Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/646e1ed2-2f87-4df7-8ba0-a1c10d5856ed.roa
File:                     646e1ed2-2f87-4df7-8ba0-a1c10d5856ed.roa (raw, json)
Hash identifier:          yY8tn3WK13+CY7oOgOQThNFnOGp1rYle7Oao4h7+KjM=
Subject key identifier:   2A:12:D8:8A:F9:98:B9:B7:B8:65:32:43:E0:12:C9:8E:02:53:C2:0E
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       308AFF60DD6C316223904539E0AFAEEFF130F262
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/646e1ed2-2f87-4df7-8ba0-a1c10d5856ed.roa
Signing time:             Tue 28 Mar 2023 00:00:00 +0000
ROA not before:           Tue 28 Mar 2023 00:00:00 +0000
ROA not after:            Fri 31 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:8a:ff:60:dd:6c:31:62:23:90:45:39:e0:af:ae:ef:f1:30:f2:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 28 00:00:00 2023 GMT
            Not After : Mar 31 23:59:59 2023 GMT
        Subject: serialNumber=eb0c374a4de1eccef8852a584a7cdf20511930460e2a339c13adfa84aa4f2278, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:f2:d1:07:5b:a2:f7:78:5b:cc:7b:ec:fa:d7:
                    21:f1:0e:d5:55:a3:ff:30:ed:c8:b8:a6:b8:63:79:
                    47:ff:24:b2:7c:97:f1:a0:7d:bd:c8:12:e9:e6:fe:
                    9b:94:bd:fc:61:5a:6c:44:0d:2b:12:e3:26:5b:ac:
                    d7:17:d3:b1:de:74:ab:b3:d1:09:eb:7a:dc:38:c6:
                    c9:e6:fa:1d:79:7d:de:de:2e:33:c4:37:49:6f:50:
                    71:fe:3e:ba:56:89:6c:b6:c0:af:ec:46:ac:6b:e7:
                    4f:8b:32:c0:32:77:c6:70:c7:9a:87:58:66:8e:2f:
                    25:19:f0:84:67:45:32:6f:62:63:7f:92:c0:09:11:
                    3c:1f:9e:f6:3f:b1:05:5c:5f:97:3c:95:69:ea:82:
                    05:0f:d4:b8:81:c4:bf:b6:30:55:65:9b:73:16:54:
                    39:4a:94:2d:e9:40:cd:ba:4e:14:4d:a3:7a:9b:3e:
                    a5:f8:1e:b9:1d:e8:c9:be:d1:cc:d4:46:9b:ff:8e:
                    27:47:b0:f7:3b:13:27:3d:f6:d9:41:95:ff:3f:3d:
                    9d:de:8f:aa:54:3e:a6:28:f3:68:fc:ea:be:fb:4f:
                    2d:b8:22:c6:a1:0b:d5:2c:8e:78:33:f9:5c:a1:91:
                    fb:df:5a:36:3e:fa:b4:8f:bf:ad:da:d5:54:39:91:
                    1c:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:12:D8:8A:F9:98:B9:B7:B8:65:32:43:E0:12:C9:8E:02:53:C2:0E
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/646e1ed2-2f87-4df7-8ba0-a1c10d5856ed.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:56:e6:3d:60:ff:9b:c5:5d:d2:11:c5:c5:3b:36:d4:45:97:
         ae:70:9e:ee:42:76:72:1f:b6:b5:47:c4:82:0c:f4:69:0b:f9:
         6a:4d:c3:aa:32:c6:7d:bd:cc:d0:25:01:98:df:05:14:61:4e:
         9a:19:71:53:26:89:b0:6e:c3:21:48:20:39:c4:b0:86:ad:cb:
         b9:48:4a:9d:8b:67:bc:3c:12:b0:ba:1d:51:9b:7b:96:f1:c2:
         82:4e:6c:4e:e0:5f:4a:70:87:ee:05:c3:1e:e5:be:56:6f:67:
         00:b6:0d:1e:d1:ca:4f:b2:ce:c5:05:34:28:a7:c4:4d:e9:3d:
         47:b6:0a:ff:9f:09:26:ae:87:62:65:88:d3:ee:c3:ee:12:4c:
         42:1a:04:07:f9:7b:6a:d6:75:9b:b1:c5:0e:23:21:63:3d:f7:
         4e:29:fd:ac:84:48:32:46:57:55:87:e0:51:45:29:70:8d:b3:
         d8:ef:db:5c:29:e6:08:b3:08:a1:50:6e:cd:bd:95:cc:6c:af:
         3a:5a:bf:49:e1:8f:5b:54:c7:62:70:90:21:ee:73:5a:a3:b3:
         3e:d1:c3:d0:7b:cb:b9:6a:23:9c:21:a2:b8:11:3e:36:c6:e9:
         7c:2e:12:c2:31:c6:b8:1a:11:0a:56:57:03:35:18:80:6a:7a:
         f4:da:35:8f
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUMIr/YN1sMWIjkEU54K+u7/Ew8mIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzI4MDAwMDAwWhcNMjMwMzMxMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZWIwYzM3NGE0ZGUxZWNjZWY4ODUyYTU4NGE3Y2RmMjA1
MTE5MzA0NjBlMmEzMzljMTNhZGZhODRhYTRmMjI3ODEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJ3y0Qdbovd4W8x77PrXIfEO1VWj/zDtyLimuGN5R/8ksnyX8aB9
vcgS6eb+m5S9/GFabEQNKxLjJlus1xfTsd50q7PRCet63DjGyeb6HXl93t4uM8Q3
SW9Qcf4+ulaJbLbAr+xGrGvnT4sywDJ3xnDHmodYZo4vJRnwhGdFMm9iY3+SwAkR
PB+e9j+xBVxflzyVaeqCBQ/UuIHEv7YwVWWbcxZUOUqULelAzbpOFE2jeps+pfge
uR3oyb7RzNRGm/+OJ0ew9zsTJz322UGV/z89nd6PqlQ+pijzaPzqvvtPLbgixqEL
1SyOeDP5XKGR+99aNj76tI+/rdrVVDmRHJMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQqEtiK+Zi5t7hlMkPgEsmOAlPCDjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNjQ2ZTFlZDItMmY4Ny00ZGY3LThiYTAtYTFjMTBkNTg1NmVkLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABJW5j1g/5vFXdIR
xcU7NtRFl65wnu5CdnIftrVHxIIM9GkL+WpNw6oyxn29zNAlAZjfBRRhTpoZcVMm
ibBuwyFIIDnEsIaty7lISp2LZ7w8ErC6HVGbe5bxwoJObE7gX0pwh+4Fwx7lvlZv
ZwC2DR7Ryk+yzsUFNCinxE3pPUe2Cv+fCSauh2JliNPuw+4STEIaBAf5e2rWdZux
xQ4jIWM9904p/ayESDJGV1WH4FFFKXCNs9jv21wp5gizCKFQbs29lcxsrzpav0nh
j1tUx2JwkCHuc1qjsz7Rw9B7y7lqI5whorgRPjbG6XwuEsIxxrgaEQpWVwM1GIBq
evTaNY8=
-----END CERTIFICATE-----