Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/5e46c23b-3b43-4e8d-9ac0-ed11e972381e.roa
File:                     5e46c23b-3b43-4e8d-9ac0-ed11e972381e.roa (raw, json)
Hash identifier:          OMP9l94QavL5f2pBA68WGbfNDBS0buUY34uDPCRUNqw=
Subject key identifier:   CE:9B:66:0A:7E:67:57:DE:4C:8A:8E:44:ED:E7:CD:36:AE:CE:7C:3B
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       3348EFA8AE12B298BE180101121BAE98362F180C
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/5e46c23b-3b43-4e8d-9ac0-ed11e972381e.roa
Signing time:             Mon 13 Feb 2023 00:00:00 +0000
ROA not before:           Mon 13 Feb 2023 00:00:00 +0000
ROA not after:            Thu 16 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:48:ef:a8:ae:12:b2:98:be:18:01:01:12:1b:ae:98:36:2f:18:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 13 00:00:00 2023 GMT
            Not After : Feb 16 23:59:59 2023 GMT
        Subject: serialNumber=306b6fb6f0d3c831fec4c1b33960523665e3a98196e77d29024616ddc769d7d7, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:37:e6:cc:4b:7d:0c:6f:13:31:b3:4f:1b:65:
                    8a:e7:c6:46:8f:54:b4:28:5b:d4:58:02:0b:b8:cd:
                    30:4d:2d:31:9c:b6:f6:57:5a:fc:c0:48:60:e6:92:
                    b6:f3:64:59:57:99:70:11:05:f7:65:e4:02:1e:b4:
                    1b:88:0a:b1:a1:88:5b:ae:88:f6:e3:82:98:d5:4d:
                    77:04:1c:a3:32:b3:ad:7d:04:b0:40:5c:b4:8d:52:
                    eb:b2:06:40:b0:ec:32:da:73:6b:93:df:eb:a5:52:
                    85:ee:46:d6:06:f7:cd:a2:3d:fb:21:ae:a3:5a:b2:
                    df:47:f6:39:7c:2e:5c:a7:bb:e2:42:e2:b7:d0:fe:
                    63:e3:e8:ec:33:85:23:4c:7d:21:72:e7:89:5e:1a:
                    05:1d:f4:92:09:f0:cc:ec:df:cf:05:42:0e:32:66:
                    4c:69:a2:1a:4a:bf:34:23:89:25:ed:c8:77:b2:ba:
                    9d:8a:0e:27:3e:30:6d:12:6c:2a:57:c6:ab:0a:4a:
                    fa:68:54:4a:41:35:33:1b:c2:d0:d7:d3:49:54:d6:
                    24:b3:53:5d:cd:55:6e:61:e8:57:8f:78:6b:08:2d:
                    ea:46:8b:29:77:1d:8b:10:b7:2f:f1:5b:f1:67:0c:
                    5b:2c:75:db:d9:45:81:bf:a7:88:51:3c:b7:0d:e4:
                    2f:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:9B:66:0A:7E:67:57:DE:4C:8A:8E:44:ED:E7:CD:36:AE:CE:7C:3B
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/5e46c23b-3b43-4e8d-9ac0-ed11e972381e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:52:b0:dc:f2:d9:39:0c:70:27:b1:8e:cf:a8:f1:de:a5:2e:
         3c:2b:7b:b5:31:46:f3:5e:48:c0:6c:3e:b5:79:d5:7a:a5:dd:
         07:f6:3d:ec:21:74:d5:bb:97:20:cc:33:ad:e6:12:9b:43:b2:
         2b:1e:ab:60:49:29:f1:2b:67:64:55:95:6b:50:47:08:3a:04:
         58:98:eb:9d:11:f4:7c:c3:b3:20:fd:b8:a4:d1:f0:9e:1b:33:
         4e:03:cb:4b:ca:61:8d:73:1a:5d:df:c7:47:ba:7d:b2:67:fb:
         24:c2:e9:75:65:bb:cd:9b:85:2f:e0:6a:5d:45:93:f8:95:04:
         7d:46:15:0d:4d:73:5d:97:2a:d4:34:97:3d:03:bd:f7:08:f1:
         de:06:12:bb:46:7f:65:04:75:d3:e3:b9:f5:79:1e:6d:ea:8b:
         6e:94:64:b5:f4:33:df:e9:f9:de:74:58:7b:f1:3b:ab:9c:0c:
         02:71:f4:1f:43:ec:8a:b4:9b:e3:b3:3d:4f:0d:3f:0b:eb:aa:
         86:2f:b3:d8:3d:17:d0:af:ac:48:82:48:11:f8:51:12:be:cc:
         d2:ee:18:1b:78:88:09:a9:06:e0:00:db:cc:03:f6:2f:c7:45:
         20:46:c8:d8:81:01:95:2f:af:6e:bd:cf:71:99:82:30:11:61:
         12:0c:e2:82
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUM0jvqK4Sspi+GAEBEhuumDYvGAwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjEzMDAwMDAwWhcNMjMwMjE2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMzA2YjZmYjZmMGQzYzgzMWZlYzRjMWIzMzk2MDUyMzY2
NWUzYTk4MTk2ZTc3ZDI5MDI0NjE2ZGRjNzY5ZDdkNzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJ035sxLfQxvEzGzTxtliufGRo9UtChb1FgCC7jNME0tMZy29lda
/MBIYOaStvNkWVeZcBEF92XkAh60G4gKsaGIW66I9uOCmNVNdwQcozKzrX0EsEBc
tI1S67IGQLDsMtpza5Pf66VShe5G1gb3zaI9+yGuo1qy30f2OXwuXKe74kLit9D+
Y+Po7DOFI0x9IXLniV4aBR30kgnwzOzfzwVCDjJmTGmiGkq/NCOJJe3Id7K6nYoO
Jz4wbRJsKlfGqwpK+mhUSkE1MxvC0NfTSVTWJLNTXc1VbmHoV494awgt6kaLKXcd
ixC3L/Fb8WcMWyx129lFgb+niFE8tw3kL/MCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTOm2YKfmdX3kyKjkTt5802rs58OzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNWU0NmMyM2ItM2I0My00ZThkLTlhYzAtZWQxMWU5NzIzODFlLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAI1SsNzy2TkMcCex
js+o8d6lLjwre7UxRvNeSMBsPrV51Xql3Qf2PewhdNW7lyDMM63mEptDsiseq2BJ
KfErZ2RVlWtQRwg6BFiY650R9HzDsyD9uKTR8J4bM04Dy0vKYY1zGl3fx0e6fbJn
+yTC6XVlu82bhS/gal1Fk/iVBH1GFQ1Nc12XKtQ0lz0DvfcI8d4GErtGf2UEddPj
ufV5Hm3qi26UZLX0M9/p+d50WHvxO6ucDAJx9B9D7Iq0m+OzPU8NPwvrqoYvs9g9
F9CvrEiCSBH4URK+zNLuGBt4iAmpBuAA28wD9i/HRSBGyNiBAZUvr269z3GZgjAR
YRIM4oI=
-----END CERTIFICATE-----