Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6e2a63e8-4f4a-4a84-9148-346a5e6f78af.roa
File:                     6e2a63e8-4f4a-4a84-9148-346a5e6f78af.roa (raw, json)
Hash identifier:          mDDTW8Yq6fgvwbMGNEiL0Pjn/NOsEwCR4G7Mn3of2N8=
Subject key identifier:   F1:38:1E:DC:01:FF:29:1E:87:DE:1B:3A:1C:C6:F0:11:45:A5:B5:D5
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       1C186E817B0EED993E9E9BBBF98052B8203E6385
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6e2a63e8-4f4a-4a84-9148-346a5e6f78af.roa
Signing time:             Mon 13 Feb 2023 00:00:00 +0000
ROA not before:           Mon 13 Feb 2023 00:00:00 +0000
ROA not after:            Thu 16 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:18:6e:81:7b:0e:ed:99:3e:9e:9b:bb:f9:80:52:b8:20:3e:63:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 13 00:00:00 2023 GMT
            Not After : Feb 16 23:59:59 2023 GMT
        Subject: serialNumber=8518b13320fb08ec1c6e81c9042ab56b8b89cf3ea998831b1fabe60cd28da001, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:f1:b3:67:4f:f1:f9:12:57:16:90:7c:31:ed:
                    56:b7:0a:35:6b:d3:19:a1:bc:74:fb:8c:ce:d5:dc:
                    b9:26:98:dd:07:64:d8:38:3b:cd:c0:7b:ca:3b:04:
                    93:00:e0:3d:5d:22:43:63:29:ba:ae:c5:68:41:29:
                    ad:0f:a2:c6:2d:d3:92:83:f1:41:f0:4b:8c:cb:10:
                    e1:bc:2f:09:81:de:1e:cc:2e:cb:ff:38:c2:36:a3:
                    4d:73:55:71:ac:a6:79:97:85:f9:48:1c:d1:39:9a:
                    3d:bd:9b:c7:04:be:cb:3c:b4:b0:a2:10:c3:76:17:
                    b0:5e:4d:b4:f8:fb:7f:77:6c:14:12:34:25:ac:8a:
                    fc:94:71:59:2c:c7:01:5f:bf:f6:b9:d1:24:c9:92:
                    41:d0:43:6e:d1:b2:75:f5:d3:22:6a:b7:13:ee:cd:
                    08:e0:b1:52:be:93:07:70:e2:d0:05:44:6c:06:b8:
                    0c:58:86:fb:1b:e8:34:88:71:8c:0b:7d:db:a1:d1:
                    51:73:1c:60:b1:3a:3a:a1:dd:6e:2c:ac:9c:04:ab:
                    49:12:51:40:a5:05:5a:28:1f:3c:3a:c4:9d:3f:61:
                    62:91:67:28:9c:35:06:10:e6:98:1a:4b:b7:11:10:
                    77:28:66:c4:e4:eb:11:b0:ad:be:9e:e2:12:6b:3b:
                    40:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:38:1E:DC:01:FF:29:1E:87:DE:1B:3A:1C:C6:F0:11:45:A5:B5:D5
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6e2a63e8-4f4a-4a84-9148-346a5e6f78af.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:35:1c:cb:dd:27:bf:67:a5:0e:60:7b:7b:7c:ae:da:b1:b6:
         10:8f:fc:d6:b7:61:87:9d:80:db:a0:b3:4e:ed:06:67:e2:53:
         cb:ce:93:15:9e:ef:c5:ce:2a:94:ed:a3:6a:2c:2c:54:45:bb:
         cf:43:53:87:45:cb:59:fa:ac:2f:94:1e:e7:f2:1b:21:e9:4f:
         dd:94:cb:fe:29:5a:66:26:3b:ec:b6:39:1d:c3:42:f7:7a:05:
         f1:f0:ae:bb:13:60:d3:d5:9f:65:62:ea:cc:a3:f6:02:eb:38:
         49:2b:be:1e:63:8b:17:1b:df:05:b0:0d:ae:14:b0:15:58:ee:
         e2:d2:11:09:c5:ef:5a:f3:60:10:ab:7c:0d:ca:1d:d5:66:69:
         16:bc:1c:64:18:ed:df:da:75:62:4b:ab:bb:aa:e3:2d:c6:ec:
         cc:87:bc:55:7f:31:5f:37:f0:3e:65:a0:f1:df:58:5a:3b:5c:
         f8:bd:4a:f2:20:ec:38:63:2b:2e:3d:e3:0c:bb:6b:ea:37:04:
         70:b0:9e:08:b9:5d:22:e7:e1:ac:97:64:25:3a:18:d4:48:ea:
         0d:96:24:ce:f5:92:8a:8a:73:1e:8a:6b:b0:4c:b8:d4:34:51:
         2c:94:bb:43:3e:ad:7a:57:3f:af:91:93:6c:56:f4:c9:c1:92:
         0d:98:c4:25
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUHBhugXsO7Zk+npu7+YBSuCA+Y4UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjEzMDAwMDAwWhcNMjMwMjE2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAODUxOGIxMzMyMGZiMDhlYzFjNmU4MWM5MDQyYWI1NmI4
Yjg5Y2YzZWE5OTg4MzFiMWZhYmU2MGNkMjhkYTAwMTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALPxs2dP8fkSVxaQfDHtVrcKNWvTGaG8dPuMztXcuSaY3Qdk2Dg7
zcB7yjsEkwDgPV0iQ2Mpuq7FaEEprQ+ixi3TkoPxQfBLjMsQ4bwvCYHeHswuy/84
wjajTXNVcaymeZeF+Ugc0TmaPb2bxwS+yzy0sKIQw3YXsF5NtPj7f3dsFBI0JayK
/JRxWSzHAV+/9rnRJMmSQdBDbtGydfXTImq3E+7NCOCxUr6TB3Di0AVEbAa4DFiG
+xvoNIhxjAt926HRUXMcYLE6OqHdbiysnASrSRJRQKUFWigfPDrEnT9hYpFnKJw1
BhDmmBpLtxEQdyhmxOTrEbCtvp7iEms7QL8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTxOB7cAf8pHofeGzocxvARRaW11TAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNmUyYTYzZTgtNGY0YS00YTg0LTkxNDgtMzQ2YTVlNmY3OGFmLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALY1HMvdJ79npQ5g
e3t8rtqxthCP/Na3YYedgNugs07tBmfiU8vOkxWe78XOKpTto2osLFRFu89DU4dF
y1n6rC+UHufyGyHpT92Uy/4pWmYmO+y2OR3DQvd6BfHwrrsTYNPVn2Vi6syj9gLr
OEkrvh5jixcb3wWwDa4UsBVY7uLSEQnF71rzYBCrfA3KHdVmaRa8HGQY7d/adWJL
q7uq4y3G7MyHvFV/MV838D5loPHfWFo7XPi9SvIg7DhjKy494wy7a+o3BHCwngi5
XSLn4ayXZCU6GNRI6g2WJM71koqKcx6Ka7BMuNQ0USyUu0M+rXpXP6+Rk2xW9MnB
kg2YxCU=
-----END CERTIFICATE-----