Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6968b50d-74e0-411f-b8e0-7cdd83fdc4fb.roa
File:                     6968b50d-74e0-411f-b8e0-7cdd83fdc4fb.roa (raw, json)
Hash identifier:          UhkzaF+1mklOvFovh+Ryd0g/UpPS/kpjkqRCnayZ6Fs=
Subject key identifier:   C7:11:CD:2F:CC:51:58:A9:97:B0:4C:F0:16:32:37:BA:56:5D:5B:3E
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       5B7E433935025DD14AA8AAF2EC23DF416E2ACB2F
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6968b50d-74e0-411f-b8e0-7cdd83fdc4fb.roa
Signing time:             Fri 07 Apr 2023 00:00:00 +0000
ROA not before:           Fri 07 Apr 2023 00:00:00 +0000
ROA not after:            Mon 10 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:7e:43:39:35:02:5d:d1:4a:a8:aa:f2:ec:23:df:41:6e:2a:cb:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr  7 00:00:00 2023 GMT
            Not After : Apr 10 23:59:59 2023 GMT
        Subject: serialNumber=f80e02ab3c5826eb7c55b5fef243542de3cc84e289936057325fd9a4a041cf89, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:32:03:1b:34:75:8f:7b:16:f1:8e:82:5c:53:
                    02:6a:9b:02:c8:61:eb:fa:98:42:60:d6:9d:0c:11:
                    aa:6c:4a:d8:b3:61:53:7d:55:16:f8:e4:ff:67:4a:
                    7c:34:29:72:e1:56:c3:dc:93:85:9b:01:47:b3:66:
                    d6:29:7e:20:a9:0b:10:6c:b5:70:5d:75:71:13:df:
                    ea:52:19:9c:12:3b:4e:9e:2a:20:f0:c1:33:21:ad:
                    f8:35:56:75:bd:87:36:94:a3:bf:db:63:39:d2:c1:
                    68:ec:48:89:68:70:cc:ff:d5:58:1b:5a:4b:ac:d4:
                    df:e5:aa:e4:3a:79:fd:98:4a:01:d2:b5:97:4b:fa:
                    20:21:6a:41:26:00:55:4a:39:b7:e8:f8:de:1e:45:
                    66:ed:4c:52:b7:f3:a6:7d:22:04:48:7a:e4:35:a0:
                    5f:40:e6:e0:92:7d:11:1d:5b:65:74:f8:e3:68:6a:
                    a2:f0:ba:f5:13:75:3a:62:49:aa:a2:32:ce:01:0e:
                    53:e1:3b:de:4e:7e:70:b0:4e:1e:6e:b4:95:6d:57:
                    c7:52:e3:07:31:65:86:92:ff:d3:40:85:52:91:22:
                    b3:19:b6:83:1b:d8:70:6e:4a:10:8a:e9:7f:d2:eb:
                    fc:a5:88:1e:22:fc:c4:78:c3:aa:bf:f0:79:78:41:
                    b1:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:11:CD:2F:CC:51:58:A9:97:B0:4C:F0:16:32:37:BA:56:5D:5B:3E
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6968b50d-74e0-411f-b8e0-7cdd83fdc4fb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:be:ba:2b:f8:86:46:a2:21:c8:48:5b:42:b6:e6:27:a5:80:
         13:56:d1:71:80:19:ba:cb:2f:15:95:a7:bc:91:f5:83:6e:bf:
         66:bc:91:ed:b0:43:f0:84:42:14:0f:e1:d4:57:d2:73:6f:5c:
         45:58:9a:ed:1f:2e:d0:88:19:a7:a5:ad:ef:62:82:eb:ac:7d:
         54:d8:e3:56:10:1f:20:c5:39:17:da:e3:27:53:97:53:34:ef:
         d9:96:2c:29:bc:79:bf:35:88:23:f1:e5:a7:4d:c5:05:87:e0:
         b3:91:22:ed:4a:d8:0e:c8:bf:09:ce:11:c5:0c:48:bd:6f:8b:
         26:dc:13:02:d0:91:bd:56:e0:d1:6d:78:ff:62:a4:58:c9:99:
         e2:a7:b9:c1:fb:7d:2b:57:f8:66:0f:cd:cb:c8:ff:72:5d:bf:
         1f:73:a7:f3:20:17:ba:2b:48:ef:17:6d:d4:ca:73:75:22:14:
         b3:5a:4d:2e:cf:66:09:4e:5d:84:2e:15:ad:31:e0:eb:e7:ad:
         2e:9f:52:8c:8e:1b:9a:32:3c:0b:fc:78:a6:00:bc:96:e4:92:
         0a:4b:24:0c:49:44:b3:ce:5e:4d:16:27:ae:b1:ee:fb:c1:25:
         a0:af:d9:58:86:fa:51:1d:53:8f:77:8d:2e:44:d6:ad:37:03:
         9b:1a:d1:7b
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUW35DOTUCXdFKqKry7CPfQW4qyy8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDA3MDAwMDAwWhcNMjMwNDEwMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZjgwZTAyYWIzYzU4MjZlYjdjNTViNWZlZjI0MzU0MmRl
M2NjODRlMjg5OTM2MDU3MzI1ZmQ5YTRhMDQxY2Y4OTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAOIyAxs0dY97FvGOglxTAmqbAshh6/qYQmDWnQwRqmxK2LNhU31V
Fvjk/2dKfDQpcuFWw9yThZsBR7Nm1il+IKkLEGy1cF11cRPf6lIZnBI7Tp4qIPDB
MyGt+DVWdb2HNpSjv9tjOdLBaOxIiWhwzP/VWBtaS6zU3+Wq5Dp5/ZhKAdK1l0v6
ICFqQSYAVUo5t+j43h5FZu1MUrfzpn0iBEh65DWgX0Dm4JJ9ER1bZXT442hqovC6
9RN1OmJJqqIyzgEOU+E73k5+cLBOHm60lW1Xx1LjBzFlhpL/00CFUpEisxm2gxvY
cG5KEIrpf9Lr/KWIHiL8xHjDqr/weXhBsRMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTHEc0vzFFYqZewTPAWMje6Vl1bPjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNjk2OGI1MGQtNzRlMC00MTFmLWI4ZTAtN2NkZDgzZmRjNGZiLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADy+uiv4hkaiIchI
W0K25ielgBNW0XGAGbrLLxWVp7yR9YNuv2a8ke2wQ/CEQhQP4dRX0nNvXEVYmu0f
LtCIGaelre9iguusfVTY41YQHyDFORfa4ydTl1M079mWLCm8eb81iCPx5adNxQWH
4LORIu1K2A7IvwnOEcUMSL1viybcEwLQkb1W4NFteP9ipFjJmeKnucH7fStX+GYP
zcvI/3Jdvx9zp/MgF7orSO8XbdTKc3UiFLNaTS7PZglOXYQuFa0x4OvnrS6fUoyO
G5oyPAv8eKYAvJbkkgpLJAxJRLPOXk0WJ66x7vvBJaCv2ViG+lEdU493jS5E1q03
A5sa0Xs=
-----END CERTIFICATE-----