Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6a3ebe9b-fc0a-44e3-b996-f680fd8b0e13.roa
File:                     6a3ebe9b-fc0a-44e3-b996-f680fd8b0e13.roa (raw, json)
Hash identifier:          4awy3Af/P/yRoZCZ+ANWvQsQgnuHZwbAFiWAH1yD6Gs=
Subject key identifier:   53:FE:A8:15:D8:5A:31:E4:36:50:97:A1:16:20:DF:35:D6:DA:63:F0
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       4F5C6B7AB7D317AF2342A8FD5E100FF63DBDF767
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6a3ebe9b-fc0a-44e3-b996-f680fd8b0e13.roa
Signing time:             Fri 13 Jan 2023 00:00:00 +0000
ROA not before:           Fri 13 Jan 2023 00:00:00 +0000
ROA not after:            Mon 16 Jan 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:5c:6b:7a:b7:d3:17:af:23:42:a8:fd:5e:10:0f:f6:3d:bd:f7:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jan 13 00:00:00 2023 GMT
            Not After : Jan 16 23:59:59 2023 GMT
        Subject: serialNumber=cd4c10d08e766522f9be46d537cd34a72fa003db13537a48c54ea17e1ee54b7e, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:a8:c2:d3:68:33:0f:5a:08:5e:1e:3b:7b:e5:
                    c9:0a:62:5e:69:bd:cd:c6:e9:c6:b1:ba:a0:2a:e3:
                    7c:35:17:5a:72:df:1a:e2:e9:5a:02:0c:fa:84:18:
                    de:ea:1a:77:22:30:78:c4:e7:c8:0c:bb:28:92:1a:
                    17:21:cc:a5:74:2d:4b:fb:37:ff:8a:ad:b5:8c:d5:
                    57:7b:6f:96:0f:fd:e7:40:aa:d1:4c:7c:d5:d4:fb:
                    7b:70:b0:d4:eb:b3:67:8f:d1:00:d7:67:b8:aa:40:
                    dd:3a:5a:9a:2e:b0:89:5e:f2:ba:01:c0:a8:17:70:
                    51:98:50:07:6b:83:6d:31:91:fd:4c:68:58:81:48:
                    16:e4:d8:53:22:b9:09:69:20:84:a9:6d:0b:43:c6:
                    82:e2:53:e7:3c:cd:a1:6d:5c:d4:04:8e:b2:da:60:
                    c4:79:0e:86:01:6d:98:88:c2:c1:08:19:1f:32:17:
                    1d:fd:17:c6:0c:08:3f:52:5c:d0:46:d7:e5:34:07:
                    00:8a:78:6f:60:f0:b5:1a:b1:3c:24:43:91:ba:db:
                    ea:fb:63:ab:31:17:23:80:b1:88:5e:42:f5:33:ac:
                    d6:2d:f1:7e:fe:3e:11:60:c9:d1:1f:bb:bf:7f:95:
                    3c:92:3e:da:71:53:6e:7c:7e:a5:87:03:18:38:57:
                    a1:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:FE:A8:15:D8:5A:31:E4:36:50:97:A1:16:20:DF:35:D6:DA:63:F0
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6a3ebe9b-fc0a-44e3-b996-f680fd8b0e13.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:35:28:2e:30:56:45:86:e8:ca:2a:f1:b6:7f:62:21:8d:8d:
         24:2b:e9:3d:a2:87:b4:6f:c0:99:0e:de:83:a3:dd:03:ce:35:
         cf:6b:d7:50:9c:c9:2d:87:8b:44:6d:6d:d0:b6:4e:d1:c5:c6:
         86:a4:e2:8e:c8:5d:6b:36:75:d2:cf:33:73:32:fb:0c:3b:d7:
         bf:9c:8e:c2:25:c9:b2:65:b7:da:72:5e:bd:fa:24:94:d2:a2:
         0f:dc:42:c2:ea:70:50:5c:16:60:86:92:f9:f2:63:88:d9:b4:
         4b:68:3a:f3:41:33:6c:c1:93:d6:d4:35:28:96:31:50:2c:c3:
         6d:03:72:aa:19:ce:87:6d:7a:a1:d3:81:45:72:47:29:02:10:
         69:50:bb:2c:7d:66:72:9f:77:ee:92:99:f4:5f:5b:4e:c3:fe:
         77:60:70:08:a6:f2:42:8c:c7:40:86:34:dd:7f:65:0d:78:40:
         de:c6:4e:88:d1:b2:6f:3b:41:23:98:d9:12:c1:15:ab:66:2d:
         8f:37:56:d3:75:0d:b4:8c:de:74:4e:5e:2d:24:04:0a:17:6a:
         c9:cc:c9:32:2c:96:58:60:fb:32:a4:84:cf:a4:7f:b3:b0:5b:
         8f:f0:14:0b:46:a1:e3:ff:5c:36:47:ea:ce:20:1b:fe:c8:ad:
         bf:01:4a:8f
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUT1xrerfTF68jQqj9XhAP9j2992cwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMTEzMDAwMDAwWhcNMjMwMTE2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAY2Q0YzEwZDA4ZTc2NjUyMmY5YmU0NmQ1MzdjZDM0YTcy
ZmEwMDNkYjEzNTM3YTQ4YzU0ZWExN2UxZWU1NGI3ZTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJyowtNoMw9aCF4eO3vlyQpiXmm9zcbpxrG6oCrjfDUXWnLfGuLp
WgIM+oQY3uoadyIweMTnyAy7KJIaFyHMpXQtS/s3/4qttYzVV3tvlg/950Cq0Ux8
1dT7e3Cw1OuzZ4/RANdnuKpA3Tpami6wiV7yugHAqBdwUZhQB2uDbTGR/UxoWIFI
FuTYUyK5CWkghKltC0PGguJT5zzNoW1c1ASOstpgxHkOhgFtmIjCwQgZHzIXHf0X
xgwIP1Jc0EbX5TQHAIp4b2DwtRqxPCRDkbrb6vtjqzEXI4CxiF5C9TOs1i3xfv4+
EWDJ0R+7v3+VPJI+2nFTbnx+pYcDGDhXof8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRT/qgV2Fox5DZQl6EWIN811tpj8DAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNmEzZWJlOWItZmMwYS00NGUzLWI5OTYtZjY4MGZkOGIwZTEzLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAB01KC4wVkWG6Moq
8bZ/YiGNjSQr6T2ih7RvwJkO3oOj3QPONc9r11CcyS2Hi0RtbdC2TtHFxoak4o7I
XWs2ddLPM3My+ww717+cjsIlybJlt9pyXr36JJTSog/cQsLqcFBcFmCGkvnyY4jZ
tEtoOvNBM2zBk9bUNSiWMVAsw20DcqoZzodteqHTgUVyRykCEGlQuyx9ZnKfd+6S
mfRfW07D/ndgcAim8kKMx0CGNN1/ZQ14QN7GTojRsm87QSOY2RLBFatmLY83VtN1
DbSM3nROXi0kBAoXasnMyTIsllhg+zKkhM+kf7OwW4/wFAtGoeP/XDZH6s4gG/7I
rb8BSo8=
-----END CERTIFICATE-----