Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7b3ef9d2-73d4-442b-b348-1ea7a6e99899.roa
File:                     7b3ef9d2-73d4-442b-b348-1ea7a6e99899.roa (raw, json)
Hash identifier:          AwioxmhJsuDiD3acCC/wzyjeCrjmXy5WdVoad0U/mRo=
Subject key identifier:   26:BD:22:6E:A1:34:0B:05:22:46:0C:74:37:DD:8C:03:C4:A7:E1:64
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       28B146EEB0B74416BCB0CE0A766AF8C673861F2A
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7b3ef9d2-73d4-442b-b348-1ea7a6e99899.roa
Signing time:             Wed 29 Mar 2023 00:00:00 +0000
ROA not before:           Wed 29 Mar 2023 00:00:00 +0000
ROA not after:            Sat 01 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:b1:46:ee:b0:b7:44:16:bc:b0:ce:0a:76:6a:f8:c6:73:86:1f:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 29 00:00:00 2023 GMT
            Not After : Apr  1 23:59:59 2023 GMT
        Subject: serialNumber=2a0a41f2116264841959ca6fd59075033f5344f939d1ff13eb58e5299b0726ea, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:5a:2f:4b:2e:e8:d2:b7:bf:3d:5f:d3:e7:51:
                    88:40:28:fe:9b:df:47:b3:f4:62:6f:ad:fe:8f:c4:
                    ca:c7:00:8e:65:90:04:54:05:74:25:49:28:63:cc:
                    a2:67:f3:4d:8e:0d:e4:75:7f:41:10:5a:55:f5:6b:
                    ed:99:9c:af:70:e4:a5:e2:3d:8d:2f:99:59:c3:a6:
                    3f:7a:99:71:eb:c6:3d:33:90:ec:e0:63:b3:36:e3:
                    3d:47:4f:a1:13:1b:bf:7c:aa:d7:98:cb:24:06:28:
                    84:f3:34:dd:e4:cc:2c:bd:34:12:b4:d5:2a:d5:51:
                    9f:b3:bb:27:91:2b:84:c8:07:e3:ba:af:0a:f6:b9:
                    eb:7c:f2:45:0d:0d:99:76:3f:fb:42:6b:c0:3e:14:
                    54:b8:76:b0:7e:0b:7d:27:9f:45:72:7c:69:be:e4:
                    08:9e:ac:de:7b:eb:d3:f0:6a:1b:de:dc:1c:2f:11:
                    9b:0e:29:ca:07:a7:c0:22:60:32:0a:ca:7d:6e:41:
                    db:c7:5b:4b:87:8d:6f:02:0f:40:a3:26:ff:47:0f:
                    fd:6b:9f:7d:ed:99:7f:ce:7a:dd:e4:7a:58:33:1c:
                    8e:c7:18:b4:79:5e:3f:c2:32:f2:45:9a:08:31:fc:
                    64:0f:37:2a:bd:5b:df:32:27:b8:42:03:58:6c:a8:
                    fa:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:BD:22:6E:A1:34:0B:05:22:46:0C:74:37:DD:8C:03:C4:A7:E1:64
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7b3ef9d2-73d4-442b-b348-1ea7a6e99899.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:f9:90:0f:fb:d6:b9:e0:03:28:dd:e6:45:91:d6:53:1c:59:
         24:8f:61:78:9b:fe:1c:6d:e7:9d:ee:63:3a:f3:ae:3c:94:54:
         03:0b:65:0e:a7:4f:7e:de:68:46:9e:ec:7b:98:42:83:15:0b:
         1f:50:1b:31:a9:f9:9b:fb:4c:b2:af:08:a9:ce:a2:b9:4f:41:
         1c:26:b8:55:d1:38:9e:9c:08:85:8e:0b:e6:0f:4f:b6:16:16:
         f8:99:62:7a:b2:75:40:92:1c:d2:2b:d8:a9:7c:67:85:29:67:
         55:4e:f9:14:04:8f:0c:a6:b2:1e:60:f2:1a:36:17:e6:c1:b3:
         8e:9b:b9:fe:5f:dd:f4:bb:26:07:fb:1f:23:53:f1:ea:00:72:
         07:ae:5f:6b:cf:b4:f6:f4:b3:a9:ba:12:a1:49:ad:d3:67:c4:
         9a:8b:80:b6:1f:46:b3:4b:9a:59:41:b3:46:ba:ed:01:c1:18:
         4f:43:11:ca:82:48:23:30:f5:11:e6:8d:71:a1:56:36:2d:5f:
         2e:27:0d:db:42:52:b6:24:40:22:26:d1:08:cf:6c:09:d0:8c:
         6d:68:62:93:6c:e6:74:79:5b:52:33:81:97:58:44:e7:70:39:
         73:23:4a:9d:3c:d5:a0:f0:53:5a:27:03:b8:8b:34:54:12:e9:
         72:f1:42:6b
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUKLFG7rC3RBa8sM4Kdmr4xnOGHyowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzI5MDAwMDAwWhcNMjMwNDAxMjM1OTU5
WjCBpTFJMEcGA1UEBRNAMmEwYTQxZjIxMTYyNjQ4NDE5NTljYTZmZDU5MDc1MDMz
ZjUzNDRmOTM5ZDFmZjEzZWI1OGU1Mjk5YjA3MjZlYTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALdaL0su6NK3vz1f0+dRiEAo/pvfR7P0Ym+t/o/EyscAjmWQBFQF
dCVJKGPMomfzTY4N5HV/QRBaVfVr7Zmcr3DkpeI9jS+ZWcOmP3qZcevGPTOQ7OBj
szbjPUdPoRMbv3yq15jLJAYohPM03eTMLL00ErTVKtVRn7O7J5ErhMgH47qvCva5
63zyRQ0NmXY/+0JrwD4UVLh2sH4LfSefRXJ8ab7kCJ6s3nvr0/BqG97cHC8Rmw4p
ygenwCJgMgrKfW5B28dbS4eNbwIPQKMm/0cP/Wuffe2Zf8563eR6WDMcjscYtHle
P8Iy8kWaCDH8ZA83Kr1b3zInuEIDWGyo+jUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQmvSJuoTQLBSJGDHQ33YwDxKfhZDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvN2IzZWY5ZDItNzNkNC00NDJiLWIzNDgtMWVhN2E2ZTk5ODk5LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAG35kA/71rngAyjd
5kWR1lMcWSSPYXib/hxt553uYzrzrjyUVAMLZQ6nT37eaEae7HuYQoMVCx9QGzGp
+Zv7TLKvCKnOorlPQRwmuFXROJ6cCIWOC+YPT7YWFviZYnqydUCSHNIr2Kl8Z4Up
Z1VO+RQEjwymsh5g8ho2F+bBs46buf5f3fS7Jgf7HyNT8eoAcgeuX2vPtPb0s6m6
EqFJrdNnxJqLgLYfRrNLmllBs0a67QHBGE9DEcqCSCMw9RHmjXGhVjYtXy4nDdtC
UrYkQCIm0QjPbAnQjG1oYpNs5nR5W1IzgZdYROdwOXMjSp081aDwU1onA7iLNFQS
6XLxQms=
-----END CERTIFICATE-----