Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/61e78791-a75a-4db0-a7c4-2798f1c98a2b.roa
File:                     61e78791-a75a-4db0-a7c4-2798f1c98a2b.roa (raw, json)
Hash identifier:          56FFy0QQY8OpzElM33efZY/yLM7DmgFOZB3E9H0HoyE=
Subject key identifier:   F0:7E:F4:59:55:F1:4D:0B:56:A9:66:7E:9C:40:B8:CC:35:1F:43:8A
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       1164EF2D67B533C1B8674B348D30EBFE65AC2054
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/61e78791-a75a-4db0-a7c4-2798f1c98a2b.roa
Signing time:             Sat 11 Feb 2023 00:00:00 +0000
ROA not before:           Sat 11 Feb 2023 00:00:00 +0000
ROA not after:            Tue 14 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:64:ef:2d:67:b5:33:c1:b8:67:4b:34:8d:30:eb:fe:65:ac:20:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 11 00:00:00 2023 GMT
            Not After : Feb 14 23:59:59 2023 GMT
        Subject: serialNumber=4270e8ca186002cb4662bca9cdd6aabf8df369bc7f0651542dc461c25b6b7db5, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:7a:3b:27:3c:ed:67:76:88:b0:54:02:11:d7:
                    6d:25:5e:b9:85:51:79:81:55:99:a1:3b:0c:6c:df:
                    4f:1d:39:ed:b5:80:72:c9:4b:d7:5b:44:2c:ec:29:
                    11:54:db:2f:cb:8b:fa:4b:4b:a5:2c:60:0d:af:9b:
                    88:d4:2c:c0:c5:2f:be:6b:e0:a0:a8:51:4d:12:2d:
                    ec:4d:0a:67:5c:fa:b8:bb:86:42:71:10:57:87:dc:
                    68:77:23:43:e6:7c:ca:d3:2a:27:c8:f9:a1:52:0e:
                    b3:47:11:44:b9:e0:7c:60:25:70:f0:86:a6:f3:32:
                    87:b3:6e:18:dc:7d:04:fe:97:56:79:69:de:02:50:
                    bd:64:3d:01:ab:09:fd:dc:5b:ef:11:ae:e6:82:cc:
                    66:fa:da:7f:26:86:3e:cb:a3:11:ae:82:48:58:f3:
                    e9:f3:ff:18:14:f2:1d:06:9b:2c:88:37:03:88:28:
                    69:2a:5b:cc:20:3c:8f:f9:73:ce:3d:e8:04:b0:be:
                    27:5b:08:05:d2:64:04:ad:9d:1d:ad:29:3c:82:84:
                    e7:4a:19:e0:0b:34:dc:56:b2:f6:cf:f0:e1:bc:96:
                    10:2d:3a:7e:1a:88:ec:ba:8c:91:86:d7:17:a7:c2:
                    8e:4d:c7:0b:a5:cc:fe:54:4d:06:e7:ec:9a:8e:de:
                    9b:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:7E:F4:59:55:F1:4D:0B:56:A9:66:7E:9C:40:B8:CC:35:1F:43:8A
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/61e78791-a75a-4db0-a7c4-2798f1c98a2b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:fa:80:ee:07:e7:a4:de:f0:57:04:25:ff:4e:43:73:5c:fe:
         38:5a:fa:db:72:b1:08:7f:ad:75:e6:62:b7:da:09:7c:a2:6c:
         26:e5:d9:6f:c3:a5:5a:31:0e:c7:4a:13:a3:03:c4:1e:82:b1:
         22:b4:c4:eb:ce:cf:fe:32:38:a6:df:e9:b4:06:11:d2:ff:ef:
         40:01:e8:a8:ef:e5:2e:1d:3a:32:ef:e6:9b:c3:4e:02:e9:32:
         ed:1e:57:b1:c8:0f:32:a4:c7:78:ee:00:98:20:a1:b4:e2:a2:
         f8:19:38:07:90:97:5b:05:7a:5f:e6:76:0a:50:dc:9b:0d:68:
         5c:2b:c8:be:2b:96:49:21:9d:b2:f4:b8:6b:e2:31:51:74:ac:
         b6:8e:62:41:2f:ee:d5:b3:95:cd:f2:d6:39:54:32:be:0f:c8:
         55:a8:b2:56:ab:79:22:66:f6:3a:cf:d2:fb:d2:d2:dc:f2:1f:
         17:89:29:3d:18:ee:15:aa:1f:18:01:e0:cf:a1:31:4c:ae:6c:
         db:a6:3c:dc:96:35:d1:a3:9c:5b:db:62:fb:0e:2f:ce:d8:2c:
         9c:e1:ab:75:91:06:95:8b:7f:c3:da:ea:2c:4e:31:71:f2:4a:
         de:2c:86:d5:ec:74:23:dd:86:df:d7:77:2d:e2:5f:70:8c:e9:
         e1:1b:ef:56
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUEWTvLWe1M8G4Z0s0jTDr/mWsIFQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjExMDAwMDAwWhcNMjMwMjE0MjM1OTU5
WjCBpTFJMEcGA1UEBRNANDI3MGU4Y2ExODYwMDJjYjQ2NjJiY2E5Y2RkNmFhYmY4
ZGYzNjliYzdmMDY1MTU0MmRjNDYxYzI1YjZiN2RiNTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAON6Oyc87Wd2iLBUAhHXbSVeuYVReYFVmaE7DGzfTx057bWAcslL
11tELOwpEVTbL8uL+ktLpSxgDa+biNQswMUvvmvgoKhRTRIt7E0KZ1z6uLuGQnEQ
V4fcaHcjQ+Z8ytMqJ8j5oVIOs0cRRLngfGAlcPCGpvMyh7NuGNx9BP6XVnlp3gJQ
vWQ9AasJ/dxb7xGu5oLMZvrafyaGPsujEa6CSFjz6fP/GBTyHQabLIg3A4goaSpb
zCA8j/lzzj3oBLC+J1sIBdJkBK2dHa0pPIKE50oZ4As03Fay9s/w4byWEC06fhqI
7LqMkYbXF6fCjk3HC6XM/lRNBufsmo7em78CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTwfvRZVfFNC1apZn6cQLjMNR9DijAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNjFlNzg3OTEtYTc1YS00ZGIwLWE3YzQtMjc5OGYxYzk4YTJiLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAL/6gO4H56Te8FcE
Jf9OQ3Nc/jha+ttysQh/rXXmYrfaCXyibCbl2W/DpVoxDsdKE6MDxB6CsSK0xOvO
z/4yOKbf6bQGEdL/70AB6Kjv5S4dOjLv5pvDTgLpMu0eV7HIDzKkx3juAJggobTi
ovgZOAeQl1sFel/mdgpQ3JsNaFwryL4rlkkhnbL0uGviMVF0rLaOYkEv7tWzlc3y
1jlUMr4PyFWoslareSJm9jrP0vvS0tzyHxeJKT0Y7hWqHxgB4M+hMUyubNumPNyW
NdGjnFvbYvsOL87YLJzhq3WRBpWLf8Pa6ixOMXHySt4shtXsdCPdht/Xdy3iX3CM
6eEb71Y=
-----END CERTIFICATE-----