Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/55b078a5-b9b7-46da-aeb3-88a86d7452ea.roa
File:                     55b078a5-b9b7-46da-aeb3-88a86d7452ea.roa (raw, json)
Hash identifier:          /hUWJd/eNHEDU1NA9v+dLMAr0/+XA9tUyHlgwuJ1S5U=
Subject key identifier:   A2:5D:3E:43:83:8C:8D:80:6D:53:2C:FD:2D:00:42:5B:4E:0D:1A:97
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       60C53DF86D9EAA44B000673B9C53DDAD6E0805D6
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/55b078a5-b9b7-46da-aeb3-88a86d7452ea.roa
Signing time:             Sat 11 Mar 2023 00:00:00 +0000
ROA not before:           Sat 11 Mar 2023 00:00:00 +0000
ROA not after:            Tue 14 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:c5:3d:f8:6d:9e:aa:44:b0:00:67:3b:9c:53:dd:ad:6e:08:05:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 11 00:00:00 2023 GMT
            Not After : Mar 14 23:59:59 2023 GMT
        Subject: serialNumber=4005f498d9de1c0eeb8dc8f2c6d1bc1433d6692c71d07c583ce3885887b40807, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:6b:fd:07:b9:6d:bf:eb:a0:3b:91:63:36:11:
                    c8:8e:08:f2:45:57:97:c9:9d:10:13:4e:90:39:62:
                    80:d5:68:f9:b4:75:e6:41:3b:5a:b1:b0:a0:a0:b2:
                    f6:ca:69:16:c3:a9:c6:11:6a:b3:2a:32:47:d3:3e:
                    1b:43:1c:89:96:b0:4a:ce:ee:df:7c:4e:80:6b:c0:
                    c6:1c:7a:2b:44:6a:29:49:63:64:fd:f0:27:f0:e1:
                    34:f8:f4:8d:22:3e:b5:ee:e6:8d:bc:4f:8d:47:9a:
                    2b:3d:1f:54:c3:f8:06:1e:3d:3f:9f:70:b2:87:cb:
                    d8:8c:5f:f2:f8:3e:a1:e7:6f:3d:6c:6e:61:93:85:
                    94:78:39:98:fe:4e:67:f5:ba:dd:83:9c:54:e1:1c:
                    32:8f:b1:15:15:69:3f:08:94:5a:ff:7e:89:4f:bf:
                    b0:16:8f:f0:f7:31:9c:78:8d:bd:bc:1e:b8:d7:49:
                    50:f8:ad:be:b4:ed:ba:b0:fe:86:fe:c6:30:7c:61:
                    2f:4a:dc:35:9c:87:9e:9a:fa:98:5f:8a:1f:8a:85:
                    64:55:5f:55:6b:b3:dd:55:c3:09:00:e3:28:14:3b:
                    ed:44:1f:3d:52:2a:ea:c2:a8:9d:86:f0:19:83:d5:
                    de:45:88:7a:d3:d7:d3:6d:fb:ea:ed:f2:38:af:8d:
                    5f:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:5D:3E:43:83:8C:8D:80:6D:53:2C:FD:2D:00:42:5B:4E:0D:1A:97
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/55b078a5-b9b7-46da-aeb3-88a86d7452ea.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:65:c3:b9:4e:a0:17:84:26:c9:0c:9c:3e:7f:2d:5b:f5:5e:
         60:79:e8:ac:c2:6e:31:91:4c:23:ba:05:b8:10:95:3e:d8:03:
         a2:7e:6f:a0:b1:01:87:23:69:63:8e:a2:fb:a3:22:01:b2:34:
         52:b9:9a:3e:b4:55:fb:28:48:49:61:36:48:2c:86:bc:0d:81:
         a2:4c:bf:ed:a1:61:67:f3:d8:9c:f5:da:74:af:06:82:02:42:
         13:5e:ce:0b:42:86:36:ad:89:c8:7d:ec:24:64:5f:bc:1d:cb:
         9e:4b:34:dd:61:05:11:fc:98:61:ee:3c:f7:35:74:b2:9b:b0:
         ff:54:22:0f:82:00:e6:ec:14:a8:24:b2:df:5e:f0:6e:92:e3:
         01:16:54:1f:7e:d0:55:16:c4:45:23:c2:cd:3e:cd:ea:78:d0:
         bb:31:f4:81:a1:98:36:16:e6:fa:1e:bc:1d:4b:6f:14:10:de:
         22:e6:bf:0e:23:f2:15:26:7d:0f:e8:76:f8:e4:e7:02:94:2f:
         c0:c7:73:47:1c:a6:f8:a8:eb:30:c3:f8:49:37:75:67:06:8b:
         fe:5c:05:85:17:dd:39:76:1a:b7:6f:4b:0a:53:b0:85:46:c9:
         da:be:84:36:a1:44:35:4f:65:04:e2:b0:38:74:a4:97:ad:9b:
         af:55:46:e1
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUYMU9+G2eqkSwAGc7nFPdrW4IBdYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzExMDAwMDAwWhcNMjMwMzE0MjM1OTU5
WjCBpTFJMEcGA1UEBRNANDAwNWY0OThkOWRlMWMwZWViOGRjOGYyYzZkMWJjMTQz
M2Q2NjkyYzcxZDA3YzU4M2NlMzg4NTg4N2I0MDgwNzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAPZr/Qe5bb/roDuRYzYRyI4I8kVXl8mdEBNOkDligNVo+bR15kE7
WrGwoKCy9sppFsOpxhFqsyoyR9M+G0MciZawSs7u33xOgGvAxhx6K0RqKUljZP3w
J/DhNPj0jSI+te7mjbxPjUeaKz0fVMP4Bh49P59wsofL2Ixf8vg+oedvPWxuYZOF
lHg5mP5OZ/W63YOcVOEcMo+xFRVpPwiUWv9+iU+/sBaP8PcxnHiNvbweuNdJUPit
vrTturD+hv7GMHxhL0rcNZyHnpr6mF+KH4qFZFVfVWuz3VXDCQDjKBQ77UQfPVIq
6sKonYbwGYPV3kWIetPX02376u3yOK+NXw0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSiXT5Dg4yNgG1TLP0tAEJbTg0alzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNTViMDc4YTUtYjliNy00NmRhLWFlYjMtODhhODZkNzQ1MmVhLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAChlw7lOoBeEJskM
nD5/LVv1XmB56KzCbjGRTCO6BbgQlT7YA6J+b6CxAYcjaWOOovujIgGyNFK5mj60
VfsoSElhNkgshrwNgaJMv+2hYWfz2Jz12nSvBoICQhNezgtChjatich97CRkX7wd
y55LNN1hBRH8mGHuPPc1dLKbsP9UIg+CAObsFKgkst9e8G6S4wEWVB9+0FUWxEUj
ws0+zep40Lsx9IGhmDYW5voevB1LbxQQ3iLmvw4j8hUmfQ/odvjk5wKUL8DHc0cc
pvio6zDD+Ek3dWcGi/5cBYUX3Tl2GrdvSwpTsIVGydq+hDahRDVPZQTisDh0pJet
m69VRuE=
-----END CERTIFICATE-----