Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3cfe8f4f-68ea-4856-8ca0-b2234cf94280.roa
File:                     3cfe8f4f-68ea-4856-8ca0-b2234cf94280.roa (raw, json)
Hash identifier:          kQiUZ8LUHtGRGekiceGBkWaAvRr7XuUspdBDcJgq3vA=
Subject key identifier:   B6:09:96:D3:3E:DF:18:3C:4A:6A:A8:98:E3:2D:C6:A0:1B:00:13:B9
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       1064B70D238F6510F7EAA1027FFFB2819A2E65D3
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3cfe8f4f-68ea-4856-8ca0-b2234cf94280.roa
Signing time:             Tue 14 Feb 2023 00:00:00 +0000
ROA not before:           Tue 14 Feb 2023 00:00:00 +0000
ROA not after:            Fri 17 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:64:b7:0d:23:8f:65:10:f7:ea:a1:02:7f:ff:b2:81:9a:2e:65:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 14 00:00:00 2023 GMT
            Not After : Feb 17 23:59:59 2023 GMT
        Subject: serialNumber=a2e716d7b20c7ad437a84a4bf51047bfc0c04bed19c7378f4c7523f71e2a4ac2, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:97:7b:d1:76:06:2d:90:a4:e4:c0:ff:37:d1:
                    e1:02:01:a2:87:7c:34:1c:53:bc:5d:1f:20:6a:17:
                    8e:c9:23:90:99:3a:0a:73:c0:94:c4:ac:dd:57:da:
                    89:1c:f6:59:63:f2:e6:72:0d:f6:ed:6d:d6:2e:39:
                    a3:ee:7f:ec:e6:05:92:c9:de:34:41:0d:e0:5f:81:
                    e0:92:ab:a4:08:f3:a5:9e:f4:cd:c8:23:10:ee:c5:
                    c2:41:0a:33:e9:d5:0c:b0:a2:ab:4d:4a:18:42:68:
                    f6:31:97:d4:51:85:42:b6:23:96:71:90:73:0f:5d:
                    0f:7f:03:4c:f3:f8:c7:01:16:bb:e2:0d:19:b2:78:
                    b5:be:69:83:55:99:dc:ad:76:54:24:34:d9:cb:23:
                    75:24:0e:e4:78:3d:67:d7:80:87:d7:be:23:73:b5:
                    7d:92:34:ec:a5:ea:16:92:15:2f:94:8e:f5:74:de:
                    58:9a:cb:aa:3e:68:6e:07:6a:00:dd:e6:c4:ed:b9:
                    05:a9:9b:60:91:c2:db:74:50:d3:44:0b:2e:ac:45:
                    40:f8:4f:d0:18:0c:ba:15:1e:3f:b6:60:d9:79:c1:
                    87:63:04:5e:b5:8b:b0:57:57:cd:1d:d0:5f:5e:c9:
                    32:26:db:33:37:96:19:72:63:59:b6:19:2e:e7:12:
                    ce:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:09:96:D3:3E:DF:18:3C:4A:6A:A8:98:E3:2D:C6:A0:1B:00:13:B9
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3cfe8f4f-68ea-4856-8ca0-b2234cf94280.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:98:b8:d1:41:22:3a:62:89:4e:c5:92:d3:a9:94:1a:be:4f:
         65:69:d0:b9:41:da:22:70:52:c5:0b:3e:b9:05:52:5d:14:22:
         1d:18:e9:df:92:cb:48:82:e3:e6:2b:d5:9e:fc:05:e9:1a:ed:
         77:ad:7d:05:00:40:ea:e7:2d:10:62:3b:36:9e:0d:3c:fa:f7:
         7a:a1:22:11:57:71:08:3e:54:63:b3:b1:1a:0b:db:1f:e7:9d:
         c2:e7:e1:4c:47:ac:dd:9b:6e:81:69:4d:a6:49:22:72:dd:59:
         f5:c4:f1:57:ee:57:13:b2:49:06:4c:98:bf:32:b2:63:35:de:
         2d:86:c8:05:b5:84:f3:7d:55:11:fe:f8:a3:2a:7a:66:fd:7e:
         3a:be:3b:cb:c5:a1:f6:90:16:66:a2:e8:d9:82:4b:49:04:ae:
         52:df:83:79:d9:29:8c:62:38:7b:98:78:b0:f7:0f:34:01:33:
         dd:8c:0e:da:a7:90:0b:62:d7:b0:2c:05:38:68:fb:f4:26:40:
         34:28:b9:05:31:22:02:66:7d:96:98:c9:92:98:1a:32:98:d7:
         e1:08:54:e1:d7:e4:fe:fd:c8:fc:1f:2e:4b:17:ce:51:45:3e:
         1b:fa:17:21:8a:01:0d:d7:42:e0:6a:68:16:13:3e:db:19:8a:
         53:79:c8:ef
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUEGS3DSOPZRD36qECf/+ygZouZdMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjE0MDAwMDAwWhcNMjMwMjE3MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYTJlNzE2ZDdiMjBjN2FkNDM3YTg0YTRiZjUxMDQ3YmZj
MGMwNGJlZDE5YzczNzhmNGM3NTIzZjcxZTJhNGFjMjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALyXe9F2Bi2QpOTA/zfR4QIBood8NBxTvF0fIGoXjskjkJk6CnPA
lMSs3VfaiRz2WWPy5nIN9u1t1i45o+5/7OYFksneNEEN4F+B4JKrpAjzpZ70zcgj
EO7FwkEKM+nVDLCiq01KGEJo9jGX1FGFQrYjlnGQcw9dD38DTPP4xwEWu+INGbJ4
tb5pg1WZ3K12VCQ02csjdSQO5Hg9Z9eAh9e+I3O1fZI07KXqFpIVL5SO9XTeWJrL
qj5obgdqAN3mxO25BambYJHC23RQ00QLLqxFQPhP0BgMuhUeP7Zg2XnBh2MEXrWL
sFdXzR3QX17JMibbMzeWGXJjWbYZLucSztsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBS2CZbTPt8YPEpqqJjjLcagGwATuTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvM2NmZThmNGYtNjhlYS00ODU2LThjYTAtYjIyMzRjZjk0MjgwLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAB2YuNFBIjpiiU7F
ktOplBq+T2Vp0LlB2iJwUsULPrkFUl0UIh0Y6d+Sy0iC4+Yr1Z78Beka7XetfQUA
QOrnLRBiOzaeDTz693qhIhFXcQg+VGOzsRoL2x/nncLn4UxHrN2bboFpTaZJInLd
WfXE8VfuVxOySQZMmL8ysmM13i2GyAW1hPN9VRH++KMqemb9fjq+O8vFofaQFmai
6NmCS0kErlLfg3nZKYxiOHuYeLD3DzQBM92MDtqnkAti17AsBTho+/QmQDQouQUx
IgJmfZaYyZKYGjKY1+EIVOHX5P79yPwfLksXzlFFPhv6FyGKAQ3XQuBqaBYTPtsZ
ilN5yO8=
-----END CERTIFICATE-----