Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/95aaddd3-06bb-4e5d-9920-d7166643ea25.roa
File:                     95aaddd3-06bb-4e5d-9920-d7166643ea25.roa (raw, json)
Hash identifier:          hq2rc4tN08pFAzyp6lwBtCa0POq0/mYyJVUiGtA9sag=
Subject key identifier:   F9:24:1C:7C:88:8E:27:00:09:45:A1:6B:86:2B:8F:CB:7C:53:43:A6
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       4D10726FE76308D765B369506A2B434C9305B17F
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/95aaddd3-06bb-4e5d-9920-d7166643ea25.roa
Signing time:             Thu 20 Apr 2023 00:00:00 +0000
ROA not before:           Thu 20 Apr 2023 00:00:00 +0000
ROA not after:            Sun 23 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:10:72:6f:e7:63:08:d7:65:b3:69:50:6a:2b:43:4c:93:05:b1:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 20 00:00:00 2023 GMT
            Not After : Apr 23 23:59:59 2023 GMT
        Subject: serialNumber=cce3cc347fc658c792b572c6aced95f6130841a02d7212c0b1874421e8097ffd, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:4b:57:0c:5b:d7:34:90:60:c5:ef:ec:4b:83:
                    c8:e1:dc:28:13:3a:89:6a:33:ec:01:fd:7d:84:71:
                    fb:c7:4b:b8:84:74:19:33:67:c4:bc:c4:11:c7:be:
                    94:3c:54:af:0f:97:a0:f2:dc:c0:9d:4d:7a:5d:de:
                    55:2a:bf:91:f5:ce:1a:10:a2:43:94:1a:38:b2:ad:
                    93:54:9f:47:99:15:72:d3:60:ea:37:07:2f:ec:6a:
                    35:28:93:35:40:9b:1d:90:62:ee:a2:4b:94:83:d1:
                    1d:95:2b:78:e7:d6:75:4e:83:22:af:79:63:61:64:
                    8d:72:85:ef:bc:44:1e:67:b0:e3:7a:29:30:f1:fd:
                    d9:1e:c7:bf:5c:6c:9a:36:e9:57:e6:4f:af:c0:9c:
                    ee:fe:fd:99:c8:91:b0:32:ee:93:fc:ac:b6:bc:bb:
                    b1:07:45:2d:73:60:e3:f9:a1:bd:37:f1:b1:9d:de:
                    c5:32:1a:68:72:cd:d0:bc:fe:a8:b3:66:30:d1:6b:
                    ba:e5:d5:bd:67:ee:0f:6b:20:ae:41:e1:80:b9:ee:
                    10:49:3f:c9:a6:74:f7:ea:84:a4:cf:bd:97:52:60:
                    41:a2:55:c7:74:3e:f5:57:21:28:3d:0f:0d:82:51:
                    cd:b7:a9:56:3b:d7:a7:11:56:a0:cb:57:37:ca:8b:
                    66:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:24:1C:7C:88:8E:27:00:09:45:A1:6B:86:2B:8F:CB:7C:53:43:A6
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/95aaddd3-06bb-4e5d-9920-d7166643ea25.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:00:41:e6:54:e9:23:e3:78:25:d6:fd:eb:ce:60:87:6a:e6:
         9d:ff:97:cd:aa:df:be:11:ab:ae:91:d0:fd:05:bb:a9:c0:d2:
         db:a0:a1:3c:40:37:fb:b9:69:e2:ed:aa:89:e7:87:89:b3:d2:
         be:1d:5b:b5:1b:e9:08:ff:ee:e6:b8:aa:fb:c8:7b:3d:73:1f:
         e6:f0:a2:f0:2f:3a:65:82:68:8e:95:4f:9a:ac:1a:c2:7f:e1:
         fd:d2:97:a8:81:db:7f:00:ed:91:a7:a6:ce:36:1b:03:85:6c:
         89:63:97:85:18:6f:75:4b:ef:9f:94:86:b5:53:23:8a:ee:b4:
         f8:39:c1:04:f8:46:0a:15:d9:1b:8a:7c:cb:aa:a3:7a:39:9c:
         e9:cc:c1:8a:76:2b:2d:f6:fb:90:e3:7b:b7:dd:39:f7:d2:03:
         c7:5e:c2:e0:a1:77:46:09:77:63:1a:e9:c4:ad:9e:a7:f7:f0:
         c4:97:12:9d:9e:21:95:7a:53:31:17:f4:9d:b3:41:ca:11:72:
         f2:aa:b4:65:ba:4a:16:54:5e:34:ca:54:10:17:d9:1e:1a:47:
         c7:5c:42:17:4e:51:78:b8:9a:ff:34:53:49:fb:d7:6a:43:fe:
         0e:fa:68:80:d3:c4:48:ae:86:14:a2:95:b0:39:85:51:c7:33:
         8e:b3:75:7d
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUTRByb+djCNdls2lQaitDTJMFsX8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDIwMDAwMDAwWhcNMjMwNDIzMjM1OTU5
WjCBpTFJMEcGA1UEBRNAY2NlM2NjMzQ3ZmM2NThjNzkyYjU3MmM2YWNlZDk1ZjYx
MzA4NDFhMDJkNzIxMmMwYjE4NzQ0MjFlODA5N2ZmZDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMhLVwxb1zSQYMXv7EuDyOHcKBM6iWoz7AH9fYRx+8dLuIR0GTNn
xLzEEce+lDxUrw+XoPLcwJ1Nel3eVSq/kfXOGhCiQ5QaOLKtk1SfR5kVctNg6jcH
L+xqNSiTNUCbHZBi7qJLlIPRHZUreOfWdU6DIq95Y2FkjXKF77xEHmew43opMPH9
2R7Hv1xsmjbpV+ZPr8Cc7v79mciRsDLuk/ystry7sQdFLXNg4/mhvTfxsZ3exTIa
aHLN0Lz+qLNmMNFruuXVvWfuD2sgrkHhgLnuEEk/yaZ09+qEpM+9l1JgQaJVx3Q+
9VchKD0PDYJRzbepVjvXpxFWoMtXN8qLZvkCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBT5JBx8iI4nAAlFoWuGK4/LfFNDpjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvOTVhYWRkZDMtMDZiYi00ZTVkLTk5MjAtZDcxNjY2NDNlYTI1LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAE4AQeZU6SPjeCXW
/evOYIdq5p3/l82q374Rq66R0P0Fu6nA0tugoTxAN/u5aeLtqonnh4mz0r4dW7Ub
6Qj/7ua4qvvIez1zH+bwovAvOmWCaI6VT5qsGsJ/4f3Sl6iB238A7ZGnps42GwOF
bIljl4UYb3VL75+UhrVTI4rutPg5wQT4RgoV2RuKfMuqo3o5nOnMwYp2Ky32+5Dj
e7fdOffSA8dewuChd0YJd2Ma6cStnqf38MSXEp2eIZV6UzEX9J2zQcoRcvKqtGW6
ShZUXjTKVBAX2R4aR8dcQhdOUXi4mv80U0n712pD/g76aIDTxEiuhhSilbA5hVHH
M46zdX0=
-----END CERTIFICATE-----