Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7a255e88-4920-41e5-939f-a2068a7f0dfa.roa
File:                     7a255e88-4920-41e5-939f-a2068a7f0dfa.roa (raw, json)
Hash identifier:          dXHss9s69vQSdQMT4FOH3lQ5w4nc0TFu4mGNwExqQ/E=
Subject key identifier:   C9:1A:80:03:9F:77:BC:E6:F1:DA:F3:FC:54:37:EE:68:16:31:BF:E6
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       2B2810C5B71907B7D9DA2F806F44474FFC32AEAF
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7a255e88-4920-41e5-939f-a2068a7f0dfa.roa
Signing time:             Thu 23 Mar 2023 00:00:00 +0000
ROA not before:           Thu 23 Mar 2023 00:00:00 +0000
ROA not after:            Sun 26 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:28:10:c5:b7:19:07:b7:d9:da:2f:80:6f:44:47:4f:fc:32:ae:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 23 00:00:00 2023 GMT
            Not After : Mar 26 23:59:59 2023 GMT
        Subject: serialNumber=bb183cd5c4c455285c11a4c4cb69ddef21934a38c9a57e601237239d84e82c1e, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:19:99:d1:cb:aa:c1:af:37:7e:2a:a2:05:88:
                    2c:20:45:32:2f:70:d4:c4:fa:8d:6b:66:10:7a:d8:
                    e7:48:be:e8:50:6c:fc:a6:f9:9b:76:e2:f6:59:49:
                    15:37:b6:56:13:15:6d:7c:8d:b8:82:1d:39:89:ad:
                    57:f9:64:1d:62:c6:00:7a:6f:80:af:b6:be:1a:63:
                    cd:32:59:77:a5:97:c6:57:0f:fd:aa:fb:03:ba:4f:
                    69:32:97:b7:27:f7:e1:da:b9:5e:35:65:f3:95:03:
                    0c:69:bd:ed:26:19:5a:8c:2c:2f:32:ab:5a:74:4c:
                    3c:76:e7:12:8e:bf:e9:86:4c:82:82:1c:43:f6:e4:
                    71:84:6e:59:16:2c:15:6d:d7:49:71:b2:44:c2:e7:
                    76:c6:01:13:f0:e2:18:3a:a1:ad:29:8c:9f:40:37:
                    cb:4a:ad:f7:6b:03:4b:30:d0:fc:ab:56:84:e8:a1:
                    c7:cc:ca:7d:01:55:89:3c:f4:d2:bf:18:8b:9e:06:
                    94:eb:8e:d8:3a:92:7a:de:86:07:92:7d:7f:30:f2:
                    2a:f3:04:ca:62:d7:0e:99:77:d1:83:08:f5:dc:a1:
                    61:e0:f1:4f:cc:26:a9:50:bb:d9:26:da:1d:22:03:
                    92:9a:54:92:9d:c0:11:f1:64:a6:a4:70:5b:c2:38:
                    37:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:1A:80:03:9F:77:BC:E6:F1:DA:F3:FC:54:37:EE:68:16:31:BF:E6
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7a255e88-4920-41e5-939f-a2068a7f0dfa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:c2:6b:18:cc:31:87:77:a0:43:5f:b0:21:7c:34:09:7d:71:
         7a:29:fe:1d:76:22:59:d4:fe:7d:c8:22:92:ac:bf:23:11:2c:
         1a:3f:18:48:8c:bf:90:be:b9:10:75:23:15:a4:af:16:02:45:
         b9:5d:8d:e7:73:40:77:1d:56:da:79:39:d0:e5:ca:14:74:09:
         e2:99:e1:2f:6f:13:85:87:68:c1:ea:1e:f7:f8:21:ae:6b:1c:
         3a:5b:83:60:2d:49:42:2e:12:c5:6c:cb:13:ca:5f:4e:e8:e3:
         82:c9:7d:fa:48:92:d7:7a:3a:66:dc:25:b5:d5:a9:58:91:fa:
         dd:3e:b2:f7:a6:54:a2:b6:b9:09:42:a5:e6:09:bd:9a:14:b3:
         b3:0d:4d:61:72:1b:8f:41:ee:47:c3:48:10:a5:d3:e0:f0:14:
         a1:cd:d4:db:29:0f:35:97:be:fd:32:79:d5:34:e5:c8:d1:a8:
         f7:68:e8:27:d0:27:ba:02:78:93:41:3e:8d:39:42:28:fb:29:
         0a:18:51:47:74:4a:2b:46:6d:aa:4b:68:9c:59:90:d5:f5:99:
         19:38:72:18:a1:25:75:fc:a0:c4:4f:c5:03:a0:c9:2d:dc:69:
         91:6c:2c:c3:3d:43:db:21:b3:bb:dd:2d:cd:0e:7a:83:28:97:
         5f:4b:56:88
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUKygQxbcZB7fZ2i+Ab0RHT/wyrq8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzIzMDAwMDAwWhcNMjMwMzI2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYmIxODNjZDVjNGM0NTUyODVjMTFhNGM0Y2I2OWRkZWYy
MTkzNGEzOGM5YTU3ZTYwMTIzNzIzOWQ4NGU4MmMxZTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJ4ZmdHLqsGvN34qogWILCBFMi9w1MT6jWtmEHrY50i+6FBs/Kb5
m3bi9llJFTe2VhMVbXyNuIIdOYmtV/lkHWLGAHpvgK+2vhpjzTJZd6WXxlcP/ar7
A7pPaTKXtyf34dq5XjVl85UDDGm97SYZWowsLzKrWnRMPHbnEo6/6YZMgoIcQ/bk
cYRuWRYsFW3XSXGyRMLndsYBE/DiGDqhrSmMn0A3y0qt92sDSzDQ/KtWhOihx8zK
fQFViTz00r8Yi54GlOuO2DqSet6GB5J9fzDyKvMEymLXDpl30YMI9dyhYeDxT8wm
qVC72SbaHSIDkppUkp3AEfFkpqRwW8I4N/cCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTJGoADn3e85vHa8/xUN+5oFjG/5jAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvN2EyNTVlODgtNDkyMC00MWU1LTkzOWYtYTIwNjhhN2YwZGZhLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAALCaxjMMYd3oENf
sCF8NAl9cXop/h12IlnU/n3IIpKsvyMRLBo/GEiMv5C+uRB1IxWkrxYCRbldjedz
QHcdVtp5OdDlyhR0CeKZ4S9vE4WHaMHqHvf4Ia5rHDpbg2AtSUIuEsVsyxPKX07o
44LJffpIktd6OmbcJbXVqViR+t0+svemVKK2uQlCpeYJvZoUs7MNTWFyG49B7kfD
SBCl0+DwFKHN1NspDzWXvv0yedU05cjRqPdo6CfQJ7oCeJNBPo05Qij7KQoYUUd0
SitGbapLaJxZkNX1mRk4chihJXX8oMRPxQOgyS3caZFsLMM9Q9shs7vdLc0OeoMo
l19LVog=
-----END CERTIFICATE-----