Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8f6103be-6212-4b22-8cd5-ea86489bc6e7.roa
File:                     8f6103be-6212-4b22-8cd5-ea86489bc6e7.roa (raw, json)
Hash identifier:          dVlDxNAYCVc3Q7IgG5ssf4m4i+5GVS7QJI0PIZiruzw=
Subject key identifier:   B4:A0:FE:B9:08:CC:90:14:96:6A:31:6F:57:D4:2F:76:E0:35:DC:B3
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       2F1808B274DE6B8C3FD9041888286BFA0067BC33
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8f6103be-6212-4b22-8cd5-ea86489bc6e7.roa
Signing time:             Mon 10 Apr 2023 00:00:00 +0000
ROA not before:           Mon 10 Apr 2023 00:00:00 +0000
ROA not after:            Thu 13 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:18:08:b2:74:de:6b:8c:3f:d9:04:18:88:28:6b:fa:00:67:bc:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 10 00:00:00 2023 GMT
            Not After : Apr 13 23:59:59 2023 GMT
        Subject: serialNumber=d621bfaef7e1decc88a3f305a25fd815d0f7297468d9a812005290b9938ef9fa, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:07:be:f8:1d:6e:28:df:b3:2e:c4:a1:44:a1:
                    8b:c4:61:0f:59:0f:d9:e0:2a:d8:db:5f:18:9f:10:
                    93:d1:d6:d2:f6:ef:a1:b5:17:37:08:a5:1b:a8:18:
                    85:f1:05:16:7d:66:74:43:75:84:d1:ee:15:5a:50:
                    7b:20:cc:44:b5:85:74:df:ae:51:a2:a2:86:6c:96:
                    e1:70:43:92:5e:e7:7c:64:6d:ec:74:ec:f9:34:68:
                    6c:e3:37:89:0e:b7:84:20:33:d2:96:97:40:e5:51:
                    fc:4f:73:dc:14:7a:fc:07:ac:74:61:8a:9c:5c:8f:
                    b0:30:c2:19:7d:42:2d:63:95:a6:3c:92:cf:ea:d1:
                    e6:79:3a:d1:ea:b4:b0:94:92:fd:cf:f3:7a:66:28:
                    5e:dd:73:82:21:72:30:ba:fe:3d:f9:33:25:3a:05:
                    30:2f:29:03:b0:14:eb:3f:a4:4e:20:bc:97:04:37:
                    bb:5f:0c:a6:fc:b0:c4:3f:e3:71:74:d9:17:10:69:
                    4e:f5:f1:0d:ce:9b:f2:e8:ee:f3:37:d1:15:66:70:
                    81:6c:e8:cb:f9:80:65:c7:b4:37:14:a8:5e:a1:fc:
                    dd:cc:bb:f1:45:8b:f8:b4:da:a6:ae:f8:7d:33:d1:
                    94:3c:83:be:b7:78:f3:bb:3c:a6:60:08:e4:a1:eb:
                    68:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:A0:FE:B9:08:CC:90:14:96:6A:31:6F:57:D4:2F:76:E0:35:DC:B3
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8f6103be-6212-4b22-8cd5-ea86489bc6e7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:3d:0d:6f:77:84:49:34:8e:bf:4b:15:cf:de:67:09:ba:9f:
         66:13:80:f1:28:1d:c3:26:7a:06:3e:fb:af:2d:a6:84:98:c0:
         98:6b:6e:4c:53:59:7d:09:b2:c0:df:99:4e:ee:ac:3a:90:44:
         cc:71:2e:dd:6f:6e:20:88:e7:a3:cf:e4:5d:32:62:4d:f8:26:
         dc:31:c6:53:0f:fe:f9:d3:01:58:15:e6:41:1d:6e:df:d6:ea:
         a6:ee:07:77:cd:ba:0a:ee:62:a0:34:c0:86:60:c6:bb:4f:f8:
         74:03:b9:c1:6c:23:c5:4d:b0:a0:08:21:f7:16:06:74:37:7e:
         46:24:63:f7:2c:25:ad:72:48:31:d7:fa:50:e5:3c:28:b3:98:
         a7:89:d3:ba:b8:53:09:e5:15:ee:b2:52:a3:20:d2:3e:4b:6d:
         4c:9d:6d:cc:eb:c4:8d:b3:c3:88:01:41:5a:37:66:dc:c5:15:
         21:a3:0f:4f:cb:66:31:14:d1:db:69:77:0d:54:14:f6:78:2b:
         fb:37:ad:2a:c9:74:39:d6:a4:72:9d:6e:20:f8:10:8b:e7:07:
         f5:f8:54:35:76:4e:96:f7:c9:9e:64:f2:b2:16:24:83:17:36:
         e8:a2:4a:32:d9:c1:13:8c:cf:d6:ab:b7:e6:b5:24:16:eb:2a:
         bf:0e:cc:43
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIULxgIsnTea4w/2QQYiChr+gBnvDMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDEwMDAwMDAwWhcNMjMwNDEzMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZDYyMWJmYWVmN2UxZGVjYzg4YTNmMzA1YTI1ZmQ4MTVk
MGY3Mjk3NDY4ZDlhODEyMDA1MjkwYjk5MzhlZjlmYTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJcHvvgdbijfsy7EoUShi8RhD1kP2eAq2NtfGJ8Qk9HW0vbvobUX
NwilG6gYhfEFFn1mdEN1hNHuFVpQeyDMRLWFdN+uUaKihmyW4XBDkl7nfGRt7HTs
+TRobOM3iQ63hCAz0paXQOVR/E9z3BR6/AesdGGKnFyPsDDCGX1CLWOVpjySz+rR
5nk60eq0sJSS/c/zemYoXt1zgiFyMLr+PfkzJToFMC8pA7AU6z+kTiC8lwQ3u18M
pvywxD/jcXTZFxBpTvXxDc6b8uju8zfRFWZwgWzoy/mAZce0NxSoXqH83cy78UWL
+LTapq74fTPRlDyDvrd487s8pmAI5KHraGUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBS0oP65CMyQFJZqMW9X1C924DXcszAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvOGY2MTAzYmUtNjIxMi00YjIyLThjZDUtZWE4NjQ4OWJjNmU3LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABk9DW93hEk0jr9L
Fc/eZwm6n2YTgPEoHcMmegY++68tpoSYwJhrbkxTWX0JssDfmU7urDqQRMxxLt1v
biCI56PP5F0yYk34JtwxxlMP/vnTAVgV5kEdbt/W6qbuB3fNugruYqA0wIZgxrtP
+HQDucFsI8VNsKAIIfcWBnQ3fkYkY/csJa1ySDHX+lDlPCizmKeJ07q4UwnlFe6y
UqMg0j5LbUydbczrxI2zw4gBQVo3ZtzFFSGjD0/LZjEU0dtpdw1UFPZ4K/s3rSrJ
dDnWpHKdbiD4EIvnB/X4VDV2Tpb3yZ5k8rIWJIMXNuiiSjLZwROMz9art+a1JBbr
Kr8OzEM=
-----END CERTIFICATE-----