Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/432e11e4-9eaf-4e27-8e0b-161c7e877a5a.roa
File:                     432e11e4-9eaf-4e27-8e0b-161c7e877a5a.roa (raw, json)
Hash identifier:          BG8dFTWOeX6/cpWSHu8gTrGpGMsU1CarwrsPG8xZtmY=
Subject key identifier:   A9:4D:38:79:86:30:14:C1:01:AC:8D:D3:E7:01:CF:78:E2:92:38:73
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       69C634F64BBD8770D3AE67C3D1A40BA7268A6BF3
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/432e11e4-9eaf-4e27-8e0b-161c7e877a5a.roa
Signing time:             Sat 22 Apr 2023 00:00:00 +0000
ROA not before:           Sat 22 Apr 2023 00:00:00 +0000
ROA not after:            Tue 25 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:c6:34:f6:4b:bd:87:70:d3:ae:67:c3:d1:a4:0b:a7:26:8a:6b:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 22 00:00:00 2023 GMT
            Not After : Apr 25 23:59:59 2023 GMT
        Subject: serialNumber=22f329b6a02e34dfbea8bdc3fd6596ab85a62eecc6a4804dd7d7f81b88945096, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:2f:ca:8c:ca:c5:ba:0a:36:f6:17:3c:2b:a3:
                    3f:c2:cc:9e:8f:5c:e6:aa:0b:65:79:b1:21:02:3c:
                    b3:5e:c9:63:ec:44:f9:a6:db:15:8b:02:ed:91:d9:
                    36:c2:2d:ca:d7:63:ce:32:f7:90:34:a6:ee:55:19:
                    a6:64:1b:74:5b:82:fd:1e:ff:08:5c:95:33:34:c3:
                    e8:ee:1b:b3:a1:d0:8b:02:a7:09:13:b5:96:ff:55:
                    92:32:7b:d9:b3:15:d4:63:13:b7:6d:3e:e0:97:70:
                    89:d5:87:af:de:e2:63:74:32:54:6b:5e:cf:7c:f4:
                    d5:2a:37:ee:20:53:0a:2a:4c:c2:3c:9b:c8:7a:e9:
                    bf:47:e8:ec:d4:d3:82:8f:c3:a9:48:30:4e:2a:eb:
                    1d:f0:28:cd:14:9b:f1:c4:08:d3:3c:b0:bf:25:89:
                    2b:0a:b5:2f:63:47:2b:e5:7e:e7:01:01:19:6a:2a:
                    99:cb:6e:47:4f:05:1b:6f:a1:13:e4:f0:e4:51:5f:
                    74:a8:ff:eb:87:34:e7:02:01:d7:44:05:fe:24:85:
                    a5:67:6b:db:bd:e8:75:99:77:3a:27:5a:ef:26:31:
                    1a:e2:fb:ab:4f:16:7f:6c:dc:0b:e9:24:3a:f6:9f:
                    2f:0a:d3:42:c2:b8:ba:0b:f4:f1:f7:07:ed:66:0f:
                    96:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:4D:38:79:86:30:14:C1:01:AC:8D:D3:E7:01:CF:78:E2:92:38:73
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/432e11e4-9eaf-4e27-8e0b-161c7e877a5a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:1f:e2:77:c1:cc:f1:fb:44:dc:92:3b:cf:c9:e9:c4:0a:d5:
         9b:a4:5d:f3:d8:96:23:e9:98:98:8d:bf:98:67:12:26:38:61:
         e1:53:c3:02:66:72:44:97:4f:fb:fd:61:b8:1b:ae:40:8b:d4:
         22:1f:c0:90:83:2a:a4:6c:cd:36:25:52:e2:57:77:5d:9e:f7:
         43:8c:47:84:c0:66:df:40:52:6b:6b:d6:cd:c2:51:0b:8c:74:
         26:d0:2f:cf:16:ec:5f:73:3b:e4:22:8d:60:17:5e:ef:d5:c5:
         1e:90:68:ec:ca:64:b0:3d:27:b2:30:15:05:26:f7:fb:18:9c:
         06:d9:53:7b:1c:12:f9:76:f2:92:b0:6e:d9:9a:74:d7:fb:7f:
         4d:81:e3:fe:37:53:9c:5b:e3:29:4b:d7:cf:69:f9:40:50:58:
         d9:6e:42:7d:ba:f6:af:ba:e5:01:24:cd:4c:f7:1a:9d:e1:7e:
         0f:92:64:e9:77:8d:86:06:78:ca:6b:db:8d:ab:31:2e:90:5e:
         d0:96:ae:81:7a:0c:e8:43:91:98:f8:df:1a:d3:76:c3:f6:42:
         8c:4e:b7:95:3a:12:e4:5d:3b:1b:21:8b:3c:3b:05:f4:99:1a:
         c7:98:06:52:48:7b:b0:bd:13:93:18:57:30:3f:d7:04:f6:72:
         aa:fb:42:78
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUacY09ku9h3DTrmfD0aQLpyaKa/MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDIyMDAwMDAwWhcNMjMwNDI1MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMjJmMzI5YjZhMDJlMzRkZmJlYThiZGMzZmQ2NTk2YWI4
NWE2MmVlY2M2YTQ4MDRkZDdkN2Y4MWI4ODk0NTA5NjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAOAvyozKxboKNvYXPCujP8LMno9c5qoLZXmxIQI8s17JY+xE+abb
FYsC7ZHZNsItytdjzjL3kDSm7lUZpmQbdFuC/R7/CFyVMzTD6O4bs6HQiwKnCRO1
lv9VkjJ72bMV1GMTt20+4JdwidWHr97iY3QyVGtez3z01So37iBTCipMwjybyHrp
v0fo7NTTgo/DqUgwTirrHfAozRSb8cQI0zywvyWJKwq1L2NHK+V+5wEBGWoqmctu
R08FG2+hE+Tw5FFfdKj/64c05wIB10QF/iSFpWdr273odZl3Oida7yYxGuL7q08W
f2zcC+kkOvafLwrTQsK4ugv08fcH7WYPltMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSpTTh5hjAUwQGsjdPnAc944pI4czAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNDMyZTExZTQtOWVhZi00ZTI3LThlMGItMTYxYzdlODc3YTVhLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAUf4nfBzPH7RNyS
O8/J6cQK1ZukXfPYliPpmJiNv5hnEiY4YeFTwwJmckSXT/v9YbgbrkCL1CIfwJCD
KqRszTYlUuJXd12e90OMR4TAZt9AUmtr1s3CUQuMdCbQL88W7F9zO+QijWAXXu/V
xR6QaOzKZLA9J7IwFQUm9/sYnAbZU3scEvl28pKwbtmadNf7f02B4/43U5xb4ylL
189p+UBQWNluQn269q+65QEkzUz3Gp3hfg+SZOl3jYYGeMpr242rMS6QXtCWroF6
DOhDkZj43xrTdsP2QoxOt5U6EuRdOxshizw7BfSZGseYBlJIe7C9E5MYVzA/1wT2
cqr7Qng=
-----END CERTIFICATE-----