Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/442a21e6-7876-4a9d-bb5e-682c1ca4f3eb.roa
File:                     442a21e6-7876-4a9d-bb5e-682c1ca4f3eb.roa (raw, json)
Hash identifier:          wnj310TjeK9q4ZZsnF1DuLqACSEHxXTQl4T7M6lMmLI=
Subject key identifier:   BD:A8:77:34:68:89:69:D2:D1:5D:AA:8B:B8:30:26:0C:B3:AE:AD:9F
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       52ED57D2476E5969A51B58A871BDEC6492922A45
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/442a21e6-7876-4a9d-bb5e-682c1ca4f3eb.roa
Signing time:             Thu 20 Apr 2023 00:00:00 +0000
ROA not before:           Thu 20 Apr 2023 00:00:00 +0000
ROA not after:            Sun 23 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:ed:57:d2:47:6e:59:69:a5:1b:58:a8:71:bd:ec:64:92:92:2a:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 20 00:00:00 2023 GMT
            Not After : Apr 23 23:59:59 2023 GMT
        Subject: serialNumber=700002402db5ae0656146180b00d885e3e641486d677fe6698b19a4e7f7b7cc3, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:61:1e:f1:97:f6:9b:18:bd:53:0b:b6:e8:c1:
                    e4:45:2b:7f:b8:4b:32:37:86:4f:0e:e9:57:76:cf:
                    fe:d2:17:d3:50:43:af:ea:88:9c:cf:d2:15:aa:72:
                    fb:97:54:e4:72:bd:46:da:86:f5:45:41:d0:fb:b1:
                    2f:1a:34:55:11:c6:76:64:86:60:2a:e7:7d:32:37:
                    bf:b5:6a:8f:61:f2:a0:1d:a4:4a:0a:27:53:3d:6d:
                    53:79:85:94:ef:95:ac:9b:ef:87:74:3d:66:af:d2:
                    5a:3a:b4:b3:a7:d8:c7:e6:8e:f5:20:73:d4:93:0f:
                    91:4d:c7:46:dd:dc:c4:4d:50:46:13:84:9c:09:9a:
                    4f:b1:a4:4b:f0:3d:e5:e7:4b:fd:b8:a0:be:23:87:
                    cd:1a:0a:f3:e3:1e:a6:8c:6f:8c:3c:53:60:75:03:
                    de:88:5b:ba:b6:19:f5:95:7d:ec:05:f6:1e:68:e4:
                    ce:d5:78:51:6d:80:91:7e:30:08:1a:14:79:fb:9a:
                    5f:2d:0f:5f:c0:c9:fb:3c:fc:a2:6a:0d:0f:43:ee:
                    90:8c:60:e8:2d:c3:f6:06:54:cf:37:74:0a:fc:55:
                    49:4f:a6:ca:de:96:93:c2:94:b7:28:8d:00:63:ba:
                    0e:98:88:31:44:bd:47:78:5d:dd:3e:c8:cd:95:b5:
                    ea:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:A8:77:34:68:89:69:D2:D1:5D:AA:8B:B8:30:26:0C:B3:AE:AD:9F
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/442a21e6-7876-4a9d-bb5e-682c1ca4f3eb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c8:f2:e8:8f:ee:48:59:54:a8:5f:8e:33:e4:8a:0c:58:d2:01:
         d5:fa:6b:17:07:96:ef:52:44:f3:70:25:53:15:86:ba:5e:e7:
         87:ed:ac:9e:c3:e8:3a:04:14:2d:51:1b:5c:9c:00:ce:1f:cc:
         ef:e5:db:a9:57:41:93:66:76:9b:89:d3:60:0b:7d:ae:cf:89:
         a7:d0:5a:f7:3a:b9:7a:91:52:fe:f2:d3:2e:f7:10:50:ef:2e:
         2b:2b:85:a2:8e:6c:cb:84:a4:e8:df:d6:bc:33:69:65:b8:48:
         b5:dd:62:91:8b:0f:dd:57:cf:49:24:85:70:9c:5c:97:d9:4a:
         fc:5b:a5:17:c4:44:d2:16:75:4f:30:c7:b7:43:27:65:e3:1b:
         84:e3:70:d2:75:ba:be:11:c9:88:c5:94:eb:eb:50:b1:b1:de:
         9c:ae:11:bd:7f:7d:54:41:67:07:c2:30:01:42:47:f7:be:30:
         47:cd:43:bf:b8:87:97:16:f4:00:f8:b3:f4:36:6d:1f:b2:03:
         30:e0:58:9e:31:49:cb:ad:51:9b:82:22:87:62:50:62:3a:c9:
         09:1f:d9:87:41:1f:70:fb:53:96:c7:8c:e7:ed:38:8a:42:9b:
         b3:b2:6e:ac:5a:03:4d:3e:8b:01:fe:3b:6e:92:88:01:76:e9:
         0a:06:e5:6d
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUUu1X0kduWWmlG1iocb3sZJKSKkUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDIwMDAwMDAwWhcNMjMwNDIzMjM1OTU5
WjCBpTFJMEcGA1UEBRNANzAwMDAyNDAyZGI1YWUwNjU2MTQ2MTgwYjAwZDg4NWUz
ZTY0MTQ4NmQ2NzdmZTY2OThiMTlhNGU3ZjdiN2NjMzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAOdhHvGX9psYvVMLtujB5EUrf7hLMjeGTw7pV3bP/tIX01BDr+qI
nM/SFapy+5dU5HK9RtqG9UVB0PuxLxo0VRHGdmSGYCrnfTI3v7Vqj2HyoB2kSgon
Uz1tU3mFlO+VrJvvh3Q9Zq/SWjq0s6fYx+aO9SBz1JMPkU3HRt3cxE1QRhOEnAma
T7GkS/A95edL/bigviOHzRoK8+MepoxvjDxTYHUD3ohburYZ9ZV97AX2HmjkztV4
UW2AkX4wCBoUefuaXy0PX8DJ+zz8omoND0PukIxg6C3D9gZUzzd0CvxVSU+myt6W
k8KUtyiNAGO6DpiIMUS9R3hd3T7IzZW16lMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBS9qHc0aIlp0tFdqou4MCYMs66tnzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNDQyYTIxZTYtNzg3Ni00YTlkLWJiNWUtNjgyYzFjYTRmM2ViLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAMjy6I/uSFlUqF+O
M+SKDFjSAdX6axcHlu9SRPNwJVMVhrpe54ftrJ7D6DoEFC1RG1ycAM4fzO/l26lX
QZNmdpuJ02ALfa7PiafQWvc6uXqRUv7y0y73EFDvLisrhaKObMuEpOjf1rwzaWW4
SLXdYpGLD91Xz0kkhXCcXJfZSvxbpRfERNIWdU8wx7dDJ2XjG4TjcNJ1ur4RyYjF
lOvrULGx3pyuEb1/fVRBZwfCMAFCR/e+MEfNQ7+4h5cW9AD4s/Q2bR+yAzDgWJ4x
ScutUZuCIodiUGI6yQkf2YdBH3D7U5bHjOftOIpCm7OybqxaA00+iwH+O26SiAF2
6QoG5W0=
-----END CERTIFICATE-----