Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6ab2ce41-c34c-43f5-8a3a-76b27f805aa8.roa
File:                     6ab2ce41-c34c-43f5-8a3a-76b27f805aa8.roa (raw, json)
Hash identifier:          NRKYt05wxUK72tbVjeeph0bZo8CBD9mVxlsnCxFysS0=
Subject key identifier:   6F:50:96:A7:DF:F4:09:A3:04:28:2E:4C:AD:6F:EC:A3:7B:C1:50:B3
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       3A6BEA892BAA14651795F43F4C8036F67986B0B5
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6ab2ce41-c34c-43f5-8a3a-76b27f805aa8.roa
Signing time:             Tue 21 Feb 2023 00:00:00 +0000
ROA not before:           Tue 21 Feb 2023 00:00:00 +0000
ROA not after:            Fri 24 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:6b:ea:89:2b:aa:14:65:17:95:f4:3f:4c:80:36:f6:79:86:b0:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 21 00:00:00 2023 GMT
            Not After : Feb 24 23:59:59 2023 GMT
        Subject: serialNumber=249915e105fe65f36fe52c37bd3b1b7c2e0b3516776761a8ed4fef411cbffac5, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:38:1b:8f:46:9b:dd:3e:4c:02:3a:c1:44:ca:
                    d8:32:ae:19:87:4f:05:99:60:61:2f:07:d2:dd:08:
                    1d:13:5b:55:98:1d:89:a3:ca:dc:67:3d:36:51:6d:
                    1d:2c:a0:7a:ea:8b:dc:bd:27:b5:98:98:7f:2d:9b:
                    8f:79:00:70:c5:fc:bd:dc:d6:34:6a:a7:8e:72:0e:
                    37:ea:42:cb:ce:32:43:fc:d1:df:3f:30:da:a5:e2:
                    5b:a8:30:dc:41:29:72:fb:76:db:6f:33:b6:ff:b5:
                    df:5d:68:8a:51:5c:15:bb:03:61:80:19:f4:e9:37:
                    74:e1:7c:71:a7:f3:b3:7f:97:45:52:00:b1:03:ae:
                    b2:4a:cc:7f:6d:86:a2:3b:34:99:78:53:e4:9b:8a:
                    6c:1a:fd:9e:aa:13:02:18:b6:87:ac:7f:7f:53:c6:
                    42:18:02:72:3c:e7:31:f8:96:12:4a:f9:10:6b:21:
                    e0:66:7d:02:50:43:80:4b:cc:8d:a3:b8:91:da:69:
                    f7:61:25:74:02:8f:1d:a0:42:ad:c6:b3:95:c8:ba:
                    97:37:e7:bc:c5:23:7f:97:5a:f3:76:1c:a6:68:53:
                    66:74:86:56:25:25:5d:c8:ec:64:91:13:42:26:47:
                    6e:77:08:99:89:49:f0:61:1a:8a:d1:06:45:fb:af:
                    08:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:50:96:A7:DF:F4:09:A3:04:28:2E:4C:AD:6F:EC:A3:7B:C1:50:B3
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6ab2ce41-c34c-43f5-8a3a-76b27f805aa8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:7a:58:9b:76:7c:59:8a:9d:9b:5f:b4:1c:67:7a:df:19:6d:
         67:9b:a6:b6:16:be:0d:78:66:c0:b6:fa:4e:5c:62:d9:b0:8f:
         a4:09:b5:83:24:58:7f:a9:53:ee:c6:52:cb:66:fa:13:2c:28:
         ec:a1:85:a2:9b:32:a0:81:2f:79:b3:af:e9:69:9f:c6:61:68:
         5f:26:ca:bd:85:da:b2:90:0b:06:93:5b:50:94:6f:e5:85:70:
         85:63:c2:a0:4b:3e:48:2a:4b:e6:20:88:36:a7:84:21:b1:59:
         a5:33:f2:43:1b:18:1a:54:b5:97:9f:50:11:da:a6:ac:53:46:
         f6:f0:b7:2d:90:3a:0b:42:86:81:3a:bc:8b:5e:cd:61:b3:c1:
         70:2a:2d:9a:bc:f0:54:07:2f:ce:45:27:81:d6:5e:c4:2b:19:
         83:db:15:d3:3a:d4:df:0f:a2:b2:1f:88:62:33:9c:d6:05:0d:
         b8:11:0b:55:ca:ef:0c:03:3e:27:17:46:91:83:16:7c:1b:41:
         a7:b5:73:e9:1d:02:d5:f7:7d:e8:a4:98:37:fb:10:7f:a5:f9:
         e4:28:44:0b:dc:31:a3:fb:f6:7c:1e:5e:da:be:a5:f4:fd:a0:
         97:76:8f:f5:c5:ec:da:c6:6f:08:e3:e6:34:52:e8:ac:c8:a0:
         e7:97:9b:4a
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUOmvqiSuqFGUXlfQ/TIA29nmGsLUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjIxMDAwMDAwWhcNMjMwMjI0MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMjQ5OTE1ZTEwNWZlNjVmMzZmZTUyYzM3YmQzYjFiN2My
ZTBiMzUxNjc3Njc2MWE4ZWQ0ZmVmNDExY2JmZmFjNTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKM4G49Gm90+TAI6wUTK2DKuGYdPBZlgYS8H0t0IHRNbVZgdiaPK
3Gc9NlFtHSygeuqL3L0ntZiYfy2bj3kAcMX8vdzWNGqnjnION+pCy84yQ/zR3z8w
2qXiW6gw3EEpcvt2228ztv+1311oilFcFbsDYYAZ9Ok3dOF8cafzs3+XRVIAsQOu
skrMf22Gojs0mXhT5JuKbBr9nqoTAhi2h6x/f1PGQhgCcjznMfiWEkr5EGsh4GZ9
AlBDgEvMjaO4kdpp92EldAKPHaBCrcazlci6lzfnvMUjf5da83YcpmhTZnSGViUl
XcjsZJETQiZHbncImYlJ8GEaitEGRfuvCBkCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRvUJan3/QJowQoLkytb+yje8FQszAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNmFiMmNlNDEtYzM0Yy00M2Y1LThhM2EtNzZiMjdmODA1YWE4LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKJ6WJt2fFmKnZtf
tBxnet8ZbWebprYWvg14ZsC2+k5cYtmwj6QJtYMkWH+pU+7GUstm+hMsKOyhhaKb
MqCBL3mzr+lpn8ZhaF8myr2F2rKQCwaTW1CUb+WFcIVjwqBLPkgqS+YgiDanhCGx
WaUz8kMbGBpUtZefUBHapqxTRvbwty2QOgtChoE6vItezWGzwXAqLZq88FQHL85F
J4HWXsQrGYPbFdM61N8PorIfiGIznNYFDbgRC1XK7wwDPicXRpGDFnwbQae1c+kd
AtX3feikmDf7EH+l+eQoRAvcMaP79nweXtq+pfT9oJd2j/XF7NrGbwjj5jRS6KzI
oOeXm0o=
-----END CERTIFICATE-----