Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/43c12eda-4cf3-44ee-96e5-6e5cd8f2723e.roa
File:                     43c12eda-4cf3-44ee-96e5-6e5cd8f2723e.roa (raw, json)
Hash identifier:          RcVtRMdSlQ0XUxLcnuDwru87U3kBz7X4T0y25mpKJl4=
Subject key identifier:   DC:FD:04:A9:2C:84:AD:19:2C:6F:36:91:63:92:5A:46:3A:8F:56:DA
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       3004546DE1F9E7C2C3475ACF6F8F5979D412A501
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/43c12eda-4cf3-44ee-96e5-6e5cd8f2723e.roa
Signing time:             Sat 15 Apr 2023 00:00:00 +0000
ROA not before:           Sat 15 Apr 2023 00:00:00 +0000
ROA not after:            Tue 18 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:04:54:6d:e1:f9:e7:c2:c3:47:5a:cf:6f:8f:59:79:d4:12:a5:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 15 00:00:00 2023 GMT
            Not After : Apr 18 23:59:59 2023 GMT
        Subject: serialNumber=1df4f38f78d29b33cb05e1e824ace702119c4f4e87697bf411a0fe3b2d8cfbe7, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:74:9b:00:0f:1c:a9:f6:74:1a:aa:de:01:65:
                    1c:6a:d2:ea:f1:09:42:3b:1d:e5:11:74:6c:0d:b1:
                    9a:8e:be:2f:07:9e:91:90:ad:a6:22:18:55:da:30:
                    99:f4:31:c5:5c:16:d3:89:df:03:fd:c5:23:8f:61:
                    70:cd:f1:36:7d:3b:4b:41:90:d2:d6:1e:97:c7:db:
                    83:d5:ec:c2:2f:de:e3:d9:0e:8c:5e:3a:48:6b:70:
                    ae:6c:81:b0:66:a9:2e:ca:80:cb:24:b6:13:77:6f:
                    95:3c:ad:6e:44:8d:89:c8:53:53:9f:6f:2f:cd:60:
                    32:1d:70:d6:6f:b1:36:0a:b5:5b:af:7f:31:d9:80:
                    fd:b2:ac:18:24:26:72:9c:ec:96:1f:71:4e:f2:7a:
                    da:12:5d:19:16:b9:34:19:07:2a:4b:41:4b:6e:50:
                    6b:cc:8d:3f:f8:0d:ff:3b:04:1a:d1:f4:9d:1f:97:
                    6f:04:9a:b2:7f:02:e5:bb:bd:19:58:4a:2b:13:ed:
                    da:21:fb:cb:51:ac:d7:7e:98:5d:a9:0e:ca:5c:be:
                    fd:b8:3d:c5:e3:82:05:7d:df:ab:aa:e4:82:86:26:
                    75:7e:c7:a7:c4:0b:0b:01:53:1e:a9:dc:93:a8:ae:
                    3b:b6:62:73:71:4e:99:a6:b5:38:cb:69:44:84:be:
                    8a:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:FD:04:A9:2C:84:AD:19:2C:6F:36:91:63:92:5A:46:3A:8F:56:DA
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/43c12eda-4cf3-44ee-96e5-6e5cd8f2723e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:2e:99:0b:04:ac:92:0d:ac:bb:ea:56:82:1b:1c:1a:aa:0d:
         45:a2:ce:8a:1d:7f:ac:3e:d0:e3:cb:ad:39:d3:de:f9:8d:45:
         3e:ce:b7:9f:ab:93:df:55:bf:b7:de:99:ef:0c:f0:02:d5:6c:
         cc:a2:29:b5:29:f4:fc:8e:d1:02:83:ba:c6:da:74:26:a0:23:
         35:f7:8b:3c:e3:6c:c4:cd:4b:44:c4:9d:52:dd:cb:2e:54:e9:
         44:10:9e:57:b5:19:c8:05:4c:f3:3a:7c:7c:8d:ab:17:a2:76:
         98:bb:5b:1d:25:22:68:37:c1:15:90:b7:d7:39:1a:f1:8b:50:
         27:65:4d:f4:7b:54:c5:81:1b:c1:bf:19:cc:f1:87:30:71:37:
         e9:e8:18:81:4d:bc:17:8a:3b:95:1e:96:82:41:b5:87:a6:b9:
         4d:ae:06:84:85:0f:cd:95:82:1f:54:0e:24:1f:83:28:d1:90:
         1a:39:8e:f1:f9:bc:82:bc:ac:16:ba:37:91:b2:92:c8:09:fc:
         cc:88:71:4f:86:95:63:5e:86:04:63:15:24:d3:1c:37:16:94:
         79:f0:c7:67:a5:7d:f9:e9:55:f2:64:f5:b7:e2:f0:f1:b4:55:
         95:b9:57:e3:9c:ba:45:e9:7f:8e:90:84:e6:6d:8b:b5:a3:4f:
         6a:03:c5:29
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUMARUbeH558LDR1rPb49ZedQSpQEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDE1MDAwMDAwWhcNMjMwNDE4MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMWRmNGYzOGY3OGQyOWIzM2NiMDVlMWU4MjRhY2U3MDIx
MTljNGY0ZTg3Njk3YmY0MTFhMGZlM2IyZDhjZmJlNzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJl0mwAPHKn2dBqq3gFlHGrS6vEJQjsd5RF0bA2xmo6+LweekZCt
piIYVdowmfQxxVwW04nfA/3FI49hcM3xNn07S0GQ0tYel8fbg9Xswi/e49kOjF46
SGtwrmyBsGapLsqAyyS2E3dvlTytbkSNichTU59vL81gMh1w1m+xNgq1W69/MdmA
/bKsGCQmcpzslh9xTvJ62hJdGRa5NBkHKktBS25Qa8yNP/gN/zsEGtH0nR+XbwSa
sn8C5bu9GVhKKxPt2iH7y1Gs136YXakOyly+/bg9xeOCBX3fq6rkgoYmdX7Hp8QL
CwFTHqnck6iuO7Zic3FOmaa1OMtpRIS+ijcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTc/QSpLIStGSxvNpFjklpGOo9W2jAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNDNjMTJlZGEtNGNmMy00NGVlLTk2ZTUtNmU1Y2Q4ZjI3MjNlLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHsumQsErJINrLvq
VoIbHBqqDUWizoodf6w+0OPLrTnT3vmNRT7Ot5+rk99Vv7feme8M8ALVbMyiKbUp
9PyO0QKDusbadCagIzX3izzjbMTNS0TEnVLdyy5U6UQQnle1GcgFTPM6fHyNqxei
dpi7Wx0lImg3wRWQt9c5GvGLUCdlTfR7VMWBG8G/GczxhzBxN+noGIFNvBeKO5Ue
loJBtYemuU2uBoSFD82Vgh9UDiQfgyjRkBo5jvH5vIK8rBa6N5GyksgJ/MyIcU+G
lWNehgRjFSTTHDcWlHnwx2elffnpVfJk9bfi8PG0VZW5V+OcukXpf46QhOZti7Wj
T2oDxSk=
-----END CERTIFICATE-----