Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6c218b20-e5cf-4699-8edc-af11cc18cf8c.roa
File:                     6c218b20-e5cf-4699-8edc-af11cc18cf8c.roa (raw, json)
Hash identifier:          ziBuLRFBDzolk3hkck+7MvqDrneHJdJTvn4PIbYOSbI=
Subject key identifier:   A1:FA:58:76:36:3C:08:A9:44:35:B4:5B:1A:89:ED:BD:A8:D3:69:08
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       3143AD43D257FDA52BCB3C9771DC4C4CDA5AF5A8
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6c218b20-e5cf-4699-8edc-af11cc18cf8c.roa
Signing time:             Fri 10 Feb 2023 00:00:00 +0000
ROA not before:           Fri 10 Feb 2023 00:00:00 +0000
ROA not after:            Mon 13 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:43:ad:43:d2:57:fd:a5:2b:cb:3c:97:71:dc:4c:4c:da:5a:f5:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 10 00:00:00 2023 GMT
            Not After : Feb 13 23:59:59 2023 GMT
        Subject: serialNumber=dc50289b5ea4979cc2a28d3c6eea196efed7655291f05128b9df898871f985a8, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:46:e7:33:5a:9a:f8:55:9e:fe:ee:38:d7:ed:
                    a9:a2:b1:00:de:5c:4c:3b:bf:a1:56:15:4d:24:ff:
                    00:94:67:18:13:97:80:1a:de:6a:50:9a:5a:56:19:
                    01:e7:da:c5:0d:ed:08:dc:1d:fe:33:f6:fd:56:73:
                    ab:8b:65:ac:cb:2d:2e:e3:30:79:9e:d4:4a:6d:63:
                    aa:60:93:ad:07:fe:c1:ee:2b:cc:da:53:2c:97:f1:
                    f1:3a:56:c3:27:08:1e:17:52:a6:09:00:fb:fe:82:
                    17:e2:60:81:72:73:1c:d4:e7:79:43:d7:1a:37:5b:
                    86:30:0c:37:58:fc:46:56:64:2a:ad:1c:6d:dc:c4:
                    e1:cd:c7:44:8b:c7:5f:f6:46:e5:bb:c3:12:9b:49:
                    70:2e:25:37:ab:6a:92:df:2d:20:3e:17:67:13:5c:
                    19:10:b1:1c:13:c3:1c:ac:44:86:33:e6:7f:30:be:
                    44:09:f8:3b:36:c0:df:49:fe:42:c9:19:2a:0d:ea:
                    85:ed:6a:d0:b3:5e:8a:a0:dc:ec:4b:04:1e:5f:93:
                    03:cd:2d:9d:39:0d:06:ef:a3:7f:6c:5f:2b:8c:c0:
                    f1:90:15:3e:00:7c:a3:81:94:f5:23:d4:74:be:f8:
                    8a:d8:28:fe:61:31:db:03:f3:73:80:1e:90:c9:35:
                    b2:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:FA:58:76:36:3C:08:A9:44:35:B4:5B:1A:89:ED:BD:A8:D3:69:08
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6c218b20-e5cf-4699-8edc-af11cc18cf8c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:8f:f8:a3:34:12:9b:db:2e:f3:2a:bb:27:a5:e1:98:d9:2e:
         05:63:fc:c6:33:42:f8:f3:29:f9:de:80:02:20:99:4f:74:bf:
         33:4a:3a:61:e0:1c:ec:0e:a3:4f:b0:10:34:6f:65:49:75:d1:
         33:52:c0:1c:6f:82:15:bf:c1:34:55:5f:c1:36:37:d4:99:01:
         2f:16:7b:12:d7:d6:c7:c5:0b:cc:9d:2b:78:62:59:be:ee:c4:
         46:fc:6f:f5:84:5a:97:21:e3:0d:93:6f:df:7a:be:f2:27:b8:
         98:80:90:a4:79:4b:27:a6:37:86:f1:3f:90:f2:94:63:f1:4a:
         e9:5f:1d:bf:f4:a9:20:d2:9d:fb:1d:01:7f:23:f3:2d:8a:bd:
         e0:f7:e2:66:b1:ae:61:d4:a9:8b:8d:3f:d0:e4:38:e6:6f:64:
         48:6a:d2:30:34:6f:f5:82:bf:80:6d:59:89:1a:8c:ec:39:8b:
         b3:cf:99:73:a9:92:c1:d8:82:2b:44:36:97:97:8b:ad:fa:10:
         5a:3e:f5:f5:f4:e5:b0:82:4e:1b:18:28:11:68:5e:9c:3a:61:
         2f:d7:61:2d:02:2a:85:b5:d9:f6:92:d3:1a:65:a1:82:dc:e9:
         1a:a4:2e:44:33:e6:7b:14:05:49:b3:d6:c5:7a:be:10:3a:e1:
         b5:79:d2:ec
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUMUOtQ9JX/aUryzyXcdxMTNpa9agwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjEwMDAwMDAwWhcNMjMwMjEzMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZGM1MDI4OWI1ZWE0OTc5Y2MyYTI4ZDNjNmVlYTE5NmVm
ZWQ3NjU1MjkxZjA1MTI4YjlkZjg5ODg3MWY5ODVhODEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALNG5zNamvhVnv7uONftqaKxAN5cTDu/oVYVTST/AJRnGBOXgBre
alCaWlYZAefaxQ3tCNwd/jP2/VZzq4tlrMstLuMweZ7USm1jqmCTrQf+we4rzNpT
LJfx8TpWwycIHhdSpgkA+/6CF+JggXJzHNTneUPXGjdbhjAMN1j8RlZkKq0cbdzE
4c3HRIvHX/ZG5bvDEptJcC4lN6tqkt8tID4XZxNcGRCxHBPDHKxEhjPmfzC+RAn4
OzbA30n+QskZKg3qhe1q0LNeiqDc7EsEHl+TA80tnTkNBu+jf2xfK4zA8ZAVPgB8
o4GU9SPUdL74itgo/mEx2wPzc4AekMk1sncCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSh+lh2NjwIqUQ1tFsaie29qNNpCDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNmMyMThiMjAtZTVjZi00Njk5LThlZGMtYWYxMWNjMThjZjhjLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAICP+KM0EpvbLvMq
uyel4ZjZLgVj/MYzQvjzKfnegAIgmU90vzNKOmHgHOwOo0+wEDRvZUl10TNSwBxv
ghW/wTRVX8E2N9SZAS8WexLX1sfFC8ydK3hiWb7uxEb8b/WEWpch4w2Tb996vvIn
uJiAkKR5SyemN4bxP5DylGPxSulfHb/0qSDSnfsdAX8j8y2KveD34maxrmHUqYuN
P9DkOOZvZEhq0jA0b/WCv4BtWYkajOw5i7PPmXOpksHYgitENpeXi636EFo+9fX0
5bCCThsYKBFoXpw6YS/XYS0CKoW12faS0xploYLc6RqkLkQz5nsUBUmz1sV6vhA6
4bV50uw=
-----END CERTIFICATE-----