Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/9f09af20-3bc9-45cf-81d1-6bc2d8e0b6fa.roa
File:                     9f09af20-3bc9-45cf-81d1-6bc2d8e0b6fa.roa (raw, json)
Hash identifier:          QumLqVNgPH6IlQ+6vF/9cbBlzTqo0ExEvvGR00wUQxU=
Subject key identifier:   1A:CD:DB:DB:40:D0:14:83:09:7B:24:52:4F:BC:27:3A:DE:D3:DE:A1
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       410327EB2047BDBECB4A6DAD691F863A9A9CA412
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/9f09af20-3bc9-45cf-81d1-6bc2d8e0b6fa.roa
Signing time:             Tue 21 Feb 2023 00:00:00 +0000
ROA not before:           Tue 21 Feb 2023 00:00:00 +0000
ROA not after:            Fri 24 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:03:27:eb:20:47:bd:be:cb:4a:6d:ad:69:1f:86:3a:9a:9c:a4:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 21 00:00:00 2023 GMT
            Not After : Feb 24 23:59:59 2023 GMT
        Subject: serialNumber=09ca4faac3a9cffb74b51405022a9689d463e9a46f3cbf1f9d2c0856985feac9, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:cb:0d:6e:a3:3e:ce:57:06:5b:39:99:9c:9e:
                    7f:a3:f7:7b:ed:22:0c:b1:e1:16:cc:59:5a:04:0f:
                    11:17:81:92:88:84:ba:a2:cf:ff:12:75:dd:67:38:
                    2e:41:a5:91:c7:d7:d2:30:72:c2:b5:ca:9b:c1:39:
                    20:42:44:70:77:64:7a:50:e0:64:91:5d:10:67:35:
                    67:08:53:2b:83:73:84:da:56:7c:59:1a:fa:77:be:
                    8b:0a:a8:7f:bc:5a:73:8b:61:a3:35:10:26:12:fe:
                    f2:08:43:93:00:29:f3:ab:b2:3d:12:4f:19:7c:22:
                    75:ac:c9:7a:8f:63:88:3e:b6:6c:f2:0c:38:e4:e3:
                    e9:e0:78:cd:d6:4c:d3:ab:ee:19:6c:4d:43:19:aa:
                    61:0b:61:ca:55:02:c6:98:7c:e8:ae:28:96:41:b1:
                    f2:76:79:8e:a4:25:24:97:91:40:79:b3:aa:b0:1a:
                    9e:49:ee:b5:89:83:fc:5e:99:d2:10:a3:ce:4b:15:
                    15:00:c6:ad:69:ba:77:9e:19:a6:f9:88:ce:d5:6d:
                    79:95:7d:14:09:27:7e:ab:c6:87:bd:24:ce:13:29:
                    b8:91:d9:38:f6:95:81:99:f9:de:3c:37:88:4e:c2:
                    5c:09:62:ba:c7:57:41:8c:46:4e:67:07:f3:c7:27:
                    24:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:CD:DB:DB:40:D0:14:83:09:7B:24:52:4F:BC:27:3A:DE:D3:DE:A1
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/9f09af20-3bc9-45cf-81d1-6bc2d8e0b6fa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:24:dc:a0:94:50:cf:ab:fe:d6:d6:06:47:a1:e4:b9:00:3e:
         f7:e9:6c:c6:d4:3d:c5:a5:24:2a:94:90:87:c4:c4:fc:00:b6:
         d0:af:f4:dd:ec:cc:d6:7f:b1:84:61:31:ef:fc:1f:35:8f:2c:
         ba:84:7b:f9:95:84:d4:24:b3:d6:3d:31:47:01:8c:9f:27:b9:
         c2:13:1b:ae:a3:82:c7:d9:00:6c:f3:76:a1:98:96:6a:85:83:
         b3:2e:16:4a:6a:39:9e:a7:d1:63:10:4b:05:5a:4e:ec:cb:cd:
         f7:91:d8:76:21:6e:25:3e:99:0c:c0:93:38:2c:bb:77:76:2b:
         bd:df:27:ad:5d:a8:29:8d:40:b3:9b:1e:ae:d3:11:61:6a:3d:
         ee:99:79:ae:4b:b4:07:a7:54:55:e6:39:3c:75:a3:96:6e:af:
         6a:09:0d:c9:3c:31:b0:53:b8:d2:7b:70:78:77:9a:98:4f:35:
         ac:9b:ac:9f:0e:71:94:72:a3:73:53:af:55:0c:a7:7e:ab:f2:
         b0:d8:17:8f:3e:97:dd:46:37:15:e2:a7:a5:fb:47:8b:7d:62:
         e4:2b:46:75:71:73:ad:49:05:f6:f5:57:50:f7:6e:ef:99:43:
         4a:5c:82:d0:fa:7d:f9:24:f0:24:da:de:1e:0b:d5:26:cb:72:
         a4:97:f8:e2
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUQQMn6yBHvb7LSm2taR+GOpqcpBIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjIxMDAwMDAwWhcNMjMwMjI0MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMDljYTRmYWFjM2E5Y2ZmYjc0YjUxNDA1MDIyYTk2ODlk
NDYzZTlhNDZmM2NiZjFmOWQyYzA4NTY5ODVmZWFjOTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALrLDW6jPs5XBls5mZyef6P3e+0iDLHhFsxZWgQPEReBkoiEuqLP
/xJ13Wc4LkGlkcfX0jBywrXKm8E5IEJEcHdkelDgZJFdEGc1ZwhTK4NzhNpWfFka
+ne+iwqof7xac4thozUQJhL+8ghDkwAp86uyPRJPGXwidazJeo9jiD62bPIMOOTj
6eB4zdZM06vuGWxNQxmqYQthylUCxph86K4olkGx8nZ5jqQlJJeRQHmzqrAanknu
tYmD/F6Z0hCjzksVFQDGrWm6d54ZpvmIztVteZV9FAknfqvGh70kzhMpuJHZOPaV
gZn53jw3iE7CXAliusdXQYxGTmcH88cnJGMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQazdvbQNAUgwl7JFJPvCc63tPeoTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvOWYwOWFmMjAtM2JjOS00NWNmLTgxZDEtNmJjMmQ4ZTBiNmZhLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAK8k3KCUUM+r/tbW
Bkeh5LkAPvfpbMbUPcWlJCqUkIfExPwAttCv9N3szNZ/sYRhMe/8HzWPLLqEe/mV
hNQks9Y9MUcBjJ8nucITG66jgsfZAGzzdqGYlmqFg7MuFkpqOZ6n0WMQSwVaTuzL
zfeR2HYhbiU+mQzAkzgsu3d2K73fJ61dqCmNQLObHq7TEWFqPe6Zea5LtAenVFXm
OTx1o5Zur2oJDck8MbBTuNJ7cHh3mphPNaybrJ8OcZRyo3NTr1UMp36r8rDYF48+
l91GNxXip6X7R4t9YuQrRnVxc61JBfb1V1D3bu+ZQ0pcgtD6ffkk8CTa3h4L1SbL
cqSX+OI=
-----END CERTIFICATE-----