Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/58a532fa-082c-4799-a3de-f5ec26ff664e.roa
File:                     58a532fa-082c-4799-a3de-f5ec26ff664e.roa (raw, json)
Hash identifier:          i8jYu3myvQl3PgyTIaRj6cwPi+awTz4iz/AwuDI9sXw=
Subject key identifier:   38:6C:5D:E0:7F:93:61:73:EE:72:F8:8E:37:65:29:90:63:98:E3:78
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       4DDDC8A739F6253941A70074BEEF8F8B622EC680
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/58a532fa-082c-4799-a3de-f5ec26ff664e.roa
Signing time:             Wed 08 Feb 2023 00:00:00 +0000
ROA not before:           Wed 08 Feb 2023 00:00:00 +0000
ROA not after:            Sat 11 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:dd:c8:a7:39:f6:25:39:41:a7:00:74:be:ef:8f:8b:62:2e:c6:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb  8 00:00:00 2023 GMT
            Not After : Feb 11 23:59:59 2023 GMT
        Subject: serialNumber=c582114f93591da99ad269155bcac9f6af9fa385ec8d325305dce0c4ebb1dfd2, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:6d:94:de:39:ea:1b:17:60:e4:45:08:36:15:
                    5e:17:f2:26:92:97:cc:34:5c:94:6e:ec:32:b1:eb:
                    d9:c0:64:08:05:e0:b0:f4:90:36:94:37:9e:ff:2b:
                    c0:e7:ff:77:d0:47:26:5a:f6:1e:34:0e:49:19:32:
                    9a:bb:e5:02:e3:13:6c:c4:c3:75:5f:0d:f5:ce:8f:
                    3a:2c:93:e4:5a:60:d7:b5:83:ac:18:99:ed:a1:6e:
                    16:23:fc:3f:06:70:82:67:fe:a2:89:cf:fd:4a:9b:
                    b2:4c:28:07:21:b7:e0:5f:10:82:02:26:c5:4b:58:
                    68:b6:2a:74:6c:0a:fb:04:fa:c7:fe:38:2f:58:84:
                    a2:c0:74:1d:05:0b:84:75:b9:f0:d1:d2:4c:27:1b:
                    08:6c:f2:2a:e2:60:ec:50:3d:0c:97:ba:e7:68:cc:
                    b2:05:91:43:ca:db:04:74:48:fc:4d:86:b1:8a:1c:
                    49:b8:c3:a4:2e:ab:2c:a9:7c:67:26:99:60:52:42:
                    3e:67:c8:18:16:6a:1c:b2:70:63:f1:33:97:ba:a0:
                    92:f4:f3:ef:60:07:39:fa:b4:1d:2f:0e:b4:6a:24:
                    4a:88:28:17:ea:60:d1:eb:ec:ff:8e:c1:d8:83:31:
                    f1:5e:d9:5e:bd:05:ab:6b:eb:fd:d9:cb:0b:a9:11:
                    7d:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:6C:5D:E0:7F:93:61:73:EE:72:F8:8E:37:65:29:90:63:98:E3:78
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/58a532fa-082c-4799-a3de-f5ec26ff664e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:4d:f8:01:53:1a:86:6f:67:3e:78:36:71:59:f1:2e:b1:17:
         ce:51:58:2a:52:fe:52:0e:74:8e:63:75:1b:31:52:5f:b8:0f:
         0f:82:d9:94:89:81:ff:f4:53:84:94:27:ae:87:15:9e:2b:80:
         15:24:a1:36:7a:a8:87:56:0e:b4:ba:a9:d4:82:db:99:e3:d0:
         fc:3e:83:66:df:5c:bf:d4:ac:59:50:82:ef:4f:64:4f:81:3a:
         e6:fc:11:41:be:bb:f7:a9:ce:00:d3:a4:34:bc:03:93:fc:1a:
         d9:3a:b1:15:79:5b:3e:bc:7b:92:6c:69:92:b3:a4:82:8d:77:
         24:7c:51:aa:ed:59:ff:86:28:ee:d4:2b:df:30:2d:72:1a:79:
         93:a5:c0:4b:5c:21:86:3a:33:04:d3:e1:c9:85:70:87:bc:b4:
         ae:dd:21:fe:67:9d:d5:e3:c0:97:8c:84:d2:ae:fb:81:53:cf:
         5c:98:87:91:d5:99:26:96:98:31:6d:6c:1e:e6:34:10:fd:89:
         e4:62:39:67:ad:52:e8:11:b3:b8:ea:97:1e:5a:63:f1:01:6b:
         55:3b:fd:52:f6:35:a0:55:47:42:49:8f:11:57:9e:02:db:e8:
         63:8d:e8:c9:8d:58:7e:5a:0b:4e:02:0f:87:5e:9b:88:c1:33:
         ce:ed:d5:f9
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUTd3Ipzn2JTlBpwB0vu+Pi2IuxoAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjA4MDAwMDAwWhcNMjMwMjExMjM1OTU5
WjCBpTFJMEcGA1UEBRNAYzU4MjExNGY5MzU5MWRhOTlhZDI2OTE1NWJjYWM5ZjZh
ZjlmYTM4NWVjOGQzMjUzMDVkY2UwYzRlYmIxZGZkMjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMhtlN456hsXYORFCDYVXhfyJpKXzDRclG7sMrHr2cBkCAXgsPSQ
NpQ3nv8rwOf/d9BHJlr2HjQOSRkymrvlAuMTbMTDdV8N9c6POiyT5Fpg17WDrBiZ
7aFuFiP8PwZwgmf+oonP/UqbskwoByG34F8QggImxUtYaLYqdGwK+wT6x/44L1iE
osB0HQULhHW58NHSTCcbCGzyKuJg7FA9DJe652jMsgWRQ8rbBHRI/E2GsYocSbjD
pC6rLKl8ZyaZYFJCPmfIGBZqHLJwY/Ezl7qgkvTz72AHOfq0HS8OtGokSogoF+pg
0evs/47B2IMx8V7ZXr0Fq2vr/dnLC6kRfecCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQ4bF3gf5Nhc+5y+I43ZSmQY5jjeDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNThhNTMyZmEtMDgyYy00Nzk5LWEzZGUtZjVlYzI2ZmY2NjRlLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGBN+AFTGoZvZz54
NnFZ8S6xF85RWCpS/lIOdI5jdRsxUl+4Dw+C2ZSJgf/0U4SUJ66HFZ4rgBUkoTZ6
qIdWDrS6qdSC25nj0Pw+g2bfXL/UrFlQgu9PZE+BOub8EUG+u/epzgDTpDS8A5P8
Gtk6sRV5Wz68e5JsaZKzpIKNdyR8UartWf+GKO7UK98wLXIaeZOlwEtcIYY6MwTT
4cmFcIe8tK7dIf5nndXjwJeMhNKu+4FTz1yYh5HVmSaWmDFtbB7mNBD9ieRiOWet
UugRs7jqlx5aY/EBa1U7/VL2NaBVR0JJjxFXngLb6GON6MmNWH5aC04CD4dem4jB
M87t1fk=
-----END CERTIFICATE-----