Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8a9c34ea-30ca-41b1-8de3-47675b03945a.roa
File:                     8a9c34ea-30ca-41b1-8de3-47675b03945a.roa (raw, json)
Hash identifier:          U8ZVF3AyHtvw6W4Nlp9rSDDATIQGri5DO4wjJso2tH4=
Subject key identifier:   16:1D:86:E8:BB:4D:FD:D7:F7:7E:7E:53:05:F6:A4:2A:3D:87:61:41
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       0B3874B11F830012FE1C7E6C6B4DAE0FD6D8E0D3
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8a9c34ea-30ca-41b1-8de3-47675b03945a.roa
Signing time:             Thu 25 May 2023 00:00:00 +0000
ROA not before:           Thu 25 May 2023 00:00:00 +0000
ROA not after:            Sun 28 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:38:74:b1:1f:83:00:12:fe:1c:7e:6c:6b:4d:ae:0f:d6:d8:e0:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 25 00:00:00 2023 GMT
            Not After : May 28 23:59:59 2023 GMT
        Subject: serialNumber=f07fcd7ac85bdb7c5e192cb4671431394f75e733cc11981134d99b265a1badb2, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:8c:b9:3c:cb:3a:c4:9a:ca:10:1e:f8:b6:62:
                    e7:2e:0f:a7:dc:4d:f9:64:1c:c0:d0:5a:34:4d:2e:
                    6f:9c:c9:fb:73:17:6a:15:91:c7:9c:28:de:ea:e9:
                    47:3d:17:f9:14:f3:4e:ae:f2:35:81:92:cc:17:7d:
                    6d:e0:98:f8:76:a2:90:4c:ba:40:8f:4f:46:f2:2b:
                    1d:4d:03:35:2e:45:3c:4d:42:0c:78:d4:e5:a4:3d:
                    0f:9b:f6:83:f2:c6:9a:6d:14:b8:8d:d1:1f:73:0d:
                    83:58:19:23:a9:3a:07:e6:d7:a2:75:c4:08:80:f2:
                    0a:1c:b3:44:cd:02:ae:70:1e:05:ef:0f:63:5b:c8:
                    b8:2a:82:32:07:c9:51:f6:39:15:e8:c8:57:23:df:
                    08:c5:7e:c5:29:46:1c:5a:6f:05:87:29:80:0f:fc:
                    4f:f7:e0:44:47:1f:44:47:d6:4d:2b:e8:fa:86:56:
                    85:b7:b8:b3:85:b2:bd:20:05:70:81:38:a6:86:81:
                    e1:b0:05:92:7a:98:25:e5:be:d8:39:21:ec:1e:be:
                    0c:0e:de:a1:81:fe:c7:dd:63:01:84:e7:8e:ca:09:
                    f4:fc:c1:4c:f2:2b:06:a2:2e:43:0f:f8:c8:a3:3b:
                    06:74:c4:a0:31:ce:3c:ec:a1:c0:6b:4e:4f:53:7d:
                    ce:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:1D:86:E8:BB:4D:FD:D7:F7:7E:7E:53:05:F6:A4:2A:3D:87:61:41
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8a9c34ea-30ca-41b1-8de3-47675b03945a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:ee:ea:7c:18:68:80:9c:4f:68:a4:24:5d:ec:f5:4a:ae:f1:
         9b:77:b7:85:c6:aa:00:35:00:c6:e1:34:05:28:00:26:94:07:
         6b:23:f8:09:29:12:3e:1f:80:cd:80:a1:06:81:f9:e6:bb:59:
         ec:31:02:52:8d:a7:ea:40:d8:16:94:ed:e9:47:77:cc:b8:d1:
         53:18:30:25:39:f2:96:bb:36:d8:0a:18:32:48:1a:61:5e:91:
         b1:eb:96:45:d1:d7:29:20:9a:8e:fb:63:75:b6:c1:ee:4f:98:
         77:c2:6f:b7:e0:e2:07:0f:1e:04:0c:a3:9f:d2:b0:95:22:e6:
         a1:3d:3a:7d:1f:0d:66:c5:23:69:c4:e2:db:7d:ec:ca:21:9f:
         b5:2b:a0:79:a4:0c:85:04:f8:07:69:63:bb:c9:f9:2f:f7:b9:
         03:36:30:d4:35:79:ce:ae:97:6b:dc:76:0c:0e:77:37:ac:61:
         b9:ec:0d:09:09:ae:6d:5f:92:6b:b3:dd:01:d4:05:d0:12:e2:
         14:64:3b:0c:e1:77:65:47:29:0a:79:f0:29:d0:77:91:0c:5a:
         1f:a2:83:55:29:e0:b4:10:38:5d:6c:8d:d1:61:15:96:fa:d2:
         50:f7:e7:4c:c8:d7:fc:9d:ca:78:cc:49:ae:26:b1:b8:6d:79:
         f7:03:8f:8d
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUCzh0sR+DABL+HH5sa02uD9bY4NMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTI1MDAwMDAwWhcNMjMwNTI4MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZjA3ZmNkN2FjODViZGI3YzVlMTkyY2I0NjcxNDMxMzk0
Zjc1ZTczM2NjMTE5ODExMzRkOTliMjY1YTFiYWRiMjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANaMuTzLOsSayhAe+LZi5y4Pp9xN+WQcwNBaNE0ub5zJ+3MXahWR
x5wo3urpRz0X+RTzTq7yNYGSzBd9beCY+HaikEy6QI9PRvIrHU0DNS5FPE1CDHjU
5aQ9D5v2g/LGmm0UuI3RH3MNg1gZI6k6B+bXonXECIDyChyzRM0CrnAeBe8PY1vI
uCqCMgfJUfY5FejIVyPfCMV+xSlGHFpvBYcpgA/8T/fgREcfREfWTSvo+oZWhbe4
s4WyvSAFcIE4poaB4bAFknqYJeW+2Dkh7B6+DA7eoYH+x91jAYTnjsoJ9PzBTPIr
BqIuQw/4yKM7BnTEoDHOPOyhwGtOT1N9zrUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQWHYbou0391/d+flMF9qQqPYdhQTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvOGE5YzM0ZWEtMzBjYS00MWIxLThkZTMtNDc2NzViMDM5NDVhLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGru6nwYaICcT2ik
JF3s9Uqu8Zt3t4XGqgA1AMbhNAUoACaUB2sj+AkpEj4fgM2AoQaB+ea7WewxAlKN
p+pA2BaU7elHd8y40VMYMCU58pa7NtgKGDJIGmFekbHrlkXR1ykgmo77Y3W2we5P
mHfCb7fg4gcPHgQMo5/SsJUi5qE9On0fDWbFI2nE4tt97Mohn7UroHmkDIUE+Adp
Y7vJ+S/3uQM2MNQ1ec6ul2vcdgwOdzesYbnsDQkJrm1fkmuz3QHUBdAS4hRkOwzh
d2VHKQp58CnQd5EMWh+ig1Up4LQQOF1sjdFhFZb60lD350zI1/ydynjMSa4msbht
efcDj40=
-----END CERTIFICATE-----