Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8e68a4d7-cd84-41ed-b2b2-7cec3eeae5dd.roa
File:                     8e68a4d7-cd84-41ed-b2b2-7cec3eeae5dd.roa (raw, json)
Hash identifier:          XabdCS5Yi9HPfLL1JMfGyXLw7Su1nui9T1BtEN0HPLs=
Subject key identifier:   2B:4E:58:36:C2:63:20:17:9D:B3:0C:C0:3D:21:70:B3:A1:3E:07:FB
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       7AD19C713756C0590540706B7C59C98B878CC292
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8e68a4d7-cd84-41ed-b2b2-7cec3eeae5dd.roa
Signing time:             Sat 25 Mar 2023 00:00:00 +0000
ROA not before:           Sat 25 Mar 2023 00:00:00 +0000
ROA not after:            Tue 28 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:d1:9c:71:37:56:c0:59:05:40:70:6b:7c:59:c9:8b:87:8c:c2:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 25 00:00:00 2023 GMT
            Not After : Mar 28 23:59:59 2023 GMT
        Subject: serialNumber=0351ac26092b2a8d4630a28e4fe9c7230fa86b30f7e8a601ef3393d506cbadbf, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:f5:e2:eb:57:d8:bf:a7:fa:0b:f0:f6:81:1e:
                    7c:08:b6:ec:8e:8e:e9:fe:0f:90:cc:6f:31:3f:e8:
                    95:16:13:41:85:5c:e3:51:58:a7:ed:2a:ec:b0:6f:
                    87:60:e7:3b:18:05:31:1c:2a:37:4b:82:29:06:e5:
                    d5:c3:15:6a:80:dc:f0:33:9e:cc:a7:b3:8c:47:c1:
                    08:16:59:5f:21:e4:b5:39:0a:c2:01:60:1a:86:a1:
                    e1:3c:3c:0d:98:6b:bf:64:37:49:41:63:bf:9d:9e:
                    34:5d:90:65:85:bc:f6:0d:08:f7:b0:59:c7:20:d9:
                    87:32:d7:ed:f1:28:91:fb:d0:b8:41:42:3a:99:0e:
                    cb:24:8e:04:a0:cd:9b:cc:29:d8:f8:1b:15:bf:22:
                    01:55:cb:c2:f3:13:77:bf:24:73:f6:87:9f:89:7e:
                    d9:e5:e4:6b:a6:c3:b2:9f:a8:5d:55:16:ca:8f:f7:
                    95:67:a0:a9:c0:8b:0e:12:e9:4e:66:10:b6:b1:41:
                    e0:bf:e7:96:d4:9a:67:fc:35:c2:8b:9c:32:8d:3f:
                    1f:92:ee:41:58:98:0e:7f:0b:41:8b:b4:3c:7b:de:
                    b5:ef:bf:ff:b6:70:01:8e:22:2a:94:43:44:9a:68:
                    1a:49:c5:7a:3d:34:36:3c:92:b8:53:cb:71:27:8a:
                    03:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:4E:58:36:C2:63:20:17:9D:B3:0C:C0:3D:21:70:B3:A1:3E:07:FB
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8e68a4d7-cd84-41ed-b2b2-7cec3eeae5dd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:86:f4:db:04:b6:39:8c:18:be:f9:0f:f9:fe:d1:64:81:80:
         f5:0f:65:84:98:ea:f5:6e:2f:0e:e2:84:2d:ef:7f:44:23:7e:
         84:ca:a1:2e:cc:e7:4e:b0:cf:29:d7:2a:12:c1:3a:cf:71:1c:
         0e:6c:b3:c2:72:72:9f:53:22:6a:66:b9:9a:31:ba:79:63:a7:
         3c:28:14:56:51:96:42:94:b5:d1:7e:db:ea:6f:99:32:2c:8d:
         a4:8d:ea:1f:e1:f8:ff:01:67:e4:4b:f5:20:b8:00:a5:ca:6b:
         2c:37:55:5a:56:36:8d:62:f0:3b:10:23:ea:c1:48:cd:08:44:
         d2:b2:2e:42:a6:b7:a3:32:65:4a:32:62:4a:f7:9e:92:a5:0c:
         74:96:bf:8f:3e:ae:98:1a:0c:e0:79:9c:87:67:b7:03:bb:85:
         f4:24:1b:dd:ce:22:d9:10:73:d1:e0:67:66:58:a9:71:cf:d5:
         1b:89:df:43:92:09:ea:05:01:0e:ea:89:d1:e4:ea:7e:bb:22:
         b6:31:57:9a:98:19:54:d7:8f:5b:32:b3:e2:c9:cc:59:0f:b9:
         28:4e:b9:90:43:34:10:8b:6d:02:92:5f:8c:7f:fd:28:34:69:
         de:ed:19:a4:e3:60:bd:f2:9f:8d:10:93:58:b7:73:2b:17:82:
         af:42:d8:7f
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUetGccTdWwFkFQHBrfFnJi4eMwpIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzI1MDAwMDAwWhcNMjMwMzI4MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMDM1MWFjMjYwOTJiMmE4ZDQ2MzBhMjhlNGZlOWM3MjMw
ZmE4NmIzMGY3ZThhNjAxZWYzMzkzZDUwNmNiYWRiZjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKT14utX2L+n+gvw9oEefAi27I6O6f4PkMxvMT/olRYTQYVc41FY
p+0q7LBvh2DnOxgFMRwqN0uCKQbl1cMVaoDc8DOezKezjEfBCBZZXyHktTkKwgFg
Goah4Tw8DZhrv2Q3SUFjv52eNF2QZYW89g0I97BZxyDZhzLX7fEokfvQuEFCOpkO
yySOBKDNm8wp2PgbFb8iAVXLwvMTd78kc/aHn4l+2eXka6bDsp+oXVUWyo/3lWeg
qcCLDhLpTmYQtrFB4L/nltSaZ/w1woucMo0/H5LuQViYDn8LQYu0PHvete+//7Zw
AY4iKpRDRJpoGknFej00NjySuFPLcSeKA28CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQrTlg2wmMgF52zDMA9IXCzoT4H+zAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvOGU2OGE0ZDctY2Q4NC00MWVkLWIyYjItN2NlYzNlZWFlNWRkLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJiG9NsEtjmMGL75
D/n+0WSBgPUPZYSY6vVuLw7ihC3vf0QjfoTKoS7M506wzynXKhLBOs9xHA5ss8Jy
cp9TImpmuZoxunljpzwoFFZRlkKUtdF+2+pvmTIsjaSN6h/h+P8BZ+RL9SC4AKXK
ayw3VVpWNo1i8DsQI+rBSM0IRNKyLkKmt6MyZUoyYkr3npKlDHSWv48+rpgaDOB5
nIdntwO7hfQkG93OItkQc9HgZ2ZYqXHP1RuJ30OSCeoFAQ7qidHk6n67IrYxV5qY
GVTXj1sys+LJzFkPuShOuZBDNBCLbQKSX4x//Sg0ad7tGaTjYL3yn40Qk1i3cysX
gq9C2H8=
-----END CERTIFICATE-----