Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a146dce2-08e5-4852-ab1a-1d1b8593a7ba.roa
File:                     a146dce2-08e5-4852-ab1a-1d1b8593a7ba.roa (raw, json)
Hash identifier:          aUTOK1UX3mjrjt3PS3//xDW90pv7Bhdv+H1f8Y48Grc=
Subject key identifier:   9A:35:00:E2:E3:9B:0E:74:1A:2D:AB:BC:9C:C1:F1:5C:0D:02:E7:BE
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       7E2F0921399D39A6228F86D0D6F4161AA06D6104
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a146dce2-08e5-4852-ab1a-1d1b8593a7ba.roa
Signing time:             Sun 12 Mar 2023 00:00:00 +0000
ROA not before:           Sun 12 Mar 2023 00:00:00 +0000
ROA not after:            Wed 15 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:2f:09:21:39:9d:39:a6:22:8f:86:d0:d6:f4:16:1a:a0:6d:61:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 12 00:00:00 2023 GMT
            Not After : Mar 15 23:59:59 2023 GMT
        Subject: serialNumber=e7ada6a9cd699f8beb2b377728f8e3a6dea40fe59ad6492a3ac4a34a6c445b02, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:15:37:89:7a:0c:34:56:9c:82:38:f3:d8:a0:
                    17:2a:17:7b:fc:5e:a1:d1:76:1a:ed:61:0c:67:a6:
                    03:3a:5b:d9:83:00:ec:2a:67:d5:e7:be:5f:2a:4c:
                    1c:8f:94:7a:15:33:0c:94:61:92:79:50:39:11:f7:
                    26:98:80:99:e1:39:ca:e4:b8:59:7c:bc:83:77:5f:
                    95:0d:99:8b:4f:80:9d:6d:34:5b:b4:90:34:14:49:
                    4b:26:11:fd:6f:f7:af:07:b9:fd:f2:30:15:09:6b:
                    c6:05:a2:5c:b1:d6:a9:2c:b9:a3:57:44:b0:db:8e:
                    c3:30:c6:e7:df:91:8d:cd:7e:59:e0:42:fd:65:8b:
                    3a:08:6b:7c:16:ad:a2:7a:6c:d7:99:85:dd:21:46:
                    29:bc:33:10:f1:57:f4:95:12:78:28:72:6b:a1:69:
                    18:f0:77:49:e1:9b:c3:07:e4:83:b1:61:b7:a1:81:
                    8b:04:5d:3a:2c:58:41:c5:07:bd:a5:5a:08:52:e9:
                    86:c7:e4:41:2f:10:f1:d4:02:5b:af:d3:bd:f6:26:
                    9d:62:ea:f8:fc:26:fc:16:39:57:32:07:d7:9e:f5:
                    e5:f4:18:ca:f2:50:f1:08:44:1d:dc:5e:80:08:b0:
                    74:2c:21:d5:71:7a:10:cd:df:74:87:7a:c1:cc:a7:
                    c8:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:35:00:E2:E3:9B:0E:74:1A:2D:AB:BC:9C:C1:F1:5C:0D:02:E7:BE
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a146dce2-08e5-4852-ab1a-1d1b8593a7ba.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:91:8d:79:9c:f9:99:06:bc:95:9a:73:10:d7:61:d1:c0:39:
         96:4b:8b:a2:84:75:0a:f2:ef:05:e7:6a:d6:10:91:51:9a:b2:
         f3:5b:3f:33:de:ab:a9:14:db:8d:ca:1c:95:47:df:2a:79:3c:
         db:51:d5:b3:dd:fe:1d:95:0b:7e:8b:98:0e:48:b5:6b:09:65:
         1b:80:97:f8:b4:b1:31:94:20:cf:c8:96:ac:a2:29:c1:7c:4c:
         ca:89:62:51:d2:a4:77:48:b2:7b:bd:6d:69:ac:13:52:37:c5:
         94:87:68:a7:db:50:87:88:7d:fd:b7:29:a3:45:04:b3:ed:49:
         7c:7b:c7:63:68:0f:88:ba:45:d8:88:3d:9c:98:8d:93:27:9f:
         66:0e:ae:f9:d1:6e:6a:87:ca:b3:6d:1c:f7:37:dd:fb:c9:59:
         f6:d0:17:04:8d:aa:86:33:00:b8:e9:ff:d5:ba:f0:c5:61:75:
         1d:a5:2b:f5:50:3b:7f:b1:f1:0a:17:9e:32:0f:e6:7a:d2:cc:
         69:f4:f7:89:83:d5:df:de:d0:f6:f6:f1:71:c1:d9:b1:1f:41:
         f2:ba:bb:e5:d5:b0:08:30:6d:22:3e:39:fd:2d:b4:62:91:ed:
         0c:7c:1b:2f:99:d2:20:e7:eb:aa:31:02:d0:7f:c7:0e:eb:e2:
         0a:9d:73:00
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUfi8JITmdOaYij4bQ1vQWGqBtYQQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzEyMDAwMDAwWhcNMjMwMzE1MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZTdhZGE2YTljZDY5OWY4YmViMmIzNzc3MjhmOGUzYTZk
ZWE0MGZlNTlhZDY0OTJhM2FjNGEzNGE2YzQ0NWIwMjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMkVN4l6DDRWnII489igFyoXe/xeodF2Gu1hDGemAzpb2YMA7Cpn
1ee+XypMHI+UehUzDJRhknlQORH3JpiAmeE5yuS4WXy8g3dflQ2Zi0+AnW00W7SQ
NBRJSyYR/W/3rwe5/fIwFQlrxgWiXLHWqSy5o1dEsNuOwzDG59+Rjc1+WeBC/WWL
OghrfBatonps15mF3SFGKbwzEPFX9JUSeChya6FpGPB3SeGbwwfkg7Fht6GBiwRd
OixYQcUHvaVaCFLphsfkQS8Q8dQCW6/TvfYmnWLq+Pwm/BY5VzIH15715fQYyvJQ
8QhEHdxegAiwdCwh1XF6EM3fdId6wcynyE0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSaNQDi45sOdBotq7ycwfFcDQLnvjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYTE0NmRjZTItMDhlNS00ODUyLWFiMWEtMWQxYjg1OTNhN2JhLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABORjXmc+ZkGvJWa
cxDXYdHAOZZLi6KEdQry7wXnatYQkVGasvNbPzPeq6kU243KHJVH3yp5PNtR1bPd
/h2VC36LmA5ItWsJZRuAl/i0sTGUIM/IlqyiKcF8TMqJYlHSpHdIsnu9bWmsE1I3
xZSHaKfbUIeIff23KaNFBLPtSXx7x2NoD4i6RdiIPZyYjZMnn2YOrvnRbmqHyrNt
HPc33fvJWfbQFwSNqoYzALjp/9W68MVhdR2lK/VQO3+x8QoXnjIP5nrSzGn094mD
1d/e0Pb28XHB2bEfQfK6u+XVsAgwbSI+Of0ttGKR7Qx8Gy+Z0iDn66oxAtB/xw7r
4gqdcwA=
-----END CERTIFICATE-----