Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4510982d-b87d-4eba-9cc2-ec8ce60b1967.roa
File:                     4510982d-b87d-4eba-9cc2-ec8ce60b1967.roa (raw, json)
Hash identifier:          Y50j7jpwmE6uaPl+EzxwjpK9FowDT0luQn01UOrfpV0=
Subject key identifier:   FB:9E:41:55:AE:40:DE:75:78:E4:A6:B0:78:5E:96:F8:A4:B5:7D:EC
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       66AD649A73D7AE2F4BB5BD5950A02C098AD32F66
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4510982d-b87d-4eba-9cc2-ec8ce60b1967.roa
Signing time:             Thu 16 Mar 2023 00:00:00 +0000
ROA not before:           Thu 16 Mar 2023 00:00:00 +0000
ROA not after:            Sun 19 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:ad:64:9a:73:d7:ae:2f:4b:b5:bd:59:50:a0:2c:09:8a:d3:2f:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 16 00:00:00 2023 GMT
            Not After : Mar 19 23:59:59 2023 GMT
        Subject: serialNumber=67cfd61b8179720cde06de31f901e141f1740ec01b4dae49065d1a5c3dd5dfc0, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:be:5e:6f:d1:13:20:4e:fe:b9:45:b9:ac:ff:
                    aa:6f:8c:f3:e8:69:ee:f4:cd:f3:15:fd:39:9f:9b:
                    a8:80:38:0c:79:9d:fd:3d:c9:ac:fb:17:16:f3:a7:
                    97:ca:00:ad:11:db:93:8f:2b:de:a9:ac:b4:f7:83:
                    da:91:34:80:fc:94:ac:ad:ed:57:53:16:81:26:6c:
                    f4:7d:02:65:b7:60:be:fe:18:7b:37:4f:2d:db:ae:
                    15:64:d2:3b:b8:d6:fa:39:ce:5f:36:c1:85:8c:a5:
                    b0:70:b7:05:fe:dc:c8:49:28:47:ba:e1:84:0c:57:
                    d4:00:8a:99:3b:2d:ad:38:a0:f5:70:1d:ce:a8:6e:
                    e5:8e:c7:03:a2:aa:86:15:5f:63:75:59:23:20:ca:
                    9b:e1:0f:ab:cf:ee:8c:98:b6:de:12:01:bb:a7:49:
                    e5:bc:1f:93:b3:7d:52:7c:28:ec:1f:2b:09:3e:a3:
                    79:d0:da:e5:3c:a2:87:c6:de:06:61:72:e9:ac:dd:
                    33:6a:d9:b1:f7:a8:be:5c:ed:aa:78:98:67:84:25:
                    54:88:ad:fc:60:d4:3b:09:84:1d:4d:13:9d:a6:a4:
                    4e:6e:b3:10:84:aa:6d:ce:0b:02:d8:93:e9:8f:3b:
                    54:40:9a:fa:ff:74:9f:a2:3c:c5:4e:e1:10:5d:f8:
                    ca:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:9E:41:55:AE:40:DE:75:78:E4:A6:B0:78:5E:96:F8:A4:B5:7D:EC
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4510982d-b87d-4eba-9cc2-ec8ce60b1967.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:c3:6a:8f:fa:f4:a3:33:5c:a2:b3:3a:1d:01:a8:83:03:c5:
         d6:2b:e1:37:2c:4f:25:d4:98:89:14:a5:55:af:73:d1:31:a8:
         e1:ce:61:93:91:95:97:2d:82:1c:51:71:13:ed:5c:9e:3a:06:
         1a:97:c0:6e:54:3d:7b:b6:79:4b:27:ec:37:3d:d4:d1:8b:51:
         99:68:2c:5f:36:93:7f:3a:4a:a2:8f:7e:e7:59:70:56:32:64:
         b0:fd:8e:17:19:99:77:b5:23:5e:91:76:df:f0:4f:f0:a6:f6:
         43:34:37:17:e4:1a:34:b9:bf:a8:83:7a:cd:bc:e2:e1:fa:5d:
         0d:6f:d0:55:c7:4d:e2:b7:70:c6:e8:e3:1f:0b:bc:47:de:57:
         b0:d5:5e:32:fa:7e:70:bd:cd:e3:c7:97:43:72:83:65:aa:af:
         12:11:8c:f0:75:36:da:12:f5:81:ca:1c:ae:d0:44:6f:be:52:
         9b:fe:fc:ff:5d:30:6f:ab:06:e3:b6:34:0a:44:53:05:e8:47:
         3d:f9:84:8d:a4:87:84:0a:35:d7:15:ff:b5:87:bd:fc:6e:fd:
         ff:18:ce:1d:8f:04:83:2b:df:5f:90:c0:fe:a9:41:16:ca:3c:
         b9:94:a9:1b:33:4b:af:e6:f6:7b:25:5c:42:08:c6:29:70:ce:
         4c:34:35:33
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUZq1kmnPXri9Ltb1ZUKAsCYrTL2YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzE2MDAwMDAwWhcNMjMwMzE5MjM1OTU5
WjCBpTFJMEcGA1UEBRNANjdjZmQ2MWI4MTc5NzIwY2RlMDZkZTMxZjkwMWUxNDFm
MTc0MGVjMDFiNGRhZTQ5MDY1ZDFhNWMzZGQ1ZGZjMDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJm+Xm/REyBO/rlFuaz/qm+M8+hp7vTN8xX9OZ+bqIA4DHmd/T3J
rPsXFvOnl8oArRHbk48r3qmstPeD2pE0gPyUrK3tV1MWgSZs9H0CZbdgvv4YezdP
LduuFWTSO7jW+jnOXzbBhYylsHC3Bf7cyEkoR7rhhAxX1ACKmTstrTig9XAdzqhu
5Y7HA6KqhhVfY3VZIyDKm+EPq8/ujJi23hIBu6dJ5bwfk7N9Unwo7B8rCT6jedDa
5Tyih8beBmFy6azdM2rZsfeovlztqniYZ4QlVIit/GDUOwmEHU0TnaakTm6zEISq
bc4LAtiT6Y87VECa+v90n6I8xU7hEF34yjcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBT7nkFVrkDedXjkprB4Xpb4pLV97DAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNDUxMDk4MmQtYjg3ZC00ZWJhLTljYzItZWM4Y2U2MGIxOTY3LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGnDao/69KMzXKKz
Oh0BqIMDxdYr4TcsTyXUmIkUpVWvc9ExqOHOYZORlZctghxRcRPtXJ46BhqXwG5U
PXu2eUsn7Dc91NGLUZloLF82k386SqKPfudZcFYyZLD9jhcZmXe1I16Rdt/wT/Cm
9kM0NxfkGjS5v6iDes284uH6XQ1v0FXHTeK3cMbo4x8LvEfeV7DVXjL6fnC9zePH
l0Nyg2WqrxIRjPB1NtoS9YHKHK7QRG++Upv+/P9dMG+rBuO2NApEUwXoRz35hI2k
h4QKNdcV/7WHvfxu/f8Yzh2PBIMr31+QwP6pQRbKPLmUqRszS6/m9nslXEIIxilw
zkw0NTM=
-----END CERTIFICATE-----