Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/962f813f-311d-4c04-bd93-c67c2880782c.roa
File:                     962f813f-311d-4c04-bd93-c67c2880782c.roa (raw, json)
Hash identifier:          4V9OGIof6pmgFsyy8fNEJXXCVS182SN65bIYkClMXxA=
Subject key identifier:   F7:4E:91:FA:0D:EE:64:5C:00:82:AB:0B:89:61:48:51:10:83:0A:8A
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       24242B5810AC6C1ED239A67F79CD457E1FCEB050
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/962f813f-311d-4c04-bd93-c67c2880782c.roa
Signing time:             Fri 28 Apr 2023 00:00:00 +0000
ROA not before:           Fri 28 Apr 2023 00:00:00 +0000
ROA not after:            Mon 01 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:24:2b:58:10:ac:6c:1e:d2:39:a6:7f:79:cd:45:7e:1f:ce:b0:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 28 00:00:00 2023 GMT
            Not After : May  1 23:59:59 2023 GMT
        Subject: serialNumber=1256a020456ec50b8be2d0a61579b56f92d55ed595d1d898286f410e82ef116a, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:52:28:49:9e:de:a7:cf:73:e0:f5:92:f1:65:
                    d2:ba:0d:eb:8f:7a:2a:92:ae:2e:f5:c2:a6:a8:80:
                    e5:62:d7:c2:9c:66:e0:13:8d:08:91:fd:09:71:4f:
                    cd:b2:8d:ee:05:25:f5:65:05:bf:b7:54:0f:5b:24:
                    5f:2b:47:29:84:70:a6:a8:87:32:67:6b:6c:8a:83:
                    0c:8c:4d:68:8f:c1:7e:f8:31:f7:2a:e2:25:77:75:
                    28:85:3e:34:37:06:a5:c5:ae:1c:02:2b:cd:66:64:
                    2f:ef:65:48:b5:44:c3:ab:60:12:d2:44:cf:40:9d:
                    7d:3b:11:a0:29:a1:9e:7e:74:65:70:6a:d6:a8:3c:
                    80:10:a5:cc:2b:c3:97:3f:bb:e5:fe:1a:7d:7d:1e:
                    df:25:1d:0d:33:18:e3:91:1a:0d:10:ec:46:6d:ac:
                    6f:b5:c1:53:08:9c:44:28:74:9a:63:5a:bb:b6:6e:
                    ac:74:0b:4e:77:98:68:d9:c4:ef:d8:33:92:be:e3:
                    3c:28:cd:b9:5c:e3:43:89:f5:60:ad:7f:80:52:82:
                    ae:d4:3c:79:e5:a6:e3:51:f6:94:39:78:59:f2:f2:
                    83:64:75:da:3c:47:0a:d2:32:c6:74:61:31:e1:b9:
                    c5:89:ef:cd:c3:f3:c1:38:77:c9:93:5b:36:8a:cd:
                    33:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:4E:91:FA:0D:EE:64:5C:00:82:AB:0B:89:61:48:51:10:83:0A:8A
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/962f813f-311d-4c04-bd93-c67c2880782c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:54:4e:86:3b:d6:71:e1:5f:01:7b:72:2d:5b:56:48:6b:2a:
         7f:81:9f:e2:a1:b1:bf:9f:48:5b:76:65:4f:19:e7:cc:9a:c0:
         1f:ed:82:21:d9:25:3c:7f:2a:27:45:4a:14:48:ba:84:18:93:
         97:93:6c:f2:18:4a:d9:7e:c5:4e:9f:8e:ef:a0:6b:f4:09:6b:
         47:6a:f4:b6:f5:b2:f6:a5:a2:58:86:ab:8b:2e:be:51:26:cb:
         4f:6f:b7:67:ac:0a:e8:53:0b:45:e2:f5:08:7b:48:8f:cc:5b:
         b7:c7:23:0d:83:ca:2a:54:fe:93:26:86:83:db:fd:d5:c4:7f:
         36:e9:e2:89:ff:93:9c:56:99:4c:ab:09:13:c8:c6:75:5e:43:
         51:e8:df:b1:7a:83:93:94:65:fc:42:98:24:16:38:36:87:93:
         c4:b8:86:ee:a4:0d:00:8f:4b:eb:9a:79:70:3c:94:eb:d4:ed:
         90:3c:07:c3:c2:fe:e1:b0:b2:58:b0:94:2d:fb:68:28:62:98:
         b3:c1:cf:ff:10:1b:a5:1c:5d:78:d6:a1:71:12:a9:07:da:a0:
         ea:e7:cc:f9:64:b5:de:5a:47:9c:71:89:34:ff:33:cf:9c:7d:
         3f:f4:76:55:5c:99:92:bc:3c:ec:19:f5:b5:a1:d3:fa:00:e9:
         2a:69:15:a4
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUJCQrWBCsbB7SOaZ/ec1Ffh/OsFAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDI4MDAwMDAwWhcNMjMwNTAxMjM1OTU5
WjCBpTFJMEcGA1UEBRNAMTI1NmEwMjA0NTZlYzUwYjhiZTJkMGE2MTU3OWI1NmY5
MmQ1NWVkNTk1ZDFkODk4Mjg2ZjQxMGU4MmVmMTE2YTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJtSKEme3qfPc+D1kvFl0roN6496KpKuLvXCpqiA5WLXwpxm4BON
CJH9CXFPzbKN7gUl9WUFv7dUD1skXytHKYRwpqiHMmdrbIqDDIxNaI/Bfvgx9yri
JXd1KIU+NDcGpcWuHAIrzWZkL+9lSLVEw6tgEtJEz0CdfTsRoCmhnn50ZXBq1qg8
gBClzCvDlz+75f4afX0e3yUdDTMY45EaDRDsRm2sb7XBUwicRCh0mmNau7ZurHQL
TneYaNnE79gzkr7jPCjNuVzjQ4n1YK1/gFKCrtQ8eeWm41H2lDl4WfLyg2R12jxH
CtIyxnRhMeG5xYnvzcPzwTh3yZNbNorNM8kCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBT3TpH6De5kXACCqwuJYUhREIMKijAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvOTYyZjgxM2YtMzExZC00YzA0LWJkOTMtYzY3YzI4ODA3ODJjLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACtUToY71nHhXwF7
ci1bVkhrKn+Bn+Khsb+fSFt2ZU8Z58yawB/tgiHZJTx/KidFShRIuoQYk5eTbPIY
Stl+xU6fju+ga/QJa0dq9Lb1svaloliGq4suvlEmy09vt2esCuhTC0Xi9Qh7SI/M
W7fHIw2DyipU/pMmhoPb/dXEfzbp4on/k5xWmUyrCRPIxnVeQ1Ho37F6g5OUZfxC
mCQWODaHk8S4hu6kDQCPS+uaeXA8lOvU7ZA8B8PC/uGwsliwlC37aChimLPBz/8Q
G6UcXXjWoXESqQfaoOrnzPlktd5aR5xxiTT/M8+cfT/0dlVcmZK8POwZ9bWh0/oA
6SppFaQ=
-----END CERTIFICATE-----