Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/768202a9-d0f5-4f62-b217-7a1debbfc41d.roa
File:                     768202a9-d0f5-4f62-b217-7a1debbfc41d.roa (raw, json)
Hash identifier:          njEYJM7iMJLGL1NVjZkazM8qArOZwVX8z4kLIRjayUM=
Subject key identifier:   2C:AF:01:A2:73:88:17:DD:7A:AD:82:8E:34:23:48:E9:63:D4:9E:2C
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       271BC1ACDB21908D60C71B9E3B5E1E5CF5CF1EAE
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/768202a9-d0f5-4f62-b217-7a1debbfc41d.roa
Signing time:             Thu 16 Feb 2023 00:00:00 +0000
ROA not before:           Thu 16 Feb 2023 00:00:00 +0000
ROA not after:            Sun 19 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:1b:c1:ac:db:21:90:8d:60:c7:1b:9e:3b:5e:1e:5c:f5:cf:1e:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 16 00:00:00 2023 GMT
            Not After : Feb 19 23:59:59 2023 GMT
        Subject: serialNumber=7e6481e9b6cebfb3379354f09bfec986cff210204eee369919326addfc8d4e4b, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:d7:1d:8c:5f:64:6a:70:7e:d0:1c:f5:f1:2a:
                    ae:39:31:94:b8:5e:60:fa:76:af:e9:7d:ea:b6:ba:
                    d7:76:af:f0:d3:5d:cd:cd:2e:1f:f3:da:39:aa:14:
                    88:97:db:a4:e3:25:67:05:2d:d5:8f:c6:da:af:4c:
                    71:0f:2e:d7:d4:54:38:cb:84:89:3d:31:96:bf:12:
                    c7:f5:71:b3:2d:f6:be:18:b1:03:c3:cc:7d:4b:7c:
                    f6:e7:58:53:0f:68:c3:78:ae:e6:ef:89:96:95:e7:
                    9e:fc:e9:e0:66:45:0a:55:6f:c1:6d:6d:61:21:5d:
                    94:83:3c:2a:b2:e4:14:49:59:6c:11:de:e2:ec:f1:
                    3f:04:83:f1:86:bb:df:60:4e:8f:e4:0e:12:6a:7e:
                    d3:eb:53:0a:5a:8e:e4:4c:0d:ca:74:ad:c4:1c:bb:
                    37:c5:db:c6:89:32:3a:96:dd:74:9e:7b:f1:d0:cd:
                    e9:60:0e:30:6a:be:0d:9a:d9:15:12:de:0a:c7:4b:
                    7e:56:50:f6:98:71:c7:d8:33:35:1e:7f:a6:11:52:
                    d3:c7:7f:22:6c:15:e1:a3:d6:19:a5:0b:20:94:17:
                    d1:ab:16:82:e9:ed:3e:e7:9b:ac:74:2e:6c:80:04:
                    64:85:c7:70:37:7d:75:a0:a6:36:70:b4:95:6d:d6:
                    98:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:AF:01:A2:73:88:17:DD:7A:AD:82:8E:34:23:48:E9:63:D4:9E:2C
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/768202a9-d0f5-4f62-b217-7a1debbfc41d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:8b:72:14:ce:48:5a:c4:c0:de:2f:6e:44:2d:3d:e5:13:b1:
         93:ed:2d:b5:55:a3:b1:52:c9:3e:3c:94:f8:84:8f:d6:c5:16:
         c8:65:56:ce:70:e7:a0:9c:4f:71:49:92:d5:3f:74:29:b9:0a:
         0e:fd:cc:72:ba:9d:a3:61:92:ad:dd:d8:e6:c2:4e:47:a5:d1:
         7b:59:25:12:df:ea:3a:bf:1c:17:8e:02:f7:8b:f6:45:dc:dc:
         72:47:2c:de:79:5f:f1:d9:75:ea:df:6e:40:20:bd:14:4d:88:
         25:47:33:82:dc:ff:db:57:eb:77:76:45:99:bb:fd:34:75:ac:
         8a:2d:57:0b:54:88:ac:50:40:d8:85:d2:a0:cd:47:25:31:b2:
         7d:88:36:ea:b5:74:3c:b1:87:33:96:29:0e:e9:f5:10:12:72:
         1f:43:3c:97:0f:fa:e0:8f:e3:59:07:13:c8:54:0c:92:90:46:
         bf:de:5c:d4:d2:74:5b:04:b8:36:c7:b1:93:4d:bc:e0:38:14:
         bb:04:3b:76:4a:4b:39:c9:a9:7c:b1:49:6c:5a:73:7c:52:17:
         a2:6e:35:ba:87:32:34:b7:db:3c:39:c6:69:b2:f5:d0:ad:82:
         81:69:79:d3:82:60:47:f9:dc:75:e2:d2:b9:77:0e:87:63:10:
         73:17:52:95
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUJxvBrNshkI1gxxueO14eXPXPHq4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjE2MDAwMDAwWhcNMjMwMjE5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAN2U2NDgxZTliNmNlYmZiMzM3OTM1NGYwOWJmZWM5ODZj
ZmYyMTAyMDRlZWUzNjk5MTkzMjZhZGRmYzhkNGU0YjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJrXHYxfZGpwftAc9fEqrjkxlLheYPp2r+l96ra613av8NNdzc0u
H/PaOaoUiJfbpOMlZwUt1Y/G2q9McQ8u19RUOMuEiT0xlr8Sx/Vxsy32vhixA8PM
fUt89udYUw9ow3iu5u+JlpXnnvzp4GZFClVvwW1tYSFdlIM8KrLkFElZbBHe4uzx
PwSD8Ya732BOj+QOEmp+0+tTClqO5EwNynStxBy7N8XbxokyOpbddJ578dDN6WAO
MGq+DZrZFRLeCsdLflZQ9phxx9gzNR5/phFS08d/ImwV4aPWGaULIJQX0asWgunt
PuebrHQubIAEZIXHcDd9daCmNnC0lW3WmLUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQsrwGic4gX3Xqtgo40I0jpY9SeLDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNzY4MjAyYTktZDBmNS00ZjYyLWIyMTctN2ExZGViYmZjNDFkLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHqLchTOSFrEwN4v
bkQtPeUTsZPtLbVVo7FSyT48lPiEj9bFFshlVs5w56CcT3FJktU/dCm5Cg79zHK6
naNhkq3d2ObCTkel0XtZJRLf6jq/HBeOAveL9kXc3HJHLN55X/HZderfbkAgvRRN
iCVHM4Lc/9tX63d2RZm7/TR1rIotVwtUiKxQQNiF0qDNRyUxsn2INuq1dDyxhzOW
KQ7p9RASch9DPJcP+uCP41kHE8hUDJKQRr/eXNTSdFsEuDbHsZNNvOA4FLsEO3ZK
SznJqXyxSWxac3xSF6JuNbqHMjS32zw5xmmy9dCtgoFpedOCYEf53HXi0rl3Dodj
EHMXUpU=
-----END CERTIFICATE-----