Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/65e4887b-f357-49ef-bd50-860eb6a3d1e3.roa
File:                     65e4887b-f357-49ef-bd50-860eb6a3d1e3.roa (raw, json)
Hash identifier:          18Q2Yqfw6weEBlG0V8IaBued0rIJnYT/NV0WDRee1Ug=
Subject key identifier:   18:B9:FF:75:A6:18:2F:3A:1D:45:92:69:5F:91:5D:B7:AE:F6:E8:5E
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       022B8E81D5B85982D6C24EFD82A76353960D18F1
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/65e4887b-f357-49ef-bd50-860eb6a3d1e3.roa
Signing time:             Sat 25 Mar 2023 00:00:00 +0000
ROA not before:           Sat 25 Mar 2023 00:00:00 +0000
ROA not after:            Tue 28 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:2b:8e:81:d5:b8:59:82:d6:c2:4e:fd:82:a7:63:53:96:0d:18:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 25 00:00:00 2023 GMT
            Not After : Mar 28 23:59:59 2023 GMT
        Subject: serialNumber=fe39b846786cbfa469d2e9b72f13f5b7fa8d019b1fffd0024f37c7248bb387b0, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:03:12:90:b2:78:62:d7:05:4b:7d:70:6c:19:
                    a2:bd:2a:28:3a:32:d5:08:98:25:c0:d0:15:00:0b:
                    69:18:1a:24:f9:e7:92:01:f8:8c:d8:91:11:19:74:
                    84:9c:a6:3a:7f:5e:fc:6b:bd:05:64:b7:18:25:08:
                    98:5e:37:b2:02:74:22:51:2c:e0:10:2a:aa:a0:db:
                    d2:06:25:89:2c:c6:82:58:a9:04:f6:5b:75:a0:ee:
                    8f:f6:50:c2:06:b5:f9:54:e5:b2:55:81:52:f3:f2:
                    ad:79:0d:a6:f8:04:d1:74:6b:0c:69:36:27:f9:7f:
                    e5:dd:48:38:45:8d:7c:a3:0d:e4:e2:86:90:8b:65:
                    b2:a8:17:52:fa:cd:c3:7b:40:0a:ba:ce:90:d9:a6:
                    6b:f3:0f:1a:3e:01:c1:f4:33:5d:3b:31:b4:bc:b9:
                    97:10:82:99:c0:50:41:48:13:d5:c9:07:4d:12:62:
                    5a:e1:94:4b:0d:93:2e:d6:c7:b1:45:94:69:6b:3e:
                    a9:1e:a9:a0:76:ff:6e:3a:39:39:e5:a5:cb:ab:b0:
                    c9:32:32:aa:8e:35:8a:79:ed:f3:58:82:8c:ad:bf:
                    ae:cf:77:2c:bf:f2:6d:75:fd:01:1a:e8:88:28:9e:
                    80:40:4a:80:ae:03:e5:91:d0:10:fa:35:01:c3:80:
                    4b:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:B9:FF:75:A6:18:2F:3A:1D:45:92:69:5F:91:5D:B7:AE:F6:E8:5E
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/65e4887b-f357-49ef-bd50-860eb6a3d1e3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:e8:55:e0:69:78:4f:fc:16:84:97:a8:36:0a:fd:e1:a2:3e:
         37:f2:36:7f:da:f0:6a:89:9b:cb:5f:66:08:8d:17:fc:21:cc:
         7a:d9:91:fe:14:27:d4:e1:00:26:ee:c4:73:13:ac:da:e1:aa:
         78:61:f5:c1:19:ce:91:ca:9e:5c:4b:e7:cc:7f:48:4c:0b:83:
         78:eb:fc:f3:ad:44:ba:ad:3c:2e:24:6d:b0:6d:1c:b3:d5:1f:
         2e:9b:36:7d:1f:87:9a:60:60:ec:f5:0d:8f:d3:e9:d8:b5:68:
         e5:26:fd:14:b3:8e:cf:90:0b:49:3a:8a:dd:95:4f:18:30:fd:
         95:0c:12:6d:e1:9f:d3:5d:96:63:4c:d8:80:50:85:84:51:4c:
         1e:f6:62:52:6d:fa:53:20:4f:d5:7f:d9:59:50:06:29:4b:7b:
         bf:58:cb:f9:5c:c4:cc:b3:8e:0a:73:ea:e3:77:ac:b4:6b:50:
         ca:65:7c:2f:93:b0:90:b2:7b:82:69:4f:94:d0:21:aa:26:7d:
         38:b7:e3:1c:e3:b9:a9:41:c7:aa:f6:86:73:69:4e:08:79:3b:
         16:61:6e:8c:aa:06:de:ee:a0:5f:a8:b4:fd:71:d3:4c:a8:6c:
         b6:6d:dc:97:82:cf:9e:23:84:c7:c6:66:57:9a:cd:d0:8e:74:
         9f:eb:6c:a3
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUAiuOgdW4WYLWwk79gqdjU5YNGPEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzI1MDAwMDAwWhcNMjMwMzI4MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZmUzOWI4NDY3ODZjYmZhNDY5ZDJlOWI3MmYxM2Y1Yjdm
YThkMDE5YjFmZmZkMDAyNGYzN2M3MjQ4YmIzODdiMDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAK4DEpCyeGLXBUt9cGwZor0qKDoy1QiYJcDQFQALaRgaJPnnkgH4
jNiRERl0hJymOn9e/Gu9BWS3GCUImF43sgJ0IlEs4BAqqqDb0gYliSzGglipBPZb
daDuj/ZQwga1+VTlslWBUvPyrXkNpvgE0XRrDGk2J/l/5d1IOEWNfKMN5OKGkItl
sqgXUvrNw3tACrrOkNmma/MPGj4BwfQzXTsxtLy5lxCCmcBQQUgT1ckHTRJiWuGU
Sw2TLtbHsUWUaWs+qR6poHb/bjo5OeWly6uwyTIyqo41innt81iCjK2/rs93LL/y
bXX9ARroiCiegEBKgK4D5ZHQEPo1AcOASyUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQYuf91phgvOh1FkmlfkV23rvboXjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNjVlNDg4N2ItZjM1Ny00OWVmLWJkNTAtODYwZWI2YTNkMWUzLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGvoVeBpeE/8FoSX
qDYK/eGiPjfyNn/a8GqJm8tfZgiNF/whzHrZkf4UJ9ThACbuxHMTrNrhqnhh9cEZ
zpHKnlxL58x/SEwLg3jr/POtRLqtPC4kbbBtHLPVHy6bNn0fh5pgYOz1DY/T6di1
aOUm/RSzjs+QC0k6it2VTxgw/ZUMEm3hn9NdlmNM2IBQhYRRTB72YlJt+lMgT9V/
2VlQBilLe79Yy/lcxMyzjgpz6uN3rLRrUMplfC+TsJCye4JpT5TQIaomfTi34xzj
ualBx6r2hnNpTgh5OxZhboyqBt7uoF+otP1x00yobLZt3JeCz54jhMfGZleazdCO
dJ/rbKM=
-----END CERTIFICATE-----