Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8614acb4-6121-4bbb-beab-2a20f8ea488d.roa
File:                     8614acb4-6121-4bbb-beab-2a20f8ea488d.roa (raw, json)
Hash identifier:          zHaQpwrVDcMza3OSl1mU8b+ZVOTUsbfCOgKw7sDOYiU=
Subject key identifier:   B3:AC:BA:ED:4E:23:DB:3E:B7:8C:1C:E0:4A:C5:DD:2B:57:D4:17:6F
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       3E55CA072E322A6EB92F14FEF54C2F36C9C64A0A
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8614acb4-6121-4bbb-beab-2a20f8ea488d.roa
Signing time:             Fri 31 Mar 2023 00:00:00 +0000
ROA not before:           Fri 31 Mar 2023 00:00:00 +0000
ROA not after:            Mon 03 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:55:ca:07:2e:32:2a:6e:b9:2f:14:fe:f5:4c:2f:36:c9:c6:4a:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 31 00:00:00 2023 GMT
            Not After : Apr  3 23:59:59 2023 GMT
        Subject: serialNumber=c4318843ddcec10c09d863a3da5e6f8c5dc86ba92b81a42039854065f624316a, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:73:93:4f:c2:44:e0:f0:95:9f:6e:8e:f4:ea:
                    63:9d:b5:4b:5d:db:81:5a:b3:29:4e:6e:e2:7a:4c:
                    6b:6f:9c:05:2f:10:37:3e:83:1f:71:5f:17:83:fa:
                    f4:9c:9c:08:42:51:d1:3d:11:47:5b:28:b8:9a:18:
                    99:8c:35:24:8a:4d:e6:70:ba:16:a3:7c:9f:c3:46:
                    74:9a:27:26:00:69:07:cd:2d:f8:57:b2:ab:e1:7b:
                    55:67:2d:a6:56:d1:1a:05:a0:fd:b1:0b:17:fe:a0:
                    53:d0:cc:e0:59:4c:e5:30:ad:59:7d:c1:99:f1:82:
                    21:c4:6c:cf:8b:17:d6:47:a5:10:9e:10:1f:03:91:
                    78:49:04:21:66:40:46:02:b5:00:67:fe:4c:4f:66:
                    2b:26:85:01:66:c2:ba:f0:b4:27:f9:d9:7e:e1:e7:
                    7b:66:fb:d6:06:41:17:e9:f7:c5:83:1c:28:da:68:
                    5e:9d:92:2d:0d:fd:99:cd:0e:06:db:92:d7:82:33:
                    59:49:a1:db:1d:f4:23:43:fd:2c:58:49:cd:95:b5:
                    7a:1b:a3:d0:e9:99:98:16:7e:50:02:95:e0:e7:c4:
                    ba:4d:d0:83:f5:c8:eb:1b:a8:7b:f8:4b:53:ed:fc:
                    04:98:0f:69:4e:12:b9:d8:58:0f:e3:5e:5c:c8:68:
                    08:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:AC:BA:ED:4E:23:DB:3E:B7:8C:1C:E0:4A:C5:DD:2B:57:D4:17:6F
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8614acb4-6121-4bbb-beab-2a20f8ea488d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:de:a7:eb:d6:bc:91:6b:ff:25:2c:d4:ee:54:b2:59:93:e3:
         16:32:ee:02:69:58:cb:70:41:72:90:cb:03:bc:35:f5:b2:24:
         b2:41:c0:b7:78:3f:ef:1f:03:0a:a4:99:42:48:b9:b0:48:96:
         c2:13:fe:56:30:f2:96:f0:99:dc:38:a1:1d:6c:96:95:fe:fa:
         1c:b2:34:36:bf:4a:7c:87:8f:6a:88:74:4a:5d:b2:2f:54:ee:
         56:d7:86:89:16:aa:c2:8d:05:99:80:bb:9d:35:8a:ff:8f:2c:
         21:e0:e2:c2:ab:b0:a9:a7:e1:0c:98:d2:c4:44:8d:61:6b:b5:
         bd:97:40:2b:4c:c6:89:fd:a0:de:1d:d9:d8:76:70:96:0a:44:
         35:44:34:6f:bc:65:b8:48:0f:0e:ab:c1:0b:34:13:1b:64:ba:
         c3:2a:55:45:38:4e:96:dd:8b:bc:93:f8:17:a8:25:d5:33:d6:
         72:11:e3:15:fd:f5:3e:1c:c8:51:bb:72:3b:0d:26:c0:94:d9:
         8c:3d:50:dc:24:74:ce:62:e0:47:d4:d7:e2:ee:89:e1:1d:8b:
         07:37:90:a3:2e:5b:6f:f8:6d:16:aa:39:20:e5:ef:ae:23:88:
         df:20:d1:7d:30:f8:a0:6f:46:89:4d:87:00:e9:a9:e3:a8:b2:
         db:07:c8:a8
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUPlXKBy4yKm65LxT+9UwvNsnGSgowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzMxMDAwMDAwWhcNMjMwNDAzMjM1OTU5
WjCBpTFJMEcGA1UEBRNAYzQzMTg4NDNkZGNlYzEwYzA5ZDg2M2EzZGE1ZTZmOGM1
ZGM4NmJhOTJiODFhNDIwMzk4NTQwNjVmNjI0MzE2YTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALVzk0/CRODwlZ9ujvTqY521S13bgVqzKU5u4npMa2+cBS8QNz6D
H3FfF4P69JycCEJR0T0RR1souJoYmYw1JIpN5nC6FqN8n8NGdJonJgBpB80t+Fey
q+F7VWctplbRGgWg/bELF/6gU9DM4FlM5TCtWX3BmfGCIcRsz4sX1kelEJ4QHwOR
eEkEIWZARgK1AGf+TE9mKyaFAWbCuvC0J/nZfuHne2b71gZBF+n3xYMcKNpoXp2S
LQ39mc0OBtuS14IzWUmh2x30I0P9LFhJzZW1ehuj0OmZmBZ+UAKV4OfEuk3Qg/XI
6xuoe/hLU+38BJgPaU4SudhYD+NeXMhoCOkCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSzrLrtTiPbPreMHOBKxd0rV9QXbzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvODYxNGFjYjQtNjEyMS00YmJiLWJlYWItMmEyMGY4ZWE0ODhkLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGbep+vWvJFr/yUs
1O5UslmT4xYy7gJpWMtwQXKQywO8NfWyJLJBwLd4P+8fAwqkmUJIubBIlsIT/lYw
8pbwmdw4oR1slpX++hyyNDa/SnyHj2qIdEpdsi9U7lbXhokWqsKNBZmAu501iv+P
LCHg4sKrsKmn4QyY0sREjWFrtb2XQCtMxon9oN4d2dh2cJYKRDVENG+8ZbhIDw6r
wQs0ExtkusMqVUU4Tpbdi7yT+BeoJdUz1nIR4xX99T4cyFG7cjsNJsCU2Yw9UNwk
dM5i4EfU1+LuieEdiwc3kKMuW2/4bRaqOSDl764jiN8g0X0w+KBvRolNhwDpqeOo
stsHyKg=
-----END CERTIFICATE-----