Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7d52f8d5-1a9a-4e1b-99a7-5f2b14c5f2a3.roa
File:                     7d52f8d5-1a9a-4e1b-99a7-5f2b14c5f2a3.roa (raw, json)
Hash identifier:          3KdUlvVYRLTUAFT5RZJ2IG8MJ8TatnL6rwRM1Z6VTX0=
Subject key identifier:   83:EF:72:54:A0:BE:9C:DE:68:F7:BD:B4:BA:3B:6B:6F:30:93:75:F1
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       1F24D4725AA2D6048F9AFC8C7A8D0B23CF083809
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7d52f8d5-1a9a-4e1b-99a7-5f2b14c5f2a3.roa
Signing time:             Fri 17 Mar 2023 00:00:00 +0000
ROA not before:           Fri 17 Mar 2023 00:00:00 +0000
ROA not after:            Mon 20 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:24:d4:72:5a:a2:d6:04:8f:9a:fc:8c:7a:8d:0b:23:cf:08:38:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 17 00:00:00 2023 GMT
            Not After : Mar 20 23:59:59 2023 GMT
        Subject: serialNumber=ac13af53537af80d347e3da34d08a1456f95b7ef9fee24108f241644be78575a, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:fb:5f:d0:c5:63:49:02:14:bc:7e:3c:f3:97:
                    5b:b8:37:a8:db:f4:18:71:c5:90:47:36:99:0c:0b:
                    73:7a:e0:82:eb:e3:67:34:e6:26:d5:f5:08:6e:bb:
                    2e:53:89:34:5b:46:33:5b:f7:2e:d8:22:3d:88:b6:
                    83:9c:6f:f4:8b:36:b0:ce:2e:ef:96:ac:d3:86:ec:
                    b6:0c:93:f7:73:71:e9:46:08:c8:3d:c9:a1:a3:72:
                    e9:a1:16:64:09:81:e9:9a:3c:ab:d7:7d:17:43:54:
                    e1:26:ca:e0:2c:4e:ff:65:1c:51:42:6b:e3:15:5a:
                    4e:2f:44:3f:ce:b2:3a:2d:62:a5:b9:6f:b1:98:47:
                    46:d2:95:02:60:1a:23:e8:3f:ea:04:3a:7b:5d:19:
                    c7:b0:4e:1c:f2:13:bb:e1:ba:f2:72:61:0a:08:45:
                    8f:7f:f4:ff:eb:c9:e1:2c:e6:d5:8b:86:d7:cb:92:
                    c7:80:d9:58:24:bb:fa:2a:68:f1:6f:4d:01:8e:68:
                    86:cf:33:62:f4:03:75:c7:28:b4:69:05:fe:d3:87:
                    2b:8c:8b:6b:58:b4:32:37:b9:d3:9f:81:01:f7:c8:
                    89:af:01:a0:2b:de:6d:88:ef:95:e4:58:46:24:04:
                    01:1f:b7:2e:22:82:14:fe:71:0f:96:4c:34:d1:4c:
                    b3:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:EF:72:54:A0:BE:9C:DE:68:F7:BD:B4:BA:3B:6B:6F:30:93:75:F1
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7d52f8d5-1a9a-4e1b-99a7-5f2b14c5f2a3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:1b:88:55:86:e3:4e:09:ec:b4:8c:47:fc:ea:93:76:8f:25:
         21:88:03:19:e2:b4:64:26:10:84:f2:0f:16:fa:af:03:0e:61:
         fc:dc:89:04:45:be:c6:06:e5:d4:61:40:ae:c2:6f:1f:a8:03:
         30:e7:89:ea:76:94:9d:e4:d8:76:9f:92:1f:29:26:d6:85:bc:
         e6:9f:c7:e0:4b:b9:b3:d5:fb:82:8d:61:2c:53:95:c9:6b:f1:
         96:cf:ea:ec:a5:c6:d5:55:96:40:67:d9:fe:3b:7f:ae:26:d8:
         2f:86:50:86:6d:31:12:84:f9:5e:36:f7:7e:90:a1:b5:1b:56:
         89:d3:c3:61:42:ce:6e:31:ce:c4:eb:37:61:dc:34:55:3f:c4:
         0d:df:0a:65:21:03:38:c3:51:40:d2:27:aa:0c:ad:af:af:77:
         e9:b9:75:f8:7f:4f:4e:30:23:32:26:8a:dd:ef:da:7c:37:c9:
         2e:d5:0d:15:8d:c0:cd:72:bd:6b:9a:6b:bf:f3:c0:22:30:6b:
         30:b6:cc:5e:8e:12:fa:12:9e:84:51:5b:95:a9:38:93:c4:60:
         00:65:ca:b1:6b:20:1d:17:71:53:03:e6:0b:71:8d:ab:2f:76:
         b2:bf:2c:d8:d3:8f:cf:46:50:15:9a:34:cd:37:ef:22:6e:56:
         74:75:6e:36
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUHyTUclqi1gSPmvyMeo0LI88IOAkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzE3MDAwMDAwWhcNMjMwMzIwMjM1OTU5
WjCBpTFJMEcGA1UEBRNAYWMxM2FmNTM1MzdhZjgwZDM0N2UzZGEzNGQwOGExNDU2
Zjk1YjdlZjlmZWUyNDEwOGYyNDE2NDRiZTc4NTc1YTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALX7X9DFY0kCFLx+PPOXW7g3qNv0GHHFkEc2mQwLc3rgguvjZzTm
JtX1CG67LlOJNFtGM1v3LtgiPYi2g5xv9Is2sM4u75as04bstgyT93Nx6UYIyD3J
oaNy6aEWZAmB6Zo8q9d9F0NU4SbK4CxO/2UcUUJr4xVaTi9EP86yOi1ipblvsZhH
RtKVAmAaI+g/6gQ6e10Zx7BOHPITu+G68nJhCghFj3/0/+vJ4Szm1YuG18uSx4DZ
WCS7+ipo8W9NAY5ohs8zYvQDdccotGkF/tOHK4yLa1i0Mje505+BAffIia8BoCve
bYjvleRYRiQEAR+3LiKCFP5xD5ZMNNFMs0ECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSD73JUoL6c3mj3vbS6O2tvMJN18TAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvN2Q1MmY4ZDUtMWE5YS00ZTFiLTk5YTctNWYyYjE0YzVmMmEzLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJ8biFWG404J7LSM
R/zqk3aPJSGIAxnitGQmEITyDxb6rwMOYfzciQRFvsYG5dRhQK7Cbx+oAzDniep2
lJ3k2Hafkh8pJtaFvOafx+BLubPV+4KNYSxTlclr8ZbP6uylxtVVlkBn2f47f64m
2C+GUIZtMRKE+V42936QobUbVonTw2FCzm4xzsTrN2HcNFU/xA3fCmUhAzjDUUDS
J6oMra+vd+m5dfh/T04wIzImit3v2nw3yS7VDRWNwM1yvWuaa7/zwCIwazC2zF6O
EvoSnoRRW5WpOJPEYABlyrFrIB0XcVMD5gtxjasvdrK/LNjTj89GUBWaNM037yJu
VnR1bjY=
-----END CERTIFICATE-----