Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7b2a854c-d41e-4ea0-aedd-402e3ac06ed3.roa
File:                     7b2a854c-d41e-4ea0-aedd-402e3ac06ed3.roa (raw, json)
Hash identifier:          XgyAHKXJalZFYzmo+Z0YPJcIKWaSDAEaj6ezN32TxGk=
Subject key identifier:   49:67:34:73:DD:D2:6E:31:02:B2:F6:A7:50:C3:61:88:44:D6:47:34
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       2816D831DE3EC9A97E4669C46DBCB7DB4DD4D901
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7b2a854c-d41e-4ea0-aedd-402e3ac06ed3.roa
Signing time:             Thu 23 Feb 2023 00:00:00 +0000
ROA not before:           Thu 23 Feb 2023 00:00:00 +0000
ROA not after:            Sun 26 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:16:d8:31:de:3e:c9:a9:7e:46:69:c4:6d:bc:b7:db:4d:d4:d9:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 23 00:00:00 2023 GMT
            Not After : Feb 26 23:59:59 2023 GMT
        Subject: serialNumber=474b0354fed9747c2941bb68f46bc2bea14aafdde1a3d5c14128696231015624, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:21:71:c2:06:82:34:97:bf:af:f2:c4:ed:fa:
                    ca:bd:a9:16:60:9a:0b:20:45:54:d6:f3:c6:d8:d2:
                    aa:6e:72:2f:7e:1d:2e:ff:ee:3e:2b:38:de:70:d1:
                    24:62:8a:81:55:45:c0:d4:3f:fb:9b:5c:d7:d3:d3:
                    48:28:d1:9a:b9:f3:79:b6:b9:38:f0:8d:9c:77:ba:
                    94:6b:db:47:95:ed:72:6b:a0:55:47:01:a7:24:fd:
                    cd:db:b4:53:7a:30:e7:8a:bd:0e:f2:22:ee:69:03:
                    72:98:44:2a:74:68:bd:49:92:65:32:ed:7f:63:50:
                    c2:ce:76:af:50:e6:c7:fe:6e:6b:21:fa:b1:99:0b:
                    32:6f:c2:27:56:f1:ac:02:c8:4c:28:03:62:dc:07:
                    4b:4c:fa:32:c2:cc:e5:1d:12:95:8b:4c:95:42:77:
                    b0:81:fa:2b:7f:9f:fe:94:c3:d9:22:15:b1:74:83:
                    1d:8e:2b:43:c1:b5:4f:8d:46:a4:d9:ad:ae:98:2e:
                    1d:d2:3d:56:92:d3:3c:5d:ed:fd:c5:2e:bf:8d:a3:
                    99:96:19:8b:53:3a:5c:0a:fe:1d:7c:08:d4:89:86:
                    a8:a6:3e:e6:67:a7:7a:62:92:0f:72:0c:73:50:d8:
                    62:5a:3c:bf:77:cb:c7:02:24:33:7e:32:cd:6f:56:
                    3d:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:67:34:73:DD:D2:6E:31:02:B2:F6:A7:50:C3:61:88:44:D6:47:34
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7b2a854c-d41e-4ea0-aedd-402e3ac06ed3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:1c:d4:ae:a5:25:a7:31:e3:16:86:27:bc:0d:83:8c:15:97:
         50:3f:c4:12:a8:70:28:0b:0a:c4:19:a0:cd:5f:00:f9:f5:6c:
         01:65:26:31:d7:ef:17:28:ad:c7:b3:58:97:0f:d8:fe:f2:ce:
         d9:44:5d:80:eb:77:a5:60:bd:1e:56:e5:49:d3:33:96:eb:17:
         ad:35:17:41:28:f8:51:10:ca:1b:7c:ae:ce:e3:3e:5d:a7:5b:
         63:c7:10:8c:89:4b:31:c0:2f:c6:89:0d:3f:07:0d:ee:a0:38:
         b1:b7:2f:74:a5:40:cc:82:5a:84:fa:12:3d:3b:58:0c:31:77:
         ef:f9:18:07:6e:8a:52:a9:65:6b:35:9f:d1:fb:20:f5:c2:fa:
         58:a8:1c:62:7b:99:f9:1f:ee:93:c1:e0:3a:fe:25:a7:fc:7f:
         93:ac:5a:f7:79:f1:b2:90:1c:39:43:ab:13:78:46:63:d1:50:
         40:43:fb:37:58:e7:fe:95:ec:a4:b6:04:f6:95:aa:28:b7:dd:
         5d:12:73:53:9b:11:22:dc:1e:a0:d2:97:e2:56:9e:68:60:02:
         f2:c5:56:a3:3f:8d:3a:e9:60:39:0f:75:2c:73:a9:2e:9b:b2:
         7f:af:0d:04:1b:cd:77:1c:aa:43:9c:b0:19:fb:12:16:5a:d4:
         7a:86:6f:2d
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUKBbYMd4+yal+RmnEbby3203U2QEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjIzMDAwMDAwWhcNMjMwMjI2MjM1OTU5
WjCBpTFJMEcGA1UEBRNANDc0YjAzNTRmZWQ5NzQ3YzI5NDFiYjY4ZjQ2YmMyYmVh
MTRhYWZkZGUxYTNkNWMxNDEyODY5NjIzMTAxNTYyNDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALIhccIGgjSXv6/yxO36yr2pFmCaCyBFVNbzxtjSqm5yL34dLv/u
Pis43nDRJGKKgVVFwNQ/+5tc19PTSCjRmrnzeba5OPCNnHe6lGvbR5XtcmugVUcB
pyT9zdu0U3ow54q9DvIi7mkDcphEKnRovUmSZTLtf2NQws52r1Dmx/5uayH6sZkL
Mm/CJ1bxrALITCgDYtwHS0z6MsLM5R0SlYtMlUJ3sIH6K3+f/pTD2SIVsXSDHY4r
Q8G1T41GpNmtrpguHdI9VpLTPF3t/cUuv42jmZYZi1M6XAr+HXwI1ImGqKY+5men
emKSD3IMc1DYYlo8v3fLxwIkM34yzW9WPdkCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRJZzRz3dJuMQKy9qdQw2GIRNZHNDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvN2IyYTg1NGMtZDQxZS00ZWEwLWFlZGQtNDAyZTNhYzA2ZWQzLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADcc1K6lJacx4xaG
J7wNg4wVl1A/xBKocCgLCsQZoM1fAPn1bAFlJjHX7xcorcezWJcP2P7yztlEXYDr
d6VgvR5W5UnTM5brF601F0Eo+FEQyht8rs7jPl2nW2PHEIyJSzHAL8aJDT8HDe6g
OLG3L3SlQMyCWoT6Ej07WAwxd+/5GAduilKpZWs1n9H7IPXC+lioHGJ7mfkf7pPB
4Dr+Jaf8f5OsWvd58bKQHDlDqxN4RmPRUEBD+zdY5/6V7KS2BPaVqii33V0Sc1Ob
ESLcHqDSl+JWnmhgAvLFVqM/jTrpYDkPdSxzqS6bsn+vDQQbzXccqkOcsBn7EhZa
1HqGby0=
-----END CERTIFICATE-----