Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/455ffa2f-dc20-44ea-a819-1e1674db2dae.roa
File:                     455ffa2f-dc20-44ea-a819-1e1674db2dae.roa (raw, json)
Hash identifier:          DndZJChtIAOx1SU+z3rXAoYSC9rlLyk1pQf1FUSM55M=
Subject key identifier:   64:5E:DE:F2:FD:66:EC:D0:50:5F:DE:DC:84:03:2E:5D:A8:63:66:0E
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       2338D1138F4E4054D661A6F2A098D19E3092F3DA
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/455ffa2f-dc20-44ea-a819-1e1674db2dae.roa
Signing time:             Thu 20 Apr 2023 00:00:00 +0000
ROA not before:           Thu 20 Apr 2023 00:00:00 +0000
ROA not after:            Sun 23 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:38:d1:13:8f:4e:40:54:d6:61:a6:f2:a0:98:d1:9e:30:92:f3:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 20 00:00:00 2023 GMT
            Not After : Apr 23 23:59:59 2023 GMT
        Subject: serialNumber=d137a3a94cce6f7c438aa6e11a2964d4391bb915b08d05da6463bf742905517f, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:a1:76:0a:24:40:80:15:b4:02:b0:18:d2:7e:
                    72:23:01:4a:73:f9:d3:78:86:14:56:8e:6d:0c:a2:
                    54:bc:39:6b:43:1e:d0:9c:54:b2:bc:1e:37:fd:8e:
                    80:58:47:53:f0:89:19:79:dd:b7:3c:a4:77:f8:60:
                    40:82:a2:e1:aa:f1:3d:76:63:80:6e:41:cd:0c:ff:
                    b4:be:82:c3:d5:72:e2:f6:a8:7f:3b:38:d9:52:9b:
                    5a:0c:d1:4a:43:6a:dc:5b:2f:5c:97:93:de:4f:01:
                    b4:7b:32:bc:e1:7f:3e:23:23:2f:a4:05:02:6e:91:
                    d9:57:45:b3:8b:54:93:a1:19:b8:f7:5e:3a:37:72:
                    45:f5:5d:24:e1:c8:1b:96:c9:31:78:27:f4:b5:08:
                    58:59:b1:26:78:5c:ff:7f:86:29:ff:3d:31:e3:57:
                    45:59:5a:da:7d:bd:e7:c5:20:ff:dd:71:59:ae:77:
                    67:37:ca:cc:0b:da:f3:27:a9:6f:87:5c:f6:8b:59:
                    a2:7b:3d:7a:dc:5c:b9:b3:6f:8b:ab:c0:7a:e2:61:
                    fc:0c:e9:cc:7b:f4:e3:02:cd:ae:a9:a9:2c:fe:a7:
                    ff:31:b7:b4:59:f4:de:a8:bf:12:ee:82:73:26:32:
                    63:76:e1:99:af:e2:3d:e6:a9:05:f5:e1:56:00:3b:
                    23:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:5E:DE:F2:FD:66:EC:D0:50:5F:DE:DC:84:03:2E:5D:A8:63:66:0E
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/455ffa2f-dc20-44ea-a819-1e1674db2dae.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:d4:bc:96:dc:bc:ba:31:05:ef:5a:f9:e0:82:64:2b:e4:6c:
         48:d9:b4:85:e5:d4:ed:99:d9:10:db:07:0c:29:66:e8:7d:05:
         9e:d7:fc:99:6b:5b:e7:0a:d1:a5:fc:2a:2b:bd:02:e1:42:31:
         da:60:0c:a6:70:f2:16:2a:b2:2b:01:6a:78:ef:7e:51:5e:ed:
         c8:33:5e:1e:0d:45:79:db:8e:37:56:69:90:12:2f:38:6f:40:
         b9:29:77:c3:41:07:b7:dd:2c:49:0e:b2:b8:4f:e8:7a:5a:aa:
         13:ec:2a:af:46:8d:d4:b5:c3:f9:8b:d8:10:dc:8b:37:6f:24:
         22:e4:bf:18:c7:8a:c1:b4:3e:59:a8:42:2b:d8:fb:6d:d5:02:
         33:02:2e:63:80:d1:61:11:d6:2e:ed:da:a3:6a:2f:ad:0a:79:
         2f:1b:b0:b3:b0:cf:10:26:43:98:fb:84:c2:94:c5:15:53:3f:
         96:14:ea:83:57:77:5e:a0:b0:b5:88:7b:1b:d1:d0:66:81:a2:
         f6:cf:5e:6a:3a:cb:71:62:4f:e7:7c:5e:35:f4:8b:bd:ce:fe:
         8d:60:99:d4:5d:03:71:06:fb:7e:5a:8f:03:33:c0:1d:57:65:
         8a:df:f5:8a:aa:98:9f:29:06:f0:15:76:a9:8c:72:b3:c4:2a:
         d4:56:1b:1c
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUIzjRE49OQFTWYabyoJjRnjCS89owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDIwMDAwMDAwWhcNMjMwNDIzMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZDEzN2EzYTk0Y2NlNmY3YzQzOGFhNmUxMWEyOTY0ZDQz
OTFiYjkxNWIwOGQwNWRhNjQ2M2JmNzQyOTA1NTE3ZjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMShdgokQIAVtAKwGNJ+ciMBSnP503iGFFaObQyiVLw5a0Me0JxU
srweN/2OgFhHU/CJGXndtzykd/hgQIKi4arxPXZjgG5BzQz/tL6Cw9Vy4vaofzs4
2VKbWgzRSkNq3FsvXJeT3k8BtHsyvOF/PiMjL6QFAm6R2VdFs4tUk6EZuPdeOjdy
RfVdJOHIG5bJMXgn9LUIWFmxJnhc/3+GKf89MeNXRVla2n2958Ug/91xWa53ZzfK
zAva8yepb4dc9otZons9etxcubNvi6vAeuJh/AzpzHv04wLNrqmpLP6n/zG3tFn0
3qi/Eu6CcyYyY3bhma/iPeapBfXhVgA7IwECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRkXt7y/Wbs0FBf3tyEAy5dqGNmDjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNDU1ZmZhMmYtZGMyMC00NGVhLWE4MTktMWUxNjc0ZGIyZGFlLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJTUvJbcvLoxBe9a
+eCCZCvkbEjZtIXl1O2Z2RDbBwwpZuh9BZ7X/JlrW+cK0aX8Kiu9AuFCMdpgDKZw
8hYqsisBanjvflFe7cgzXh4NRXnbjjdWaZASLzhvQLkpd8NBB7fdLEkOsrhP6Hpa
qhPsKq9GjdS1w/mL2BDcizdvJCLkvxjHisG0PlmoQivY+23VAjMCLmOA0WER1i7t
2qNqL60KeS8bsLOwzxAmQ5j7hMKUxRVTP5YU6oNXd16gsLWIexvR0GaBovbPXmo6
y3FiT+d8XjX0i73O/o1gmdRdA3EG+35ajwMzwB1XZYrf9YqqmJ8pBvAVdqmMcrPE
KtRWGxw=
-----END CERTIFICATE-----