Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4667fb32-931c-418e-b337-2a14ee7df4ff.roa
File:                     4667fb32-931c-418e-b337-2a14ee7df4ff.roa (raw, json)
Hash identifier:          5inMh94s64d/MK1LoBA3svvcifaAd8uWaVrk32QonEc=
Subject key identifier:   00:66:25:E4:FC:57:E7:B8:8D:2C:D9:1F:A4:92:CD:4B:25:8D:93:60
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       695DFB8EB5B7EEC8D2A69F88F3D9E68BFADEA6FB
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4667fb32-931c-418e-b337-2a14ee7df4ff.roa
Signing time:             Tue 06 Jun 2023 00:00:00 +0000
ROA not before:           Tue 06 Jun 2023 00:00:00 +0000
ROA not after:            Fri 09 Jun 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:5d:fb:8e:b5:b7:ee:c8:d2:a6:9f:88:f3:d9:e6:8b:fa:de:a6:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jun  6 00:00:00 2023 GMT
            Not After : Jun  9 23:59:59 2023 GMT
        Subject: serialNumber=fcc0c49f3cf53cea731539f1ef1fc1f3d10fd3149456e5dd1ff3a7f302d8df63, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:44:de:f4:3a:86:81:03:8d:63:41:02:86:a8:
                    f0:af:ee:0a:f0:42:94:de:ef:92:b2:65:8a:a0:3a:
                    c0:75:d9:f7:95:50:08:06:ba:6f:b6:22:23:44:00:
                    9a:f1:a3:3d:66:bd:11:24:0d:f1:87:70:8e:d5:b2:
                    d2:46:93:40:97:07:b6:42:6c:41:be:9c:93:1d:bf:
                    4f:4a:0a:4b:d5:19:89:21:c7:5e:96:a0:a6:2e:a3:
                    64:2f:a4:22:f5:e8:34:79:86:a9:46:ff:38:da:9b:
                    07:91:25:f7:4c:e0:d8:86:4b:5a:fb:39:70:36:4d:
                    ff:b6:0a:6c:4d:a3:c7:3d:39:f5:59:a4:43:98:42:
                    25:f4:9f:73:d9:28:50:13:fe:06:73:ef:fc:e0:d9:
                    7b:27:80:49:57:45:f9:c3:b2:47:d4:e4:70:97:7c:
                    88:84:ef:e3:b4:a3:c9:74:2e:4c:83:fa:e6:47:8d:
                    17:e6:7e:93:91:09:73:cf:0b:6b:4f:f0:41:49:c3:
                    c4:39:28:75:87:71:5e:4b:b9:00:03:96:47:39:70:
                    8d:a6:9d:c0:05:c3:a9:b9:e0:19:9d:1b:7e:b4:02:
                    55:0e:29:fb:01:1f:50:f5:6f:17:4b:2f:4e:cf:9d:
                    12:cb:65:32:e5:54:6b:7a:5d:a3:57:fc:40:ff:fb:
                    83:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:66:25:E4:FC:57:E7:B8:8D:2C:D9:1F:A4:92:CD:4B:25:8D:93:60
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4667fb32-931c-418e-b337-2a14ee7df4ff.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:80:a1:35:b8:05:b1:a0:9a:f1:c3:a8:c8:68:3c:0a:28:da:
         1b:6a:da:8c:eb:74:aa:45:6a:0a:f2:18:1e:e2:e6:3d:1f:03:
         8a:14:66:52:30:e9:4e:72:9e:2f:51:51:1a:01:93:fd:b5:06:
         8d:4d:e1:11:0e:ba:e7:9a:f7:06:63:76:81:04:ea:7c:ac:44:
         3b:17:58:23:ae:cc:d3:5e:c0:ba:14:32:f7:4b:2c:d2:fc:66:
         d4:7c:91:5f:48:95:43:ac:9f:a7:5d:e7:9c:8f:c0:8e:77:13:
         f6:13:82:57:61:9f:9f:3c:d3:9e:be:9d:12:b7:79:e2:a2:f1:
         c3:5e:c3:1f:d4:75:6b:c7:9f:90:71:d3:2f:50:ca:6e:f9:1c:
         a3:1a:75:4c:8e:17:d8:ef:77:ef:7e:83:29:5d:bf:58:ac:2d:
         e2:01:7d:5c:73:d5:47:ab:90:d7:e7:85:87:ae:f9:64:a7:80:
         f0:29:b9:21:9f:66:bc:3c:7e:82:8f:45:fc:59:a8:6d:e9:fa:
         1d:fa:c4:8b:de:8f:d8:80:10:59:aa:72:47:0d:82:c7:16:29:
         01:18:92:1c:f8:9e:4c:c3:90:e5:65:a6:b6:e4:25:37:8b:82:
         a1:37:b8:9b:70:97:45:7b:8c:45:d7:b2:9a:aa:88:e6:06:8f:
         1a:71:b8:d9
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUaV37jrW37sjSpp+I89nmi/repvswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNjA2MDAwMDAwWhcNMjMwNjA5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZmNjMGM0OWYzY2Y1M2NlYTczMTUzOWYxZWYxZmMxZjNk
MTBmZDMxNDk0NTZlNWRkMWZmM2E3ZjMwMmQ4ZGY2MzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAL1E3vQ6hoEDjWNBAoao8K/uCvBClN7vkrJliqA6wHXZ95VQCAa6
b7YiI0QAmvGjPWa9ESQN8YdwjtWy0kaTQJcHtkJsQb6ckx2/T0oKS9UZiSHHXpag
pi6jZC+kIvXoNHmGqUb/ONqbB5El90zg2IZLWvs5cDZN/7YKbE2jxz059VmkQ5hC
JfSfc9koUBP+BnPv/ODZeyeASVdF+cOyR9TkcJd8iITv47SjyXQuTIP65keNF+Z+
k5EJc88La0/wQUnDxDkodYdxXku5AAOWRzlwjaadwAXDqbngGZ0bfrQCVQ4p+wEf
UPVvF0svTs+dEstlMuVUa3pdo1f8QP/7g28CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQAZiXk/FfnuI0s2R+kks1LJY2TYDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNDY2N2ZiMzItOTMxYy00MThlLWIzMzctMmExNGVlN2RmNGZmLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFqAoTW4BbGgmvHD
qMhoPAoo2htq2ozrdKpFagryGB7i5j0fA4oUZlIw6U5yni9RURoBk/21Bo1N4REO
uuea9wZjdoEE6nysRDsXWCOuzNNewLoUMvdLLNL8ZtR8kV9IlUOsn6dd55yPwI53
E/YTgldhn588056+nRK3eeKi8cNewx/UdWvHn5Bx0y9Qym75HKMadUyOF9jvd+9+
gyldv1isLeIBfVxz1UerkNfnhYeu+WSngPApuSGfZrw8foKPRfxZqG3p+h36xIve
j9iAEFmqckcNgscWKQEYkhz4nkzDkOVlprbkJTeLgqE3uJtwl0V7jEXXspqqiOYG
jxpxuNk=
-----END CERTIFICATE-----