Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8e6dda35-0047-4bf6-8d78-58cd3c6903a5.roa
File:                     8e6dda35-0047-4bf6-8d78-58cd3c6903a5.roa (raw, json)
Hash identifier:          Ig6pWmHwQiabcAmJJ9fbMTe301EJsoTcJlMRqrx1M2Q=
Subject key identifier:   30:88:0A:23:8C:DD:47:2D:5F:15:5C:76:23:94:DB:95:F6:13:14:22
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       1BF2527537B58A68DB945DBC9F8C1CEDAC94DBAC
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8e6dda35-0047-4bf6-8d78-58cd3c6903a5.roa
Signing time:             Tue 25 Apr 2023 00:00:00 +0000
ROA not before:           Tue 25 Apr 2023 00:00:00 +0000
ROA not after:            Fri 28 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:f2:52:75:37:b5:8a:68:db:94:5d:bc:9f:8c:1c:ed:ac:94:db:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 25 00:00:00 2023 GMT
            Not After : Apr 28 23:59:59 2023 GMT
        Subject: serialNumber=f4a985468cef8ba6f88c2647e960b0f8cfd60695d9ca65fb8bf7fb9f68af4209, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:0e:f0:05:7d:4c:86:1f:2c:5f:eb:cb:cf:ff:
                    b1:9f:16:0f:f4:14:f2:11:6c:b1:14:60:a0:8f:2c:
                    d0:40:1a:a4:75:aa:f5:51:a7:c8:ce:b0:90:7f:b1:
                    fd:a3:19:69:7f:26:ae:cc:14:2c:28:72:4b:0d:28:
                    7f:86:1e:2e:3b:3e:1e:0e:e4:63:3b:84:f2:df:10:
                    0f:46:f6:1c:8d:29:8a:4d:6d:64:b7:7e:69:24:5d:
                    ab:88:62:d9:73:57:85:98:d9:d8:3f:e5:57:55:57:
                    71:dc:a1:02:08:bd:93:49:78:fc:fe:24:61:2d:7c:
                    f8:ae:a5:34:95:1c:05:c6:29:3a:e3:7a:c5:21:e3:
                    9a:14:ee:c5:f7:44:2f:c3:39:9c:e7:e8:5b:1e:ee:
                    f0:77:48:40:36:28:27:a0:eb:95:be:ca:7f:bd:b9:
                    3b:c6:f1:28:43:8e:b1:51:12:ac:9a:17:eb:03:50:
                    d6:51:c2:5c:33:aa:5a:2a:78:53:10:61:d7:36:d9:
                    b1:5e:27:5e:c3:19:e7:f5:13:d2:bf:00:4c:50:56:
                    de:58:64:f5:88:4d:e1:df:87:c2:f1:97:55:9f:d0:
                    8c:1c:fa:d6:e2:80:d9:27:a4:51:fa:e0:b7:a2:a1:
                    57:da:72:c3:32:cc:e4:a6:10:a8:b8:8e:72:70:5b:
                    91:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:88:0A:23:8C:DD:47:2D:5F:15:5C:76:23:94:DB:95:F6:13:14:22
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8e6dda35-0047-4bf6-8d78-58cd3c6903a5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:43:6e:ae:7c:b0:bd:74:7a:2d:48:0f:f3:a9:04:2c:92:f8:
         c1:1f:e4:36:84:6a:fe:7a:42:90:7d:dd:87:d0:1c:ca:c2:b5:
         cf:4d:89:dc:b4:a5:f9:c9:dd:de:59:97:9f:22:01:0f:73:00:
         f2:bd:6d:72:c1:d8:4f:ba:2c:46:a0:b5:9b:4c:00:cd:55:d8:
         8c:78:9a:0e:38:f7:24:2e:24:56:02:ca:3a:b7:db:88:c0:55:
         15:17:4d:f4:ba:57:bb:4f:e4:9c:3d:fc:f7:c9:90:53:d7:da:
         e3:ed:6d:b8:b1:cd:bf:58:f8:9e:b1:19:d2:75:ee:b8:cf:cb:
         37:b7:e5:a3:0f:22:b2:f4:c4:31:28:3c:35:a5:87:e3:7d:35:
         73:ce:37:a3:6d:12:f2:61:9a:c9:f2:5c:e5:c1:e3:69:ae:64:
         0b:5f:0b:3d:c6:97:d6:1d:4f:bd:b7:e8:86:1d:d5:88:46:75:
         85:cb:b5:f8:86:70:5e:5a:96:7e:47:84:70:20:88:80:ff:ef:
         c8:d0:db:ba:5d:64:09:6a:cd:3c:f5:c8:28:39:e8:14:ed:de:
         86:41:28:26:d4:ea:06:43:26:8f:84:0d:cd:c1:d7:91:fc:01:
         62:4a:a2:3d:14:31:46:2d:ec:49:20:6c:cd:55:30:a7:57:89:
         f4:0d:14:d7
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUG/JSdTe1imjblF28n4wc7ayU26wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDI1MDAwMDAwWhcNMjMwNDI4MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZjRhOTg1NDY4Y2VmOGJhNmY4OGMyNjQ3ZTk2MGIwZjhj
ZmQ2MDY5NWQ5Y2E2NWZiOGJmN2ZiOWY2OGFmNDIwOTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALIO8AV9TIYfLF/ry8//sZ8WD/QU8hFssRRgoI8s0EAapHWq9VGn
yM6wkH+x/aMZaX8mrswULChySw0of4YeLjs+Hg7kYzuE8t8QD0b2HI0pik1tZLd+
aSRdq4hi2XNXhZjZ2D/lV1VXcdyhAgi9k0l4/P4kYS18+K6lNJUcBcYpOuN6xSHj
mhTuxfdEL8M5nOfoWx7u8HdIQDYoJ6Drlb7Kf725O8bxKEOOsVESrJoX6wNQ1lHC
XDOqWip4UxBh1zbZsV4nXsMZ5/UT0r8ATFBW3lhk9YhN4d+HwvGXVZ/QjBz61uKA
2SekUfrgt6KhV9pywzLM5KYQqLiOcnBbke0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQwiAojjN1HLV8VXHYjlNuV9hMUIjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvOGU2ZGRhMzUtMDA0Ny00YmY2LThkNzgtNThjZDNjNjkwM2E1LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAJDbq58sL10ei1I
D/OpBCyS+MEf5DaEav56QpB93YfQHMrCtc9Nidy0pfnJ3d5Zl58iAQ9zAPK9bXLB
2E+6LEagtZtMAM1V2Ix4mg449yQuJFYCyjq324jAVRUXTfS6V7tP5Jw9/PfJkFPX
2uPtbbixzb9Y+J6xGdJ17rjPyze35aMPIrL0xDEoPDWlh+N9NXPON6NtEvJhmsny
XOXB42muZAtfCz3Gl9YdT7236IYd1YhGdYXLtfiGcF5aln5HhHAgiID/78jQ27pd
ZAlqzTz1yCg56BTt3oZBKCbU6gZDJo+EDc3B15H8AWJKoj0UMUYt7EkgbM1VMKdX
ifQNFNc=
-----END CERTIFICATE-----