Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3e6616d8-59f4-4fbd-9049-2abbc24536e8.roa
File:                     3e6616d8-59f4-4fbd-9049-2abbc24536e8.roa (raw, json)
Hash identifier:          Wws0GAtUitL+wYSqii+CPOH8Qskfi/C9nPGZKgrR0g8=
Subject key identifier:   18:78:0E:4E:0C:1B:CE:0D:12:98:25:C2:2A:8A:AD:3E:12:7E:81:C5
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       549095AF4BB530835C752B620B43AD07032D8680
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3e6616d8-59f4-4fbd-9049-2abbc24536e8.roa
Signing time:             Mon 20 Feb 2023 00:00:00 +0000
ROA not before:           Mon 20 Feb 2023 00:00:00 +0000
ROA not after:            Thu 23 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:90:95:af:4b:b5:30:83:5c:75:2b:62:0b:43:ad:07:03:2d:86:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 20 00:00:00 2023 GMT
            Not After : Feb 23 23:59:59 2023 GMT
        Subject: serialNumber=b11a58bf20e5e7ee98e5db49973a71a60c983ca5ef54e2ebd2f935cb9c536ade, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:d0:44:72:32:ac:e3:02:09:c2:a0:f1:46:f0:
                    00:36:8d:46:97:30:6f:c8:d8:8d:06:8f:02:02:3e:
                    77:0d:f5:fb:1f:eb:d5:5e:35:5c:93:2b:86:70:f6:
                    b5:cc:b3:df:4e:96:e5:a0:ea:2f:e0:fa:75:2d:78:
                    6c:54:25:61:db:94:46:f5:3d:65:62:29:76:0d:64:
                    06:d8:a4:45:37:3f:72:5a:a7:d3:a1:31:0c:bb:42:
                    1f:5f:8a:2b:23:fb:68:a6:f1:a7:f5:95:cc:9b:0d:
                    74:e6:88:e4:22:66:f4:2f:68:51:8c:79:61:dd:24:
                    c3:75:5d:e4:15:8a:74:e5:e1:49:6e:93:6b:89:b1:
                    99:39:ed:eb:27:61:e1:42:dd:cd:c9:d3:74:89:ef:
                    e9:48:e8:42:a7:39:d6:29:07:e9:23:e6:82:45:ac:
                    80:09:29:05:87:45:60:d1:c5:6c:23:6e:a9:62:cb:
                    a2:d6:cd:a6:75:10:39:3c:6c:52:30:ee:fb:fd:95:
                    f3:75:a0:b6:23:5a:7c:f1:df:91:50:8e:da:05:1e:
                    f8:cb:c9:fb:b2:1d:e2:51:fd:8a:ec:0d:1b:70:fb:
                    53:6a:a6:da:ad:9c:9b:2d:08:ab:56:83:bb:3a:d2:
                    fc:9a:3c:23:ce:c4:d0:0e:69:06:10:35:70:2d:d3:
                    c9:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:78:0E:4E:0C:1B:CE:0D:12:98:25:C2:2A:8A:AD:3E:12:7E:81:C5
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3e6616d8-59f4-4fbd-9049-2abbc24536e8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:2d:c8:97:8a:cf:66:96:b6:a0:fb:eb:39:db:59:a4:f0:17:
         8e:9a:9d:13:66:33:61:53:9f:83:6b:c6:f7:2f:e0:6b:ea:3d:
         c2:bb:7d:60:29:e7:0d:aa:50:fb:52:f1:76:12:d0:c8:17:de:
         a7:84:66:02:37:8e:1a:94:3b:1b:70:33:44:83:8c:65:de:e7:
         1f:19:f8:b5:9e:d5:30:fb:60:0d:37:52:37:f1:24:18:9c:06:
         e1:b4:94:ef:7d:e8:bb:12:22:d4:4c:9a:b4:74:33:28:88:1d:
         f8:2b:54:4b:0a:2f:2c:cd:64:ee:c9:f5:44:b8:01:3c:09:fa:
         db:86:c3:81:c1:33:2b:b3:5e:95:81:c3:d5:73:77:89:a0:82:
         1b:56:a2:2e:b4:95:93:a0:bc:a5:2a:c4:0a:40:07:5d:bf:40:
         ec:21:70:f6:8f:02:56:0c:03:b1:c0:2f:e1:aa:cf:47:48:26:
         3b:fc:29:c6:4a:47:3b:21:20:21:05:f6:3a:03:ac:65:57:28:
         d7:27:f9:1a:1c:69:3b:28:ac:d4:83:d2:5a:c1:84:bc:78:fa:
         f7:cb:f6:0b:2e:44:10:fd:f9:b3:fe:00:e5:05:b1:f0:e8:9f:
         1f:e6:14:bd:1d:55:ec:73:01:1d:7b:26:5d:b6:b9:ef:45:aa:
         65:fd:55:34
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUVJCVr0u1MINcdStiC0OtBwMthoAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjIwMDAwMDAwWhcNMjMwMjIzMjM1OTU5
WjCBpTFJMEcGA1UEBRNAYjExYTU4YmYyMGU1ZTdlZTk4ZTVkYjQ5OTczYTcxYTYw
Yzk4M2NhNWVmNTRlMmViZDJmOTM1Y2I5YzUzNmFkZTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMbQRHIyrOMCCcKg8UbwADaNRpcwb8jYjQaPAgI+dw31+x/r1V41
XJMrhnD2tcyz306W5aDqL+D6dS14bFQlYduURvU9ZWIpdg1kBtikRTc/clqn06Ex
DLtCH1+KKyP7aKbxp/WVzJsNdOaI5CJm9C9oUYx5Yd0kw3Vd5BWKdOXhSW6Ta4mx
mTnt6ydh4ULdzcnTdInv6UjoQqc51ikH6SPmgkWsgAkpBYdFYNHFbCNuqWLLotbN
pnUQOTxsUjDu+/2V83WgtiNafPHfkVCO2gUe+MvJ+7Id4lH9iuwNG3D7U2qm2q2c
my0Iq1aDuzrS/Jo8I87E0A5pBhA1cC3TyTkCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQYeA5ODBvODRKYJcIqiq0+En6BxTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvM2U2NjE2ZDgtNTlmNC00ZmJkLTkwNDktMmFiYmMyNDUzNmU4LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIwtyJeKz2aWtqD7
6znbWaTwF46anRNmM2FTn4Nrxvcv4GvqPcK7fWAp5w2qUPtS8XYS0MgX3qeEZgI3
jhqUOxtwM0SDjGXe5x8Z+LWe1TD7YA03UjfxJBicBuG0lO996LsSItRMmrR0MyiI
HfgrVEsKLyzNZO7J9US4ATwJ+tuGw4HBMyuzXpWBw9Vzd4mgghtWoi60lZOgvKUq
xApAB12/QOwhcPaPAlYMA7HAL+Gqz0dIJjv8KcZKRzshICEF9joDrGVXKNcn+Roc
aTsorNSD0lrBhLx4+vfL9gsuRBD9+bP+AOUFsfDonx/mFL0dVexzAR17Jl22ue9F
qmX9VTQ=
-----END CERTIFICATE-----