Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/526d1d83-81a2-42b0-aa82-502e007ae7bd.roa
File:                     526d1d83-81a2-42b0-aa82-502e007ae7bd.roa (raw, json)
Hash identifier:          1XwR0ejY+FPQh7C5gW1RafB0q8U40ABvW0CzmZyWDuo=
Subject key identifier:   CA:D8:B6:07:C9:41:C8:62:42:F7:D7:39:32:7B:E6:C7:E1:A4:7F:4B
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       057FF5BBDB42E442DA25D60ADBF62CDD7B4E8171
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/526d1d83-81a2-42b0-aa82-502e007ae7bd.roa
Signing time:             Fri 21 Apr 2023 00:00:00 +0000
ROA not before:           Fri 21 Apr 2023 00:00:00 +0000
ROA not after:            Mon 24 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:7f:f5:bb:db:42:e4:42:da:25:d6:0a:db:f6:2c:dd:7b:4e:81:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 21 00:00:00 2023 GMT
            Not After : Apr 24 23:59:59 2023 GMT
        Subject: serialNumber=d09d409f381d674206f578617808f8e2f81d005e3e6d55ba287c62b241e5a589, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:8e:44:27:84:33:1e:8a:dd:fb:92:d7:19:dc:
                    f2:c9:0f:bc:bb:9c:ad:cb:db:4d:d8:86:dc:15:97:
                    ce:6b:c0:8f:d6:53:ea:67:3e:9a:e2:27:34:36:98:
                    54:29:70:e3:89:76:6c:3e:c3:d2:5d:36:a6:3b:1e:
                    3a:0f:66:11:94:a1:bc:96:c1:57:0b:b8:c7:63:6f:
                    6f:ed:67:29:2f:31:3b:74:16:c6:bc:9d:50:6b:e2:
                    31:e1:ab:8a:e0:0d:91:6c:b7:71:41:6a:01:84:68:
                    97:a8:da:0b:75:dc:f9:eb:71:fb:fd:3e:52:16:f1:
                    6d:65:b9:2d:3e:2e:1f:f7:09:12:27:e0:ad:67:ff:
                    b0:aa:13:89:5b:be:e7:09:74:79:72:46:a1:63:1b:
                    50:71:13:19:cd:69:9d:b7:b3:8d:f0:34:7b:a1:6c:
                    7c:63:83:02:29:a5:1e:3a:1f:28:b0:c6:a5:d8:50:
                    36:45:da:d2:25:f4:2b:2d:cb:f2:7f:b9:82:7a:ed:
                    f8:bc:84:4d:44:8b:37:e3:f8:67:99:bd:cc:8e:05:
                    87:59:23:43:16:15:a6:4c:55:5a:a9:ef:3e:52:4d:
                    6e:43:7b:f3:16:81:de:94:50:ce:8f:40:55:8f:82:
                    a8:d5:3d:34:48:55:94:df:50:88:4c:76:a7:32:c2:
                    65:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:D8:B6:07:C9:41:C8:62:42:F7:D7:39:32:7B:E6:C7:E1:A4:7F:4B
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/526d1d83-81a2-42b0-aa82-502e007ae7bd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:40:29:09:33:f7:85:75:ca:4a:7e:0e:01:f8:25:ad:b6:27:
         d7:1b:24:53:df:27:91:ca:41:d5:e7:68:04:86:92:96:33:c0:
         23:09:62:c8:d3:eb:0d:2e:bf:8c:ac:e0:74:e4:6d:aa:94:0b:
         55:5e:cc:30:99:d6:a6:c5:57:12:56:8b:8d:c0:8d:66:b0:47:
         13:bc:84:20:25:5c:9a:a6:56:b5:81:2a:c1:22:84:41:ce:1b:
         78:96:79:95:d8:57:e5:87:23:cf:00:1d:30:07:69:85:81:c8:
         7c:a6:0f:b1:36:b9:ba:53:fc:1f:e8:8a:ae:7c:f9:a1:04:c2:
         01:94:34:d1:52:c3:71:b0:6a:a9:13:8b:ae:41:c4:1b:1f:61:
         7d:65:6b:b4:c5:f2:1e:3b:3f:66:71:64:30:04:fe:6a:d6:8a:
         5b:ad:8a:ac:e5:e3:23:58:19:60:46:89:1d:08:49:c0:e2:6e:
         0d:7c:a7:2c:dc:52:8b:bc:42:90:06:55:0b:35:ec:0c:7f:8e:
         64:35:c4:77:5c:44:ee:3e:11:21:90:e4:1c:0a:be:3e:7f:fb:
         95:36:7f:a8:aa:a6:68:e1:51:25:92:46:95:6d:cd:49:31:fa:
         49:2d:47:2d:46:f1:f2:da:9a:03:1d:cf:a6:bf:a8:30:59:a2:
         b9:e7:48:27
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUBX/1u9tC5ELaJdYK2/Ys3XtOgXEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDIxMDAwMDAwWhcNMjMwNDI0MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZDA5ZDQwOWYzODFkNjc0MjA2ZjU3ODYxNzgwOGY4ZTJm
ODFkMDA1ZTNlNmQ1NWJhMjg3YzYyYjI0MWU1YTU4OTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAI+ORCeEMx6K3fuS1xnc8skPvLucrcvbTdiG3BWXzmvAj9ZT6mc+
muInNDaYVClw44l2bD7D0l02pjseOg9mEZShvJbBVwu4x2Nvb+1nKS8xO3QWxryd
UGviMeGriuANkWy3cUFqAYRol6jaC3Xc+etx+/0+UhbxbWW5LT4uH/cJEifgrWf/
sKoTiVu+5wl0eXJGoWMbUHETGc1pnbezjfA0e6FsfGODAimlHjofKLDGpdhQNkXa
0iX0Ky3L8n+5gnrt+LyETUSLN+P4Z5m9zI4Fh1kjQxYVpkxVWqnvPlJNbkN78xaB
3pRQzo9AVY+CqNU9NEhVlN9QiEx2pzLCZdUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTK2LYHyUHIYkL31zkye+bH4aR/SzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNTI2ZDFkODMtODFhMi00MmIwLWFhODItNTAyZTAwN2FlN2JkLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACFAKQkz94V1ykp+
DgH4Ja22J9cbJFPfJ5HKQdXnaASGkpYzwCMJYsjT6w0uv4ys4HTkbaqUC1VezDCZ
1qbFVxJWi43AjWawRxO8hCAlXJqmVrWBKsEihEHOG3iWeZXYV+WHI88AHTAHaYWB
yHymD7E2ubpT/B/oiq58+aEEwgGUNNFSw3GwaqkTi65BxBsfYX1la7TF8h47P2Zx
ZDAE/mrWilutiqzl4yNYGWBGiR0IScDibg18pyzcUou8QpAGVQs17Ax/jmQ1xHdc
RO4+ESGQ5BwKvj5/+5U2f6iqpmjhUSWSRpVtzUkx+kktRy1G8fLamgMdz6a/qDBZ
ornnSCc=
-----END CERTIFICATE-----