Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8623711a-c231-40fa-a187-a0cf10e8dcd4.roa
File:                     8623711a-c231-40fa-a187-a0cf10e8dcd4.roa (raw, json)
Hash identifier:          CWYNmPNyLNswpREl7WJ2mPkxMAK6WBjjJFoDs578Uoc=
Subject key identifier:   EC:28:DE:44:74:FA:3C:E5:AB:30:0E:E4:B3:DD:F1:54:D8:81:66:10
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       3AB34C1215D3B18A86983EC8B2B4298122507AD5
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8623711a-c231-40fa-a187-a0cf10e8dcd4.roa
Signing time:             Thu 26 Jan 2023 00:00:00 +0000
ROA not before:           Thu 26 Jan 2023 00:00:00 +0000
ROA not after:            Sun 29 Jan 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:b3:4c:12:15:d3:b1:8a:86:98:3e:c8:b2:b4:29:81:22:50:7a:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jan 26 00:00:00 2023 GMT
            Not After : Jan 29 23:59:59 2023 GMT
        Subject: serialNumber=ffef42635945b5754fd78afd7c81ec322369db88eb5a91afedbe9bb2947870b4, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:1f:87:a8:cf:40:79:51:df:3b:80:c0:1c:37:
                    98:d4:00:b9:f1:4f:84:f3:49:56:c7:0c:0f:1f:6b:
                    a3:40:be:fd:19:b8:d6:ac:c7:3f:f3:c2:77:69:0c:
                    98:d8:37:86:da:82:55:4f:dd:88:06:6a:09:cb:1c:
                    fc:c0:e2:d6:d1:dc:53:de:de:a8:ed:75:9a:6f:c3:
                    a0:14:15:f2:24:55:7f:e5:e5:b7:41:bf:e1:34:90:
                    6f:89:6f:af:be:bf:fb:c8:35:62:fd:d0:42:83:89:
                    e3:e1:e8:fb:6b:7c:3b:89:95:ed:26:41:a9:70:e2:
                    fd:34:ad:26:88:c3:1f:b6:b7:7e:a2:da:20:2b:2e:
                    a8:d2:eb:16:00:dd:c9:27:f9:96:33:c7:f4:e9:d7:
                    eb:5c:d0:53:cc:12:f0:58:03:43:2f:8d:bc:9d:e1:
                    25:63:bc:67:70:3c:57:2e:b3:6c:cd:fc:c1:ff:69:
                    d0:05:11:c7:fd:cb:89:02:37:14:5e:0b:0f:62:73:
                    d6:74:6a:94:d6:81:c4:a1:1f:e3:00:5d:51:aa:64:
                    d5:8e:0a:a6:de:07:9d:9b:e2:cd:01:4c:c7:9e:d1:
                    e7:eb:fe:54:cc:e0:3f:95:43:19:40:0f:b3:43:ac:
                    64:9f:f5:7d:e8:e1:a5:a4:bd:3e:dd:1f:08:d7:bd:
                    62:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:28:DE:44:74:FA:3C:E5:AB:30:0E:E4:B3:DD:F1:54:D8:81:66:10
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8623711a-c231-40fa-a187-a0cf10e8dcd4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:20:34:0b:ae:6e:60:86:ab:b2:c1:99:26:8f:7c:3e:a5:60:
         c1:7d:6c:97:07:f3:82:71:42:82:98:b1:8c:7a:ab:08:f9:f0:
         65:fd:f0:91:6c:21:f8:5c:cb:09:75:42:af:15:46:cb:88:ed:
         64:ac:65:49:f0:b9:3e:e8:6c:67:76:7f:ba:8f:21:05:fc:54:
         56:40:cc:d1:d5:65:81:63:bb:f2:f3:ef:9c:43:e6:ba:e3:64:
         c3:d4:65:fc:45:f2:a0:2d:ae:59:ee:07:8e:09:fc:38:5b:fd:
         8c:1f:bb:ec:49:98:a3:34:e6:2d:fa:66:74:72:4f:3c:1b:5b:
         1c:46:6d:95:3f:7c:b4:43:11:91:4e:d3:ad:b5:1e:59:b0:d7:
         8f:4f:4b:5d:33:c7:f5:37:70:a8:1d:ee:aa:f8:6a:a9:47:23:
         68:76:39:24:ff:26:f7:fc:0f:0d:36:43:c5:0b:96:44:43:0c:
         9d:1c:63:60:86:c3:30:25:cd:9b:0e:8c:a6:3a:72:20:14:55:
         4a:81:c9:eb:34:dc:7d:5a:54:bd:ef:4c:2d:e3:59:2c:42:04:
         a6:c4:9c:f5:b8:ab:f2:5c:5a:dd:02:47:d9:fb:f1:85:05:e4:
         f2:dc:d5:88:99:10:66:7a:da:7b:44:fd:39:6a:fa:6d:36:b7:
         d6:36:4f:40
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUOrNMEhXTsYqGmD7IsrQpgSJQetUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMTI2MDAwMDAwWhcNMjMwMTI5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZmZlZjQyNjM1OTQ1YjU3NTRmZDc4YWZkN2M4MWVjMzIy
MzY5ZGI4OGViNWE5MWFmZWRiZTliYjI5NDc4NzBiNDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAL8fh6jPQHlR3zuAwBw3mNQAufFPhPNJVscMDx9ro0C+/Rm41qzH
P/PCd2kMmNg3htqCVU/diAZqCcsc/MDi1tHcU97eqO11mm/DoBQV8iRVf+Xlt0G/
4TSQb4lvr76/+8g1Yv3QQoOJ4+Ho+2t8O4mV7SZBqXDi/TStJojDH7a3fqLaICsu
qNLrFgDdySf5ljPH9OnX61zQU8wS8FgDQy+NvJ3hJWO8Z3A8Vy6zbM38wf9p0AUR
x/3LiQI3FF4LD2Jz1nRqlNaBxKEf4wBdUapk1Y4Kpt4HnZvizQFMx57R5+v+VMzg
P5VDGUAPs0OsZJ/1fejhpaS9Pt0fCNe9YtcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTsKN5EdPo85aswDuSz3fFU2IFmEDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvODYyMzcxMWEtYzIzMS00MGZhLWExODctYTBjZjEwZThkY2Q0LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAK8gNAuubmCGq7LB
mSaPfD6lYMF9bJcH84JxQoKYsYx6qwj58GX98JFsIfhcywl1Qq8VRsuI7WSsZUnw
uT7obGd2f7qPIQX8VFZAzNHVZYFju/Lz75xD5rrjZMPUZfxF8qAtrlnuB44J/Dhb
/Ywfu+xJmKM05i36ZnRyTzwbWxxGbZU/fLRDEZFO0621Hlmw149PS10zx/U3cKgd
7qr4aqlHI2h2OST/Jvf8Dw02Q8ULlkRDDJ0cY2CGwzAlzZsOjKY6ciAUVUqByes0
3H1aVL3vTC3jWSxCBKbEnPW4q/JcWt0CR9n78YUF5PLc1YiZEGZ62ntE/Tlq+m02
t9Y2T0A=
-----END CERTIFICATE-----