Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/50b8eb9b-f85e-4d8a-8a6b-ee5d41a51045.roa
File:                     50b8eb9b-f85e-4d8a-8a6b-ee5d41a51045.roa (raw, json)
Hash identifier:          OArWtKNYBIokR1/jUMFGY4XPfADR7uz9rqPjJWGvZi0=
Subject key identifier:   3F:F6:D1:EF:66:61:49:27:40:E8:F5:75:45:7E:3F:95:16:13:2A:7A
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       1A680BAA1B389AC4F75C30BDD9E72B208E390DC2
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/50b8eb9b-f85e-4d8a-8a6b-ee5d41a51045.roa
Signing time:             Sat 18 Mar 2023 00:00:00 +0000
ROA not before:           Sat 18 Mar 2023 00:00:00 +0000
ROA not after:            Tue 21 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:68:0b:aa:1b:38:9a:c4:f7:5c:30:bd:d9:e7:2b:20:8e:39:0d:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 18 00:00:00 2023 GMT
            Not After : Mar 21 23:59:59 2023 GMT
        Subject: serialNumber=ca87c574996db834bef7daae7bc00522654a35e90ffb1ab55d4ef13b45d16d4e, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:7a:67:09:41:2d:ab:bb:db:96:7d:38:5a:ed:
                    df:e2:78:70:87:db:08:47:6f:b2:65:95:6a:b0:91:
                    6e:06:59:11:95:fd:31:c8:3a:71:c4:b6:05:bd:14:
                    2f:89:03:34:92:b1:f8:cd:f8:94:a9:ca:de:c3:d1:
                    0f:46:e1:90:bb:fc:e0:b0:53:4e:3b:a4:a4:83:2c:
                    1e:61:da:6e:52:a1:b2:1c:cb:27:eb:d7:a2:65:97:
                    2a:1b:0f:04:e5:98:e2:47:cb:cb:9f:43:15:aa:c2:
                    b0:d1:2d:e9:b7:a2:bd:eb:c2:f3:de:52:e4:d3:e4:
                    e0:27:88:d4:69:66:61:a9:4e:19:85:fd:7f:ad:7c:
                    b3:2c:d0:02:53:4e:c2:53:18:e9:a4:e4:2f:50:3a:
                    1e:aa:d4:b7:42:b0:7a:d6:7a:74:af:ae:1d:27:ea:
                    7d:6f:98:75:fb:4b:29:f7:75:29:de:3b:dc:b3:4e:
                    a2:f8:9d:a1:18:4f:bd:fd:43:d6:59:f1:05:93:55:
                    ea:22:18:a5:21:f6:6e:2e:fb:4b:ad:31:72:97:8c:
                    07:c4:58:44:c4:b8:0a:e2:30:75:21:63:c3:9a:10:
                    59:39:5b:74:86:44:84:4d:24:1f:ae:62:d1:29:08:
                    29:cd:98:2c:d2:d1:91:e5:c6:1e:eb:5b:b3:ba:cd:
                    f8:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:F6:D1:EF:66:61:49:27:40:E8:F5:75:45:7E:3F:95:16:13:2A:7A
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/50b8eb9b-f85e-4d8a-8a6b-ee5d41a51045.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:1d:33:60:eb:17:92:00:36:60:b8:14:77:99:36:47:d9:9a:
         a4:84:b1:af:f0:c8:83:39:61:79:f0:66:4a:17:ef:09:1c:6d:
         9e:0e:09:01:19:da:2c:3e:a2:ea:5e:01:34:1f:31:1a:1b:25:
         99:45:84:f8:3e:ae:da:ae:7e:39:7c:66:27:42:c0:ce:7b:0b:
         29:b0:8e:82:a9:d6:70:ce:21:8d:bd:e5:be:e3:d3:63:2a:c7:
         b3:d2:9a:20:d2:0b:16:fe:a2:33:d8:5a:2e:06:8d:91:34:0b:
         fc:01:c1:a2:7e:e0:12:7f:f1:d3:8a:30:04:d9:2a:e5:bb:92:
         de:6e:24:2c:ad:9b:f1:45:37:85:2c:6b:71:c6:7d:a6:ab:94:
         11:53:5c:fb:e1:38:0d:57:bf:52:e8:80:21:f5:36:90:96:b8:
         83:70:19:7b:91:d0:f7:b8:a3:b2:01:aa:45:b1:41:15:77:ac:
         70:03:9e:7c:b4:d9:55:8b:5f:d6:8f:47:70:76:90:e9:ba:52:
         9c:72:f9:3f:97:7b:fa:01:77:70:b4:42:6d:39:18:96:f7:43:
         05:c1:83:0b:6e:f3:db:8a:62:57:81:c1:04:2c:8f:8c:16:78:
         40:b1:2e:80:92:4e:b7:0f:86:19:52:d8:78:05:07:b7:4c:c1:
         48:97:e7:e4
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUGmgLqhs4msT3XDC92ecrII45DcIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzE4MDAwMDAwWhcNMjMwMzIxMjM1OTU5
WjCBpTFJMEcGA1UEBRNAY2E4N2M1NzQ5OTZkYjgzNGJlZjdkYWFlN2JjMDA1MjI2
NTRhMzVlOTBmZmIxYWI1NWQ0ZWYxM2I0NWQxNmQ0ZTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMN6ZwlBLau725Z9OFrt3+J4cIfbCEdvsmWVarCRbgZZEZX9Mcg6
ccS2Bb0UL4kDNJKx+M34lKnK3sPRD0bhkLv84LBTTjukpIMsHmHablKhshzLJ+vX
omWXKhsPBOWY4kfLy59DFarCsNEt6beivevC895S5NPk4CeI1GlmYalOGYX9f618
syzQAlNOwlMY6aTkL1A6HqrUt0KwetZ6dK+uHSfqfW+YdftLKfd1Kd473LNOovid
oRhPvf1D1lnxBZNV6iIYpSH2bi77S60xcpeMB8RYRMS4CuIwdSFjw5oQWTlbdIZE
hE0kH65i0SkIKc2YLNLRkeXGHutbs7rN+JsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQ/9tHvZmFJJ0Do9XVFfj+VFhMqejAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNTBiOGViOWItZjg1ZS00ZDhhLThhNmItZWU1ZDQxYTUxMDQ1LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIcdM2DrF5IANmC4
FHeZNkfZmqSEsa/wyIM5YXnwZkoX7wkcbZ4OCQEZ2iw+oupeATQfMRobJZlFhPg+
rtqufjl8ZidCwM57CymwjoKp1nDOIY295b7j02Mqx7PSmiDSCxb+ojPYWi4GjZE0
C/wBwaJ+4BJ/8dOKMATZKuW7kt5uJCytm/FFN4Usa3HGfaarlBFTXPvhOA1Xv1Lo
gCH1NpCWuINwGXuR0Pe4o7IBqkWxQRV3rHADnny02VWLX9aPR3B2kOm6Upxy+T+X
e/oBd3C0Qm05GJb3QwXBgwtu89uKYleBwQQsj4wWeECxLoCSTrcPhhlS2HgFB7dM
wUiX5+Q=
-----END CERTIFICATE-----