Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8e37ba54-0ef5-4d6c-9380-52a8ceb4c6c2.roa
File:                     8e37ba54-0ef5-4d6c-9380-52a8ceb4c6c2.roa (raw, json)
Hash identifier:          KfRDXAUAW3XPsIvpyjmW787YQ9wObPIIKnUpKXyw7PY=
Subject key identifier:   AD:31:3E:9C:00:54:B4:70:9A:5C:D9:A6:B2:14:34:2C:D4:0B:1B:CB
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       6298138268849A3AE6AFB94C2F99D5623A566950
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8e37ba54-0ef5-4d6c-9380-52a8ceb4c6c2.roa
Signing time:             Sat 25 Feb 2023 00:00:00 +0000
ROA not before:           Sat 25 Feb 2023 00:00:00 +0000
ROA not after:            Tue 28 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:98:13:82:68:84:9a:3a:e6:af:b9:4c:2f:99:d5:62:3a:56:69:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 25 00:00:00 2023 GMT
            Not After : Feb 28 23:59:59 2023 GMT
        Subject: serialNumber=75be335b61d04a0053ad4175c114844cdb4e456d42478485dd9f90c2300be9cb, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:6a:dd:ca:68:90:e6:43:fa:dc:af:5e:19:f9:
                    53:46:24:4a:cf:06:64:7e:89:47:73:94:b1:99:af:
                    8e:74:3c:ca:06:83:c8:7a:a3:0c:b6:76:45:27:73:
                    64:e2:d6:87:26:7c:78:8e:bd:77:dd:5d:2c:e2:01:
                    61:76:35:8a:27:5f:9a:12:09:78:85:06:0e:5c:0d:
                    fa:3f:47:2f:4c:af:98:79:21:c3:be:4f:e0:29:0c:
                    6f:21:4a:70:b5:37:76:85:d9:87:89:02:33:5c:ee:
                    4b:69:58:40:68:a3:c6:09:a6:20:b1:95:71:65:80:
                    bc:bd:d6:81:67:ee:94:35:b7:51:a9:c9:ca:35:2a:
                    3f:e0:ee:fe:16:26:2e:ca:38:90:74:eb:d6:72:ca:
                    25:6d:c2:f2:7b:8b:5a:09:7f:8a:44:d0:3d:b9:b5:
                    12:e5:c6:c8:72:82:92:aa:a7:71:a6:35:96:bc:a6:
                    61:af:bf:aa:bb:2c:1d:76:70:00:a3:44:c7:53:ca:
                    11:72:07:54:18:14:36:0b:71:cf:13:c5:60:da:41:
                    a4:01:16:7a:4b:ab:c4:8c:ab:42:51:6d:dc:36:35:
                    e2:c9:07:4c:f8:52:76:02:57:d3:85:ef:65:6d:11:
                    84:57:f1:07:b9:97:1b:68:f2:b9:b0:7d:15:df:29:
                    4f:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:31:3E:9C:00:54:B4:70:9A:5C:D9:A6:B2:14:34:2C:D4:0B:1B:CB
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8e37ba54-0ef5-4d6c-9380-52a8ceb4c6c2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:0b:7f:2b:7d:c1:cf:2f:fb:f3:df:79:9e:e5:8b:76:6f:79:
         70:9f:70:e1:f4:70:de:dd:8e:be:8d:33:48:ac:03:fa:c5:f9:
         df:93:cc:4f:f1:3b:8b:7c:41:9e:e2:33:47:d1:fb:6c:22:78:
         0b:ce:7c:0e:de:7d:93:66:5f:b9:98:db:8f:d8:72:bb:07:07:
         ce:81:fe:87:ed:ce:dd:d4:5f:14:e9:db:31:f0:e6:25:d9:86:
         22:b9:54:52:36:f8:5f:8b:3e:47:e7:be:3d:95:12:cb:ee:21:
         91:74:3c:6b:a6:b0:90:f1:1c:e5:74:f2:51:0f:e3:b7:3a:42:
         19:b7:17:65:47:75:4b:eb:7e:64:d0:9f:0c:76:05:f5:ce:da:
         e7:85:9b:73:2c:cd:e8:5b:a8:45:87:f5:60:ac:47:3d:0e:56:
         86:b4:4a:37:58:41:f2:b4:cc:f8:5f:18:3c:54:6f:09:8e:7e:
         e0:27:52:f6:b4:12:aa:41:43:f4:eb:c8:30:f7:68:01:fc:5d:
         32:89:a7:a9:45:7d:a3:ce:c3:1b:e4:a4:cc:8c:d0:ce:d8:57:
         67:21:6c:e7:2c:84:8d:06:b7:fd:cf:ed:5c:f6:77:49:34:06:
         7c:a5:3f:25:51:94:66:51:79:8a:98:69:ec:94:88:d6:3f:f6:
         49:16:b8:56
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUYpgTgmiEmjrmr7lML5nVYjpWaVAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjI1MDAwMDAwWhcNMjMwMjI4MjM1OTU5
WjCBpTFJMEcGA1UEBRNANzViZTMzNWI2MWQwNGEwMDUzYWQ0MTc1YzExNDg0NGNk
YjRlNDU2ZDQyNDc4NDg1ZGQ5ZjkwYzIzMDBiZTljYjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANVq3cpokOZD+tyvXhn5U0YkSs8GZH6JR3OUsZmvjnQ8ygaDyHqj
DLZ2RSdzZOLWhyZ8eI69d91dLOIBYXY1iidfmhIJeIUGDlwN+j9HL0yvmHkhw75P
4CkMbyFKcLU3doXZh4kCM1zuS2lYQGijxgmmILGVcWWAvL3WgWfulDW3UanJyjUq
P+Du/hYmLso4kHTr1nLKJW3C8nuLWgl/ikTQPbm1EuXGyHKCkqqncaY1lrymYa+/
qrssHXZwAKNEx1PKEXIHVBgUNgtxzxPFYNpBpAEWekurxIyrQlFt3DY14skHTPhS
dgJX04XvZW0RhFfxB7mXG2jyubB9Fd8pT9sCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBStMT6cAFS0cJpc2aayFDQs1AsbyzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvOGUzN2JhNTQtMGVmNS00ZDZjLTkzODAtNTJhOGNlYjRjNmMyLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAL4Lfyt9wc8v+/Pf
eZ7li3ZveXCfcOH0cN7djr6NM0isA/rF+d+TzE/xO4t8QZ7iM0fR+2wieAvOfA7e
fZNmX7mY24/YcrsHB86B/oftzt3UXxTp2zHw5iXZhiK5VFI2+F+LPkfnvj2VEsvu
IZF0PGumsJDxHOV08lEP47c6Qhm3F2VHdUvrfmTQnwx2BfXO2ueFm3MszehbqEWH
9WCsRz0OVoa0SjdYQfK0zPhfGDxUbwmOfuAnUva0EqpBQ/TryDD3aAH8XTKJp6lF
faPOwxvkpMyM0M7YV2chbOcshI0Gt/3P7Vz2d0k0BnylPyVRlGZReYqYaeyUiNY/
9kkWuFY=
-----END CERTIFICATE-----