBqwIBNkxdDSgq/E6WAffPFgCeEkz8J
vaa+DxL2+v0FaKc8auEoEMyY8izII1KWXIMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTaTSFP3GwEIqQVewqKxhLNmeRd6jAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvM2NjNDk1YzAtODI1NS00ZGU2LTg1ODAtMWNkNGQ5OThiY2M0LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADeaNsaBkRHctwud
eZL6qB+wneztxfjDPN7YMjQ4wCYUEtFQAbkGp56EjifFNDUkETJFRiBx0oB3npNI
BCr7siYdxV7uvgWHHTm+i2HWtSyCMhJTqnV5gz+/MWkAIAUrzLTL/RxGySeQf2qn
Z/sCKOFfXUpIbqN2VKDsdKhH1RUCIr/V2GLZug2CRtdzbDiemSr3ye9G2k7mLE2R
pN+prJK1gzsdJ9LfG5OHROE70FYQefPZxwb+Ys5EU21K9KktlcKvfl8Vkzx4h1oz
WDiz8xYeyKY4BN8UZZyDnYIofgPsTiuFt1sCGdIldkCNHjGjgXSy8NvbJRQBCx1z
mof3QzQ=
-----END CERTIFICATE-----