Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/46ff7952-583a-401b-a320-e97c106e9c05.roa
File:                     46ff7952-583a-401b-a320-e97c106e9c05.roa (raw, json)
Hash identifier:          DGxQpx8QjMWVNY9g7qmd6tisKQ/l7u2Ed0HeOU7O9QQ=
Subject key identifier:   A4:A5:2C:CA:CA:20:B8:58:24:0D:46:75:8B:92:52:10:60:71:4D:B6
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       325D65E4AA2451EC5BE0DC34FACEB4672320BAF7
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/46ff7952-583a-401b-a320-e97c106e9c05.roa
Signing time:             Sat 29 Apr 2023 00:00:00 +0000
ROA not before:           Sat 29 Apr 2023 00:00:00 +0000
ROA not after:            Tue 02 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:5d:65:e4:aa:24:51:ec:5b:e0:dc:34:fa:ce:b4:67:23:20:ba:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 29 00:00:00 2023 GMT
            Not After : May  2 23:59:59 2023 GMT
        Subject: serialNumber=672d252fa32587ab1fdd91e5070f34c1596dadfa52e28b73be38e6787438b0b3, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:a1:58:57:92:e3:68:8b:a1:8e:8e:a6:f1:7b:
                    90:99:1f:8d:47:9c:74:e1:e2:46:c2:e2:81:fe:34:
                    74:5a:ba:2d:66:ac:bb:7d:66:ca:a8:b1:96:9b:26:
                    d1:7b:b6:63:f7:da:f6:a2:00:e7:1f:fa:7d:41:08:
                    ce:5a:d3:c9:51:98:27:c8:b7:85:44:22:08:42:78:
                    7b:aa:c9:4a:f3:d0:33:86:5c:32:8d:77:8b:32:af:
                    f6:05:f9:e1:96:c2:5b:c0:11:28:e5:cc:62:f9:33:
                    80:a4:1f:4f:4e:4a:1a:6f:de:42:c5:f0:30:4a:34:
                    19:d8:91:c4:a1:7b:29:11:13:91:78:83:1a:f9:92:
                    7c:17:d3:e4:87:35:a7:2a:03:03:67:a0:55:e1:fe:
                    e9:45:6d:b2:0c:bf:1d:69:90:b6:a9:04:f8:d8:b6:
                    70:d9:1c:b2:a3:e5:72:59:2f:22:dc:e7:58:40:75:
                    1a:ab:d4:13:06:93:a6:43:b4:d5:ec:ec:75:72:1d:
                    82:ea:bf:f5:ad:e9:32:07:e3:56:b5:67:3d:73:55:
                    9d:04:dd:13:a9:2c:b2:5d:cc:78:6a:94:85:6c:43:
                    d1:f2:21:62:2c:1d:a8:07:6c:50:7d:71:3b:a8:ee:
                    e3:2f:d4:b8:72:49:84:3b:b3:f4:4f:3e:d6:3b:8a:
                    25:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:A5:2C:CA:CA:20:B8:58:24:0D:46:75:8B:92:52:10:60:71:4D:B6
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/46ff7952-583a-401b-a320-e97c106e9c05.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:d6:00:d8:08:8d:14:75:7e:6a:ae:c9:ae:92:ee:0d:b6:14:
         32:5b:c5:ba:7a:86:3b:f4:0a:ba:3f:d0:13:e1:7b:f5:c1:62:
         2a:17:86:3f:96:73:cb:c4:73:ec:6c:5d:78:3f:f2:f3:c5:24:
         db:16:06:1b:5d:04:90:e6:3c:f9:df:60:81:98:0e:c0:e9:d0:
         d2:e4:88:f7:e6:60:31:fd:93:59:5f:2e:f1:e6:2c:b0:b4:9b:
         b5:7d:19:19:55:61:7c:67:e7:71:89:03:ad:a5:d3:a4:b4:9c:
         ed:ac:f1:ef:84:06:b1:ca:43:fb:51:03:fd:30:a6:20:b0:f4:
         a3:0f:6b:2c:cd:fd:5b:5e:b1:5b:ee:6b:7f:bf:ed:f7:9f:5f:
         ee:c9:36:e0:fa:8b:ce:6f:06:8f:ec:5a:fc:14:a9:66:9f:c9:
         da:58:cb:61:46:cf:cc:34:9a:3e:d2:f9:e5:34:3c:b9:20:2c:
         fe:6a:d8:53:dc:3e:19:cc:b5:fc:34:26:ab:fb:3c:c5:9c:ad:
         2b:cc:b3:b6:14:62:5a:53:e0:19:ce:37:0e:ab:bf:13:1c:27:
         40:1d:84:55:63:29:0a:f6:9d:35:b3:8e:24:8c:2e:8c:ab:8b:
         38:6f:0d:59:e0:e7:50:27:71:f4:ee:15:83:99:00:be:fc:f8:
         6e:9a:45:02
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUMl1l5KokUexb4Nw0+s60ZyMguvcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDI5MDAwMDAwWhcNMjMwNTAyMjM1OTU5
WjCBpTFJMEcGA1UEBRNANjcyZDI1MmZhMzI1ODdhYjFmZGQ5MWU1MDcwZjM0YzE1
OTZkYWRmYTUyZTI4YjczYmUzOGU2Nzg3NDM4YjBiMzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANKhWFeS42iLoY6OpvF7kJkfjUecdOHiRsLigf40dFq6LWasu31m
yqixlpsm0Xu2Y/fa9qIA5x/6fUEIzlrTyVGYJ8i3hUQiCEJ4e6rJSvPQM4ZcMo13
izKv9gX54ZbCW8ARKOXMYvkzgKQfT05KGm/eQsXwMEo0GdiRxKF7KRETkXiDGvmS
fBfT5Ic1pyoDA2egVeH+6UVtsgy/HWmQtqkE+Ni2cNkcsqPlclkvItznWEB1GqvU
EwaTpkO01ezsdXIdguq/9a3pMgfjVrVnPXNVnQTdE6kssl3MeGqUhWxD0fIhYiwd
qAdsUH1xO6ju4y/UuHJJhDuz9E8+1juKJRkCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSkpSzKyiC4WCQNRnWLklIQYHFNtjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNDZmZjc5NTItNTgzYS00MDFiLWEzMjAtZTk3YzEwNmU5YzA1LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACTWANgIjRR1fmqu
ya6S7g22FDJbxbp6hjv0Cro/0BPhe/XBYioXhj+Wc8vEc+xsXXg/8vPFJNsWBhtd
BJDmPPnfYIGYDsDp0NLkiPfmYDH9k1lfLvHmLLC0m7V9GRlVYXxn53GJA62l06S0
nO2s8e+EBrHKQ/tRA/0wpiCw9KMPayzN/VtesVvua3+/7fefX+7JNuD6i85vBo/s
WvwUqWafydpYy2FGz8w0mj7S+eU0PLkgLP5q2FPcPhnMtfw0Jqv7PMWcrSvMs7YU
YlpT4BnONw6rvxMcJ0AdhFVjKQr2nTWzjiSMLoyrizhvDVng51AncfTuFYOZAL78
+G6aRQI=
-----END CERTIFICATE-----