Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/74df3cee-3ddb-40bc-b94d-ccdba8fea78e.roa
File:                     74df3cee-3ddb-40bc-b94d-ccdba8fea78e.roa (raw, json)
Hash identifier:          c9tDC4a7UJFd+llOQAbeqJOWfbaLRlWwvekOxDD3kCk=
Subject key identifier:   68:26:D9:0B:CC:FD:D7:B7:9E:36:A3:37:09:85:A5:5D:DE:89:D3:BF
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       216AFC1B8B18B6E007C427A2383322671A8169F7
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/74df3cee-3ddb-40bc-b94d-ccdba8fea78e.roa
Signing time:             Mon 13 Mar 2023 00:00:00 +0000
ROA not before:           Mon 13 Mar 2023 00:00:00 +0000
ROA not after:            Thu 16 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:6a:fc:1b:8b:18:b6:e0:07:c4:27:a2:38:33:22:67:1a:81:69:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 13 00:00:00 2023 GMT
            Not After : Mar 16 23:59:59 2023 GMT
        Subject: serialNumber=fa0ff150f88bdb39e099dd94c5fe5779f05b44d95a6be34d3edc0124616fe64e, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:db:a1:80:f8:c7:a1:cc:b7:64:9b:7d:97:cc:
                    67:88:be:97:2b:77:76:eb:e2:29:b8:0e:ec:98:7e:
                    eb:c5:f7:b5:b0:8c:93:d9:7f:75:4d:e1:96:37:8c:
                    ab:82:87:a6:11:db:c4:f3:d5:aa:e0:61:37:3a:18:
                    36:3e:53:d7:8b:88:1e:f7:48:9b:fa:fd:69:d2:f7:
                    31:c4:30:22:4b:76:68:d3:d1:13:c0:1e:e9:bf:d4:
                    8e:8f:f4:58:ae:f4:eb:09:41:85:c6:4a:54:8a:96:
                    6f:30:c9:4b:64:a1:a0:7b:b8:63:03:9b:80:ae:fb:
                    4e:fc:c4:9f:bd:aa:44:e9:33:d4:ba:9a:69:90:ad:
                    2a:21:95:a3:7c:8a:a3:e1:df:89:16:ae:0b:4f:81:
                    e9:a3:23:d8:f0:23:ee:0e:77:00:a8:25:b4:3b:ef:
                    4e:37:86:bd:43:0f:af:a2:01:90:c6:09:93:c2:f4:
                    8a:07:05:6b:f3:87:c1:fb:fc:67:8a:22:df:86:15:
                    c1:5b:3a:9f:bb:db:1f:48:a7:78:8c:3f:2b:39:3c:
                    f5:75:b7:de:b4:cc:c5:06:0c:e7:67:3c:e6:57:53:
                    74:87:df:a6:81:25:2e:f0:0c:62:af:ce:da:15:bf:
                    b8:91:52:3f:b7:65:fb:c1:7e:bd:f6:b7:f0:d3:7a:
                    71:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:26:D9:0B:CC:FD:D7:B7:9E:36:A3:37:09:85:A5:5D:DE:89:D3:BF
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/74df3cee-3ddb-40bc-b94d-ccdba8fea78e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:9b:eb:ee:cf:b9:66:b2:bf:3a:72:5d:40:14:e0:d2:c1:c2:
         2f:47:1f:30:a4:6a:9e:c6:59:cc:3c:1a:fe:c4:c0:dc:ec:8a:
         89:e4:73:df:32:bb:b5:a0:d3:a1:c3:e2:84:e4:77:73:d2:4d:
         61:b7:1a:2e:87:51:06:bb:64:4a:88:b1:9b:db:03:e6:4a:0c:
         6b:66:42:f5:85:f1:99:0d:50:6f:f3:61:78:02:8e:e4:ea:5b:
         90:6b:03:80:6d:89:05:a0:2b:fa:b8:96:9d:ad:83:1a:95:90:
         59:45:60:cc:9a:39:d5:d4:52:c8:dd:3a:98:da:3f:0b:fa:b7:
         a1:d9:9f:26:26:d0:d3:78:03:07:a0:e3:1e:03:89:bc:bc:ce:
         f6:37:63:43:b0:e6:0d:cd:6d:1f:53:94:e7:f9:e1:a7:95:5e:
         89:9c:e3:2b:0e:3b:2e:5c:d6:b1:1f:f3:54:4f:52:12:08:f4:
         2f:18:1b:8a:d7:c3:00:20:c2:12:03:81:fb:d8:87:c8:75:6e:
         8c:92:82:b6:58:2d:3f:d0:14:3e:e7:1c:6a:da:89:cd:64:db:
         d1:07:2c:d4:a1:29:fc:0f:8d:45:60:a0:ae:66:32:64:e9:d3:
         bb:5c:89:c6:69:66:bb:af:55:50:48:0c:05:3b:33:cf:b2:48:
         79:47:88:c9
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUIWr8G4sYtuAHxCeiODMiZxqBafcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzEzMDAwMDAwWhcNMjMwMzE2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZmEwZmYxNTBmODhiZGIzOWUwOTlkZDk0YzVmZTU3Nzlm
MDViNDRkOTVhNmJlMzRkM2VkYzAxMjQ2MTZmZTY0ZTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANPboYD4x6HMt2SbfZfMZ4i+lyt3duviKbgO7Jh+68X3tbCMk9l/
dU3hljeMq4KHphHbxPPVquBhNzoYNj5T14uIHvdIm/r9adL3McQwIkt2aNPRE8Ae
6b/Ujo/0WK706wlBhcZKVIqWbzDJS2ShoHu4YwObgK77TvzEn72qROkz1LqaaZCt
KiGVo3yKo+HfiRauC0+B6aMj2PAj7g53AKgltDvvTjeGvUMPr6IBkMYJk8L0igcF
a/OHwfv8Z4oi34YVwVs6n7vbH0ineIw/Kzk89XW33rTMxQYM52c85ldTdIffpoEl
LvAMYq/O2hW/uJFSP7dl+8F+vfa38NN6cRsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRoJtkLzP3Xt542ozcJhaVd3onTvzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNzRkZjNjZWUtM2RkYi00MGJjLWI5NGQtY2NkYmE4ZmVhNzhlLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJeb6+7PuWayvzpy
XUAU4NLBwi9HHzCkap7GWcw8Gv7EwNzsionkc98yu7Wg06HD4oTkd3PSTWG3Gi6H
UQa7ZEqIsZvbA+ZKDGtmQvWF8ZkNUG/zYXgCjuTqW5BrA4BtiQWgK/q4lp2tgxqV
kFlFYMyaOdXUUsjdOpjaPwv6t6HZnyYm0NN4Aweg4x4Diby8zvY3Y0Ow5g3NbR9T
lOf54aeVXomc4ysOOy5c1rEf81RPUhII9C8YG4rXwwAgwhIDgfvYh8h1boySgrZY
LT/QFD7nHGraic1k29EHLNShKfwPjUVgoK5mMmTp07tcicZpZruvVVBIDAU7M8+y
SHlHiMk=
-----END CERTIFICATE-----