Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7de0dd1f-fea2-4350-aa30-fcc44d3ab272.roa
File:                     7de0dd1f-fea2-4350-aa30-fcc44d3ab272.roa (raw, json)
Hash identifier:          PQ0ox7ebIYvQ8wLpn/8EZwIgfYntViaeSJ0FC6dMT3Y=
Subject key identifier:   86:60:40:50:AB:B8:4B:7D:D8:47:D0:B3:A1:1A:52:B7:E9:B2:01:B2
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       39170E8B35BED04E4C06AB90F1E03A5838B7AA1E
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7de0dd1f-fea2-4350-aa30-fcc44d3ab272.roa
Signing time:             Sun 09 Apr 2023 00:00:00 +0000
ROA not before:           Sun 09 Apr 2023 00:00:00 +0000
ROA not after:            Wed 12 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:17:0e:8b:35:be:d0:4e:4c:06:ab:90:f1:e0:3a:58:38:b7:aa:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr  9 00:00:00 2023 GMT
            Not After : Apr 12 23:59:59 2023 GMT
        Subject: serialNumber=cfb42e2abda0aa1b674ee33b387feee1bb37b00aa6ed5717c2bb5fb295266057, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:b1:a2:e6:cf:7c:d0:8d:c8:43:8c:dc:30:84:
                    ac:53:65:4b:39:7f:d9:53:fc:a1:8f:80:a7:bc:9a:
                    ea:08:16:7a:f0:82:02:35:01:a0:39:e3:fc:17:93:
                    e9:33:4b:a6:ff:6a:78:2a:1d:18:44:05:d6:e5:4e:
                    cd:3d:96:cb:07:b0:57:09:9d:aa:91:88:3a:f5:cc:
                    b0:4d:46:80:9f:a6:36:d9:2c:36:0d:1b:e6:b4:fb:
                    76:17:e1:57:8d:8f:a9:2c:f1:dc:ed:1a:2c:7f:82:
                    bd:db:6a:ea:aa:36:67:10:fb:48:e1:33:81:d7:91:
                    fc:1c:95:c0:66:f1:9a:cc:b7:bd:de:2e:5e:39:b4:
                    61:bf:ec:73:a5:ab:9d:c3:23:2e:a5:ee:a8:5a:57:
                    93:01:21:c5:8b:09:59:5e:1a:a9:7a:c8:2d:21:a8:
                    61:51:00:2b:15:ce:42:e2:2e:b3:9d:26:2e:ed:bd:
                    95:b2:ab:c0:4d:1e:4c:85:8f:a3:13:15:2a:a0:ec:
                    aa:e4:cf:0a:ab:66:87:e5:5e:4b:63:26:7d:52:50:
                    bc:b1:15:cc:c2:59:61:d4:b3:03:72:1a:14:97:19:
                    f8:72:f3:ce:3d:40:0d:a6:1c:89:00:42:b4:38:fd:
                    1d:66:a1:df:db:85:95:d7:92:02:7b:b9:db:51:f3:
                    56:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:60:40:50:AB:B8:4B:7D:D8:47:D0:B3:A1:1A:52:B7:E9:B2:01:B2
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7de0dd1f-fea2-4350-aa30-fcc44d3ab272.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:cf:a3:a6:f0:ae:0d:5d:30:af:12:1f:4f:1b:f3:98:0a:7a:
         a9:2b:4f:45:11:5b:a0:1b:7b:41:82:7b:bb:99:01:05:b9:57:
         58:99:6f:27:99:42:b9:65:24:36:55:bb:7a:74:6c:f9:28:af:
         53:fa:b2:1e:2a:42:a6:11:90:8f:6e:6a:bf:63:e8:34:ca:4b:
         f7:71:e8:6e:5b:94:67:e2:bb:bf:4f:aa:fc:e1:b5:21:f4:5e:
         97:89:57:d0:e6:2f:3e:61:7e:8e:14:e0:ca:4c:36:9c:fb:16:
         db:58:ce:d6:db:3b:c7:07:d4:8c:27:7f:93:8c:50:2d:7f:47:
         25:46:c3:3f:3b:94:18:e0:eb:f0:56:ee:63:a5:10:92:f2:ca:
         2d:77:e2:c7:2b:8c:3d:56:30:e5:19:7c:a7:f3:c0:c6:07:41:
         8e:4b:cc:70:6d:50:14:6e:cc:0e:4f:cf:91:a4:63:72:74:d6:
         64:d3:ce:39:53:3c:87:81:bc:d0:dd:aa:90:c0:d2:55:51:62:
         d3:43:b0:44:b3:aa:ae:00:bd:08:fb:20:c7:99:42:8d:3f:40:
         1e:73:d4:7c:24:e1:a7:ab:ea:ce:1c:b0:90:a4:c0:3c:d0:03:
         cc:c2:e8:27:00:31:e0:8d:57:1f:82:91:14:6f:27:32:d3:f7:
         90:3c:b9:c2
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUORcOizW+0E5MBquQ8eA6WDi3qh4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDA5MDAwMDAwWhcNMjMwNDEyMjM1OTU5
WjCBpTFJMEcGA1UEBRNAY2ZiNDJlMmFiZGEwYWExYjY3NGVlMzNiMzg3ZmVlZTFi
YjM3YjAwYWE2ZWQ1NzE3YzJiYjVmYjI5NTI2NjA1NzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMGxoubPfNCNyEOM3DCErFNlSzl/2VP8oY+Ap7ya6ggWevCCAjUB
oDnj/BeT6TNLpv9qeCodGEQF1uVOzT2WywewVwmdqpGIOvXMsE1GgJ+mNtksNg0b
5rT7dhfhV42PqSzx3O0aLH+Cvdtq6qo2ZxD7SOEzgdeR/ByVwGbxmsy3vd4uXjm0
Yb/sc6WrncMjLqXuqFpXkwEhxYsJWV4aqXrILSGoYVEAKxXOQuIus50mLu29lbKr
wE0eTIWPoxMVKqDsquTPCqtmh+VeS2MmfVJQvLEVzMJZYdSzA3IaFJcZ+HLzzj1A
DaYciQBCtDj9HWah39uFldeSAnu521HzVo0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSGYEBQq7hLfdhH0LOhGlK36bIBsjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvN2RlMGRkMWYtZmVhMi00MzUwLWFhMzAtZmNjNDRkM2FiMjcyLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABnPo6bwrg1dMK8S
H08b85gKeqkrT0URW6Abe0GCe7uZAQW5V1iZbyeZQrllJDZVu3p0bPkor1P6sh4q
QqYRkI9uar9j6DTKS/dx6G5blGfiu79PqvzhtSH0XpeJV9DmLz5hfo4U4MpMNpz7
FttYztbbO8cH1Iwnf5OMUC1/RyVGwz87lBjg6/BW7mOlEJLyyi134scrjD1WMOUZ
fKfzwMYHQY5LzHBtUBRuzA5Pz5GkY3J01mTTzjlTPIeBvNDdqpDA0lVRYtNDsESz
qq4AvQj7IMeZQo0/QB5z1Hwk4aer6s4csJCkwDzQA8zC6CcAMeCNVx+CkRRvJzLT
95A8ucI=
-----END CERTIFICATE-----