Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/50b992fc-ea8a-42d2-8144-4dc414dcc2b6.roa
File:                     50b992fc-ea8a-42d2-8144-4dc414dcc2b6.roa (raw, json)
Hash identifier:          vH/BlLurPehbp00V5QDXjprAuuCzNq4E1MQMpeK4PY0=
Subject key identifier:   35:BA:36:36:0A:6C:05:B7:E5:B1:A8:5C:46:C4:3F:C5:C4:42:86:B6
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       22C77F2845F9219457CCE41E28B3294F21288FEA
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/50b992fc-ea8a-42d2-8144-4dc414dcc2b6.roa
Signing time:             Tue 11 Apr 2023 00:00:00 +0000
ROA not before:           Tue 11 Apr 2023 00:00:00 +0000
ROA not after:            Fri 14 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:c7:7f:28:45:f9:21:94:57:cc:e4:1e:28:b3:29:4f:21:28:8f:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 11 00:00:00 2023 GMT
            Not After : Apr 14 23:59:59 2023 GMT
        Subject: serialNumber=9c4ad107c98088e7f5bcf517a973264454f949aa9e1cda5c618973ebad21e546, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:8c:79:48:2e:31:50:d1:ee:19:2d:24:a5:4d:
                    81:fa:2f:23:31:ed:8f:c9:c3:89:55:76:0e:bf:18:
                    e7:75:39:22:2b:84:4a:91:c3:64:db:3c:6c:fc:f8:
                    ca:5a:98:d6:ef:49:45:41:22:1f:fb:d6:94:f2:40:
                    6e:08:9e:bb:8d:92:ea:cf:92:aa:c8:b7:9a:14:82:
                    48:69:e1:fa:87:bb:82:2c:3f:4a:a2:cb:ea:19:64:
                    33:51:7e:be:c8:5e:a0:ff:e0:6e:0a:9f:c5:36:19:
                    fc:97:90:8f:e8:8a:bf:e4:80:45:53:fa:d3:a4:30:
                    ef:53:42:86:df:31:e3:24:00:a6:11:4d:b5:26:4a:
                    0e:0a:e9:22:3b:0b:90:20:80:9b:ad:50:57:64:f7:
                    03:2f:69:e0:79:d3:31:e8:90:0e:33:cf:14:8d:8f:
                    70:b9:bb:94:81:29:eb:0b:46:ba:ad:72:13:13:ba:
                    9f:c1:80:5c:ec:9e:2b:ad:6b:ae:df:0d:27:35:b1:
                    73:2f:31:4e:72:b4:2a:a2:c7:97:96:75:89:55:cd:
                    ca:25:4a:5e:dd:c3:48:49:6f:79:24:85:7a:2b:82:
                    93:c5:17:ab:65:1c:35:c8:cd:ad:69:76:e8:34:25:
                    eb:eb:85:2a:a6:dd:d9:89:19:7d:cb:0d:39:bd:8c:
                    83:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:BA:36:36:0A:6C:05:B7:E5:B1:A8:5C:46:C4:3F:C5:C4:42:86:B6
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/50b992fc-ea8a-42d2-8144-4dc414dcc2b6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:ab:5b:db:d3:40:fa:5c:b6:5f:91:78:ef:cf:4c:7b:91:ca:
         36:d3:36:f1:71:3f:da:b5:52:69:7e:67:a6:11:2a:f7:9c:62:
         11:4e:3e:d3:03:a3:83:f7:cd:56:9c:35:39:5d:bf:d7:b0:98:
         e4:ee:4f:e8:e3:5f:d7:f9:cb:3a:50:6b:d3:3b:d1:b7:f2:0f:
         f0:4b:6e:79:00:d5:e8:29:e3:a6:3f:a9:19:29:25:73:b8:81:
         e5:e7:89:2c:75:48:db:de:07:b5:fd:45:c7:15:c6:e8:85:c8:
         f7:9a:da:a9:63:37:d5:a2:22:e0:13:3e:8a:c0:a0:46:25:34:
         10:9b:a5:06:ac:25:37:83:6b:90:6f:85:15:4a:bd:a9:0b:c3:
         94:e2:a4:10:47:f5:8a:57:3f:0d:41:dd:d9:21:5c:9d:00:93:
         34:5e:5f:96:a3:7e:c4:0f:b1:79:61:67:e7:d0:7f:2e:52:fc:
         1f:7c:f2:e9:55:7f:f4:7c:e9:4f:47:21:40:7b:dc:a7:9f:b7:
         74:2a:2c:48:6f:e5:8d:44:cc:72:00:33:a0:c4:91:84:3c:12:
         99:35:d9:ef:a2:f1:50:a1:7f:fb:3e:0b:b2:d3:27:d9:1b:df:
         ab:df:f2:01:f7:f4:80:c3:39:a9:83:7e:1d:10:67:cc:35:e6:
         91:9a:2d:ab
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUIsd/KEX5IZRXzOQeKLMpTyEoj+owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDExMDAwMDAwWhcNMjMwNDE0MjM1OTU5
WjCBpTFJMEcGA1UEBRNAOWM0YWQxMDdjOTgwODhlN2Y1YmNmNTE3YTk3MzI2NDQ1
NGY5NDlhYTllMWNkYTVjNjE4OTczZWJhZDIxZTU0NjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMyMeUguMVDR7hktJKVNgfovIzHtj8nDiVV2Dr8Y53U5IiuESpHD
ZNs8bPz4ylqY1u9JRUEiH/vWlPJAbgieu42S6s+Sqsi3mhSCSGnh+oe7giw/SqLL
6hlkM1F+vsheoP/gbgqfxTYZ/JeQj+iKv+SARVP606Qw71NCht8x4yQAphFNtSZK
DgrpIjsLkCCAm61QV2T3Ay9p4HnTMeiQDjPPFI2PcLm7lIEp6wtGuq1yExO6n8GA
XOyeK61rrt8NJzWxcy8xTnK0KqLHl5Z1iVXNyiVKXt3DSElveSSFeiuCk8UXq2Uc
NcjNrWl26DQl6+uFKqbd2YkZfcsNOb2Mg10CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQ1ujY2CmwFt+WxqFxGxD/FxEKGtjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNTBiOTkyZmMtZWE4YS00MmQyLTgxNDQtNGRjNDE0ZGNjMmI2LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALWrW9vTQPpctl+R
eO/PTHuRyjbTNvFxP9q1Uml+Z6YRKvecYhFOPtMDo4P3zVacNTldv9ewmOTuT+jj
X9f5yzpQa9M70bfyD/BLbnkA1egp46Y/qRkpJXO4geXniSx1SNveB7X9RccVxuiF
yPea2qljN9WiIuATPorAoEYlNBCbpQasJTeDa5BvhRVKvakLw5TipBBH9YpXPw1B
3dkhXJ0AkzReX5ajfsQPsXlhZ+fQfy5S/B988ulVf/R86U9HIUB73Keft3QqLEhv
5Y1EzHIAM6DEkYQ8Epk12e+i8VChf/s+C7LTJ9kb36vf8gH39IDDOamDfh0QZ8w1
5pGaLas=
-----END CERTIFICATE-----