Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6b31d8b9-3bc1-49a1-9f1f-9f4f01442a5f.roa
File:                     6b31d8b9-3bc1-49a1-9f1f-9f4f01442a5f.roa (raw, json)
Hash identifier:          ZLs9ZjBQzSH/jqyd2+u+wENEwLrgKN8qBGSDbcXgQUE=
Subject key identifier:   9C:26:90:CC:7F:87:F3:BE:A2:58:DF:A0:EE:5F:75:1A:06:4C:FE:4E
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       6CB54D4559EB602789682CEBEFE1B33F9F4FA372
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6b31d8b9-3bc1-49a1-9f1f-9f4f01442a5f.roa
Signing time:             Fri 07 Apr 2023 00:00:00 +0000
ROA not before:           Fri 07 Apr 2023 00:00:00 +0000
ROA not after:            Mon 10 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:b5:4d:45:59:eb:60:27:89:68:2c:eb:ef:e1:b3:3f:9f:4f:a3:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr  7 00:00:00 2023 GMT
            Not After : Apr 10 23:59:59 2023 GMT
        Subject: serialNumber=0c327cec90a0faf80ca893f26856fdb3ed15ee06f2fc866661cdd3eb8aa147e2, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:d2:15:16:9f:42:5b:01:d4:dc:b6:c1:eb:4b:
                    db:ee:ec:89:fc:1d:cd:03:b3:77:48:2b:6a:4f:3e:
                    3c:44:d2:2e:58:28:1f:46:a4:db:29:5d:9c:54:cc:
                    70:54:f5:ec:fd:e5:88:cb:cf:f6:77:91:77:02:da:
                    99:c7:94:fc:da:d3:a7:ee:69:c4:f4:bc:ca:a0:6f:
                    e8:1c:d7:30:0b:07:5f:41:57:9d:2b:e8:3f:0c:0f:
                    ed:c9:49:8f:f8:6e:95:4b:bf:b0:00:ab:d0:5a:36:
                    04:5c:43:59:6d:cb:af:44:4c:58:57:57:1e:80:0b:
                    95:0c:94:89:00:a3:26:5a:1c:ca:6e:c8:27:c6:85:
                    d7:64:c5:a5:bd:2d:31:63:6a:3c:14:41:48:41:8f:
                    33:7a:25:8f:7e:bd:37:f2:fe:45:9c:db:56:33:a0:
                    6f:0a:59:90:5e:90:94:f9:ff:40:a8:6b:33:e8:76:
                    48:73:9f:5b:0b:57:c6:23:8b:1c:c9:8e:b0:2e:24:
                    b7:66:cb:4a:d6:af:b3:6f:f6:0d:f5:5e:b2:8e:fc:
                    39:42:08:11:90:66:19:d7:82:12:a3:df:1a:1c:e2:
                    d6:93:66:fb:8d:08:3f:ea:a6:c1:b0:48:76:6f:26:
                    8f:ce:d7:d5:35:74:ff:e1:7a:ad:31:b2:38:7f:e4:
                    d0:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:26:90:CC:7F:87:F3:BE:A2:58:DF:A0:EE:5F:75:1A:06:4C:FE:4E
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6b31d8b9-3bc1-49a1-9f1f-9f4f01442a5f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:67:0b:45:06:8f:cb:29:da:2e:43:ab:80:35:b5:88:86:ea:
         4a:b6:5e:9a:5f:84:d4:c1:0f:04:9b:be:31:64:65:0b:d1:c1:
         96:30:32:62:48:d7:7c:64:87:31:db:57:78:9a:06:98:94:a1:
         69:20:e4:2e:75:22:ab:d6:f6:1a:aa:9d:25:58:e8:da:ed:f7:
         4b:b6:ff:c4:33:4b:be:fd:6e:13:9e:16:09:e5:62:e9:ac:3f:
         e8:34:37:81:01:a2:85:d3:c4:c9:9f:18:94:03:9d:29:ad:dc:
         ee:54:44:f4:90:21:81:7b:a5:5e:b9:23:cd:e7:53:20:51:58:
         2e:01:81:67:aa:37:53:eb:f1:43:a5:a5:0f:b0:25:b9:36:23:
         55:10:a3:06:87:b8:1e:af:fc:1d:a2:ec:5e:0a:a4:60:54:df:
         14:31:2b:b2:22:58:3c:f1:fd:29:d1:66:37:a0:83:c2:9c:07:
         5f:f7:1f:69:6c:71:62:84:4d:61:b3:1a:ba:89:be:4d:b4:0c:
         1a:ec:2c:ab:c8:e4:ef:16:39:39:5f:97:a1:11:82:3d:53:07:
         f8:a8:8a:6f:18:a7:16:b5:e5:2b:7e:15:ce:8d:50:e5:21:f0:
         6e:3f:65:12:11:fc:6f:b8:96:09:7d:cd:2b:b2:cc:2c:86:c3:
         c5:d4:de:97
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUbLVNRVnrYCeJaCzr7+GzP59Po3IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDA3MDAwMDAwWhcNMjMwNDEwMjM1OTU5
WjCBpTFJMEcGA1UEBRNAMGMzMjdjZWM5MGEwZmFmODBjYTg5M2YyNjg1NmZkYjNl
ZDE1ZWUwNmYyZmM4NjY2NjFjZGQzZWI4YWExNDdlMjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMrSFRafQlsB1Ny2wetL2+7sifwdzQOzd0grak8+PETSLlgoH0ak
2yldnFTMcFT17P3liMvP9neRdwLamceU/NrTp+5pxPS8yqBv6BzXMAsHX0FXnSvo
PwwP7clJj/hulUu/sACr0Fo2BFxDWW3Lr0RMWFdXHoALlQyUiQCjJlocym7IJ8aF
12TFpb0tMWNqPBRBSEGPM3olj369N/L+RZzbVjOgbwpZkF6QlPn/QKhrM+h2SHOf
WwtXxiOLHMmOsC4kt2bLStavs2/2DfVeso78OUIIEZBmGdeCEqPfGhzi1pNm+40I
P+qmwbBIdm8mj87X1TV0/+F6rTGyOH/k0JcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBScJpDMf4fzvqJY36DuX3UaBkz+TjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNmIzMWQ4YjktM2JjMS00OWExLTlmMWYtOWY0ZjAxNDQyYTVmLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAMJnC0UGj8sp2i5D
q4A1tYiG6kq2XppfhNTBDwSbvjFkZQvRwZYwMmJI13xkhzHbV3iaBpiUoWkg5C51
IqvW9hqqnSVY6Nrt90u2/8QzS779bhOeFgnlYumsP+g0N4EBooXTxMmfGJQDnSmt
3O5URPSQIYF7pV65I83nUyBRWC4BgWeqN1Pr8UOlpQ+wJbk2I1UQowaHuB6v/B2i
7F4KpGBU3xQxK7IiWDzx/SnRZjegg8KcB1/3H2lscWKETWGzGrqJvk20DBrsLKvI
5O8WOTlfl6ERgj1TB/ioim8Ypxa15St+Fc6NUOUh8G4/ZRIR/G+4lgl9zSuyzCyG
w8XU3pc=
-----END CERTIFICATE-----