Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/71401cb3-2aa6-4e1b-b456-75a1023ce63a.roa
File:                     71401cb3-2aa6-4e1b-b456-75a1023ce63a.roa (raw, json)
Hash identifier:          3lQV3lE+aRM0yWwwGM3uRLnYWoL1cNekrSHTLs2cUdE=
Subject key identifier:   6D:D1:D5:4D:2B:F3:1E:BE:FA:94:07:85:53:F5:76:7B:E8:CB:90:38
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       1FF24109A457B2A3AEC84F9A647E6233A17F0570
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/71401cb3-2aa6-4e1b-b456-75a1023ce63a.roa
Signing time:             Wed 26 Apr 2023 00:00:00 +0000
ROA not before:           Wed 26 Apr 2023 00:00:00 +0000
ROA not after:            Sat 29 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:f2:41:09:a4:57:b2:a3:ae:c8:4f:9a:64:7e:62:33:a1:7f:05:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 26 00:00:00 2023 GMT
            Not After : Apr 29 23:59:59 2023 GMT
        Subject: serialNumber=226cd4eab95516da28a1c696ed9626db2fe12cf7c30644e642e61a48185502a2, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:49:46:25:6b:ca:18:56:c7:a0:37:f9:33:7b:
                    61:04:a4:00:f7:5b:51:aa:a4:8c:d9:2a:fe:80:fe:
                    e8:fd:a9:c2:1c:d8:72:4c:2b:96:22:c7:2c:d0:3d:
                    e9:72:73:62:24:45:2a:5e:a3:9e:e0:d1:ff:f1:f2:
                    75:6b:3b:07:66:36:3f:1a:ea:8e:ba:62:72:f9:ef:
                    03:08:f3:af:f9:2b:51:bc:f4:38:19:d5:42:ae:5d:
                    51:ca:0d:a8:25:40:d4:b2:3a:27:6c:c8:32:7b:db:
                    d5:91:40:66:76:1a:52:2c:bd:70:db:51:b1:6f:53:
                    de:b4:28:69:94:e5:7b:f2:be:6f:43:14:78:f8:2b:
                    fe:72:55:bb:9f:cb:39:60:4d:83:3d:8c:82:71:8b:
                    d1:93:bd:0a:d0:e7:1c:80:5b:18:37:2f:ed:ec:a2:
                    83:1b:f0:0e:81:6c:78:5c:bb:b1:c4:4f:f8:05:b9:
                    b9:d7:06:fb:10:22:48:34:8d:3d:b8:c3:d8:6e:7d:
                    f8:1f:41:fa:e4:63:fe:2b:0d:1e:e4:10:7a:b9:66:
                    1d:f9:06:9e:cf:24:42:2f:08:c9:12:a3:77:94:d3:
                    05:99:bb:51:b0:94:05:f1:50:d7:a7:b7:a2:89:02:
                    7c:0b:d6:0e:6e:ea:72:7d:cb:3e:6f:a5:47:dc:36:
                    2b:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:D1:D5:4D:2B:F3:1E:BE:FA:94:07:85:53:F5:76:7B:E8:CB:90:38
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/71401cb3-2aa6-4e1b-b456-75a1023ce63a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:db:f2:c9:ee:8f:f9:5a:2b:74:b4:9b:28:11:ea:75:f8:c8:
         ec:64:6e:65:fd:5f:89:64:fd:14:e4:86:fb:32:45:0a:35:6a:
         ca:43:75:2c:29:be:6e:1d:40:94:8d:f2:ff:17:5d:a6:12:06:
         99:e9:77:fd:11:2a:bd:66:56:75:df:d7:d7:7a:d7:48:64:f6:
         23:2f:27:eb:ed:5d:be:0c:5e:fa:5c:e2:de:f5:7b:d4:35:cc:
         a4:ed:32:d4:49:90:93:e6:1c:b2:e3:f9:0e:1e:34:e1:80:76:
         84:ca:8a:79:30:56:83:fd:c6:d2:49:b4:b4:38:01:b9:9e:ef:
         c5:9e:31:3a:2e:ed:e6:7e:94:a7:db:84:b3:a8:20:d2:85:1c:
         41:07:ad:bc:ed:74:4c:df:22:a5:4f:12:6b:74:a3:d0:1e:4a:
         83:9e:10:cf:77:ec:ec:5f:22:f0:12:6c:38:b3:df:b5:7b:a1:
         40:e6:66:b5:9b:17:d1:4d:ed:a0:45:04:4b:df:36:15:37:33:
         b8:81:09:85:79:e5:be:8f:02:08:45:2f:4f:3b:57:b3:65:6d:
         0f:05:4e:72:79:48:b0:e7:47:c3:a5:3c:86:06:8c:a6:30:83:
         b6:86:a8:67:0d:27:a0:a5:df:d4:b8:b5:7c:4a:b3:bf:d1:bb:
         bd:cd:9c:e3
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUH/JBCaRXsqOuyE+aZH5iM6F/BXAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDI2MDAwMDAwWhcNMjMwNDI5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMjI2Y2Q0ZWFiOTU1MTZkYTI4YTFjNjk2ZWQ5NjI2ZGIy
ZmUxMmNmN2MzMDY0NGU2NDJlNjFhNDgxODU1MDJhMjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMRJRiVryhhWx6A3+TN7YQSkAPdbUaqkjNkq/oD+6P2pwhzYckwr
liLHLNA96XJzYiRFKl6jnuDR//HydWs7B2Y2PxrqjrpicvnvAwjzr/krUbz0OBnV
Qq5dUcoNqCVA1LI6J2zIMnvb1ZFAZnYaUiy9cNtRsW9T3rQoaZTle/K+b0MUePgr
/nJVu5/LOWBNgz2MgnGL0ZO9CtDnHIBbGDcv7eyigxvwDoFseFy7scRP+AW5udcG
+xAiSDSNPbjD2G59+B9B+uRj/isNHuQQerlmHfkGns8kQi8IyRKjd5TTBZm7UbCU
BfFQ16e3ookCfAvWDm7qcn3LPm+lR9w2K60CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRt0dVNK/MevvqUB4VT9XZ76MuQODAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNzE0MDFjYjMtMmFhNi00ZTFiLWI0NTYtNzVhMTAyM2NlNjNhLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJTb8snuj/laK3S0
mygR6nX4yOxkbmX9X4lk/RTkhvsyRQo1aspDdSwpvm4dQJSN8v8XXaYSBpnpd/0R
Kr1mVnXf19d610hk9iMvJ+vtXb4MXvpc4t71e9Q1zKTtMtRJkJPmHLLj+Q4eNOGA
doTKinkwVoP9xtJJtLQ4Abme78WeMTou7eZ+lKfbhLOoINKFHEEHrbztdEzfIqVP
Emt0o9AeSoOeEM937OxfIvASbDiz37V7oUDmZrWbF9FN7aBFBEvfNhU3M7iBCYV5
5b6PAghFL087V7NlbQ8FTnJ5SLDnR8OlPIYGjKYwg7aGqGcNJ6Cl39S4tXxKs7/R
u73NnOM=
-----END CERTIFICATE-----