Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/528ecb71-f18d-451a-a489-1a8165d26f9c.roa
File:                     528ecb71-f18d-451a-a489-1a8165d26f9c.roa (raw, json)
Hash identifier:          71FZMH0Ojm895zq6zbB+sGrCtESpXFh24NUlgIIRI3M=
Subject key identifier:   C4:59:4D:FD:BD:47:68:5C:A1:A4:84:3A:4C:03:9D:87:CF:9E:EB:70
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       5F05A9FC69FF4E114D6B7F8F856E27F55BD4E378
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/528ecb71-f18d-451a-a489-1a8165d26f9c.roa
Signing time:             Thu 30 Mar 2023 00:00:00 +0000
ROA not before:           Thu 30 Mar 2023 00:00:00 +0000
ROA not after:            Sun 02 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:05:a9:fc:69:ff:4e:11:4d:6b:7f:8f:85:6e:27:f5:5b:d4:e3:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 30 00:00:00 2023 GMT
            Not After : Apr  2 23:59:59 2023 GMT
        Subject: serialNumber=2c5f2b8de1721cd3b36467cc148b6923330a61c31b7d99f746e6b663180eefa3, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:7d:ae:51:4b:d1:01:36:c1:b2:3a:ae:06:48:
                    6f:43:6d:de:40:61:56:0f:f8:d9:7e:37:30:51:19:
                    e1:db:55:dd:ad:b6:7a:69:fd:87:6c:71:bd:3e:34:
                    80:62:72:af:86:6b:fb:8d:67:1b:78:0d:fd:26:75:
                    86:c8:f0:ca:6e:a4:35:0c:ce:30:f6:f7:3c:68:0e:
                    fd:b5:55:8f:50:da:b4:3e:73:8e:e9:1a:20:05:c1:
                    5a:7a:57:26:fe:75:a9:84:86:27:d6:9d:e9:ba:b5:
                    64:e6:a8:a1:9a:38:41:59:b6:6c:fa:f5:02:ef:19:
                    c6:c8:52:bb:8e:57:d1:26:e1:b2:fd:a5:84:f0:63:
                    8a:74:6d:18:3b:cb:c4:11:fc:0a:9d:8e:fa:20:9f:
                    71:98:82:95:cc:37:c9:47:7e:a5:e3:5e:74:e2:1c:
                    c1:7e:3b:81:c8:5d:57:91:cc:89:e3:90:1b:67:e2:
                    42:a4:95:45:b1:fd:c6:a0:fa:9f:46:c6:39:a8:81:
                    0c:a4:a4:f0:f5:b8:35:48:bb:9d:1e:87:ac:83:18:
                    d7:e2:4b:be:58:16:81:a8:62:93:5c:87:dc:38:71:
                    f4:ea:45:2b:d9:01:1f:1a:67:d0:b1:97:44:55:3c:
                    19:1f:63:51:75:83:fe:37:a7:31:c8:cb:0e:6f:43:
                    74:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:59:4D:FD:BD:47:68:5C:A1:A4:84:3A:4C:03:9D:87:CF:9E:EB:70
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/528ecb71-f18d-451a-a489-1a8165d26f9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:b1:22:73:9e:b7:a2:a1:71:77:e2:fb:05:77:88:34:82:76:
         36:14:4d:6c:59:3f:1d:c8:2f:db:e3:9d:03:de:06:57:55:bf:
         f7:b6:2a:7c:76:d6:08:f6:37:b7:fb:c1:17:27:ae:26:da:a1:
         4c:e1:77:e4:05:32:ab:9c:c1:d9:9a:cd:d6:9d:d9:08:c9:3e:
         40:28:c3:15:97:f8:1c:9a:c7:ad:ab:70:33:fb:4b:1f:c8:08:
         ef:4f:bc:bf:41:61:bc:b6:6f:11:11:64:fb:6e:f4:7a:68:7e:
         58:4b:d6:79:13:f2:5a:53:99:56:c7:be:e5:88:18:d6:7a:b1:
         86:f3:cd:a8:fe:29:77:c2:33:b1:29:2f:89:c8:67:f0:88:48:
         e4:63:10:8e:12:a9:12:7e:9d:5a:be:bb:b9:67:08:17:ef:bf:
         40:d4:49:b1:e8:0b:a9:b7:6a:58:90:b3:f2:5e:ce:58:06:d5:
         ab:69:5c:e0:0d:d1:fa:13:dd:30:3e:94:cd:79:93:5d:00:a0:
         c7:90:51:09:87:1e:4d:eb:54:26:10:74:98:f4:e2:d3:51:20:
         3c:d8:09:f1:db:86:76:1c:c9:5a:fd:6f:56:88:71:c7:cd:6d:
         fe:e9:49:68:3e:91:8e:43:6e:39:29:ca:b6:15:c0:f8:18:98:
         46:06:56:64
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUXwWp/Gn/ThFNa3+PhW4n9VvU43gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzMwMDAwMDAwWhcNMjMwNDAyMjM1OTU5
WjCBpTFJMEcGA1UEBRNAMmM1ZjJiOGRlMTcyMWNkM2IzNjQ2N2NjMTQ4YjY5MjMz
MzBhNjFjMzFiN2Q5OWY3NDZlNmI2NjMxODBlZWZhMzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANZ9rlFL0QE2wbI6rgZIb0Nt3kBhVg/42X43MFEZ4dtV3a22emn9
h2xxvT40gGJyr4Zr+41nG3gN/SZ1hsjwym6kNQzOMPb3PGgO/bVVj1DatD5zjuka
IAXBWnpXJv51qYSGJ9ad6bq1ZOaooZo4QVm2bPr1Au8ZxshSu45X0Sbhsv2lhPBj
inRtGDvLxBH8Cp2O+iCfcZiClcw3yUd+peNedOIcwX47gchdV5HMieOQG2fiQqSV
RbH9xqD6n0bGOaiBDKSk8PW4NUi7nR6HrIMY1+JLvlgWgahik1yH3Dhx9OpFK9kB
Hxpn0LGXRFU8GR9jUXWD/jenMcjLDm9DdPUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTEWU39vUdoXKGkhDpMA52Hz57rcDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNTI4ZWNiNzEtZjE4ZC00NTFhLWE0ODktMWE4MTY1ZDI2ZjljLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAK+xInOet6KhcXfi
+wV3iDSCdjYUTWxZPx3IL9vjnQPeBldVv/e2Knx21gj2N7f7wRcnribaoUzhd+QF
Mqucwdmazdad2QjJPkAowxWX+Byax62rcDP7Sx/ICO9PvL9BYby2bxERZPtu9Hpo
flhL1nkT8lpTmVbHvuWIGNZ6sYbzzaj+KXfCM7EpL4nIZ/CISORjEI4SqRJ+nVq+
u7lnCBfvv0DUSbHoC6m3aliQs/JezlgG1atpXOAN0foT3TA+lM15k10AoMeQUQmH
Hk3rVCYQdJj04tNRIDzYCfHbhnYcyVr9b1aIccfNbf7pSWg+kY5DbjkpyrYVwPgY
mEYGVmQ=
-----END CERTIFICATE-----