Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7ca01e9a-1e77-4cc8-8af0-1d47515e3593.roa
File:                     7ca01e9a-1e77-4cc8-8af0-1d47515e3593.roa (raw, json)
Hash identifier:          omE7NVl9PqwqYnFJx+s3kM6MmBU2PLy/2d8js8EJ82s=
Subject key identifier:   DF:30:60:6A:4C:36:6D:7E:A7:82:EF:82:EB:EB:E4:72:AC:08:AB:D4
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       0CD8729365A1EE77270B8A176945F94388AB68DC
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7ca01e9a-1e77-4cc8-8af0-1d47515e3593.roa
Signing time:             Wed 10 May 2023 00:00:00 +0000
ROA not before:           Wed 10 May 2023 00:00:00 +0000
ROA not after:            Sat 13 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:d8:72:93:65:a1:ee:77:27:0b:8a:17:69:45:f9:43:88:ab:68:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 10 00:00:00 2023 GMT
            Not After : May 13 23:59:59 2023 GMT
        Subject: serialNumber=cd53edb7b9cda7de65a8da9be338e6448f7f8b56a68dfb4578dcf847f06d1aa1, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:88:98:e1:92:0d:ec:2f:fa:aa:bf:a2:dc:e4:
                    15:b1:b8:07:33:5a:6e:26:4e:cb:ef:9d:80:84:d6:
                    4a:68:4b:5d:47:14:09:8b:03:b0:10:7f:46:df:8a:
                    35:11:28:2f:f5:3f:a7:67:dc:d5:13:4f:bb:8d:3e:
                    90:f2:d8:5e:b5:fe:98:2f:d8:48:d7:5e:34:0b:3d:
                    3f:63:bf:3d:da:26:d6:70:45:66:57:ad:11:23:eb:
                    c8:04:b0:39:d1:a6:33:ef:a8:bc:c1:80:73:f5:6c:
                    d7:c3:52:88:5d:00:1e:4c:78:e3:bd:8a:c1:36:da:
                    d5:cb:9f:55:e6:58:4b:d1:9f:e0:35:b9:4c:09:7e:
                    4f:34:a8:99:e9:9b:02:b0:bb:b8:8d:e1:90:db:4d:
                    7d:8d:4e:02:30:14:2b:ce:aa:ff:d2:fc:a3:84:86:
                    4b:b0:a6:94:31:c9:ce:80:12:3f:a6:4e:cb:fb:26:
                    ca:5f:58:f6:45:65:5e:40:da:15:fa:05:98:68:93:
                    6c:ad:94:c7:da:44:46:82:30:c2:c6:e2:0d:a9:7c:
                    f0:13:a9:ca:d2:b2:d0:5c:b1:e5:b8:6c:ba:c9:eb:
                    51:ae:13:90:b0:90:31:c7:04:aa:6d:40:9f:be:ae:
                    0e:69:8d:df:4a:cb:6f:83:5a:1c:87:bb:a0:46:b0:
                    58:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:30:60:6A:4C:36:6D:7E:A7:82:EF:82:EB:EB:E4:72:AC:08:AB:D4
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7ca01e9a-1e77-4cc8-8af0-1d47515e3593.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:02:a8:17:52:1f:39:70:99:3a:59:a7:d9:aa:a2:ed:60:13:
         d8:93:40:23:ed:f9:c6:78:6b:b9:6c:b1:b3:06:8c:9c:a4:48:
         62:77:92:38:58:f2:47:79:62:23:f4:c3:be:72:56:0b:d0:57:
         8e:a4:07:a7:4e:4c:d1:7f:29:ab:18:1a:44:43:92:f7:1f:6c:
         1f:c4:8a:f4:ba:66:1c:3e:24:fa:64:17:de:a0:b9:61:a1:1c:
         21:36:4d:db:20:b2:88:8b:69:22:ef:fc:3b:63:e8:2b:f1:90:
         1f:13:7d:ac:c9:82:e0:ba:39:ce:70:9f:71:9c:01:02:07:76:
         cd:24:88:70:20:6c:b6:4d:c2:2a:5e:17:f7:b8:d3:32:d8:33:
         72:64:20:7f:06:48:7d:ff:2e:9f:0d:cf:a6:49:a0:45:33:89:
         1e:4e:33:a8:16:bf:0a:45:21:d9:d5:36:a0:30:63:4b:eb:32:
         1d:31:84:42:ce:fa:d0:19:2b:c5:b0:82:cf:fc:ca:83:01:82:
         aa:63:a8:ba:bc:09:a7:e4:f0:73:ca:0c:9a:24:19:36:7d:b9:
         2c:ba:57:2f:88:65:55:7f:8f:c6:ee:11:f2:e1:2a:7a:4b:f1:
         69:db:89:f5:ab:18:c3:dd:77:d9:f9:5c:e5:2d:3a:2b:2a:2f:
         b3:3b:c0:86
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUDNhyk2Wh7ncnC4oXaUX5Q4iraNwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTEwMDAwMDAwWhcNMjMwNTEzMjM1OTU5
WjCBpTFJMEcGA1UEBRNAY2Q1M2VkYjdiOWNkYTdkZTY1YThkYTliZTMzOGU2NDQ4
ZjdmOGI1NmE2OGRmYjQ1NzhkY2Y4NDdmMDZkMWFhMTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJGImOGSDewv+qq/otzkFbG4BzNabiZOy++dgITWSmhLXUcUCYsD
sBB/Rt+KNREoL/U/p2fc1RNPu40+kPLYXrX+mC/YSNdeNAs9P2O/Pdom1nBFZlet
ESPryASwOdGmM++ovMGAc/Vs18NSiF0AHkx4472KwTba1cufVeZYS9Gf4DW5TAl+
TzSomembArC7uI3hkNtNfY1OAjAUK86q/9L8o4SGS7CmlDHJzoASP6ZOy/smyl9Y
9kVlXkDaFfoFmGiTbK2Ux9pERoIwwsbiDal88BOpytKy0Fyx5bhsusnrUa4TkLCQ
MccEqm1An76uDmmN30rLb4NaHIe7oEawWNcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTfMGBqTDZtfqeC74Lr6+RyrAir1DAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvN2NhMDFlOWEtMWU3Ny00Y2M4LThhZjAtMWQ0NzUxNWUzNTkzLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACQCqBdSHzlwmTpZ
p9mqou1gE9iTQCPt+cZ4a7lssbMGjJykSGJ3kjhY8kd5YiP0w75yVgvQV46kB6dO
TNF/KasYGkRDkvcfbB/EivS6Zhw+JPpkF96guWGhHCE2TdsgsoiLaSLv/Dtj6Cvx
kB8TfazJguC6Oc5wn3GcAQIHds0kiHAgbLZNwipeF/e40zLYM3JkIH8GSH3/Lp8N
z6ZJoEUziR5OM6gWvwpFIdnVNqAwY0vrMh0xhELO+tAZK8Wwgs/8yoMBgqpjqLq8
Cafk8HPKDJokGTZ9uSy6Vy+IZVV/j8buEfLhKnpL8WnbifWrGMPdd9n5XOUtOisq
L7M7wIY=
-----END CERTIFICATE-----