Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a3e815f2-baed-4592-8949-f3ac0ce0ffa6.roa
File:                     a3e815f2-baed-4592-8949-f3ac0ce0ffa6.roa (raw, json)
Hash identifier:          bM1qEPWsGtMRdwnHHNPlzprR1rb2kXV1YYSsQOA6x20=
Subject key identifier:   77:26:7C:25:71:45:2F:A2:F2:E6:B2:B8:86:CF:3C:19:4F:1B:D6:85
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       71D2A1C5A8EF0E3CC1806FAE670CAFBF94305637
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a3e815f2-baed-4592-8949-f3ac0ce0ffa6.roa
Signing time:             Tue 25 Apr 2023 00:00:00 +0000
ROA not before:           Tue 25 Apr 2023 00:00:00 +0000
ROA not after:            Fri 28 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:d2:a1:c5:a8:ef:0e:3c:c1:80:6f:ae:67:0c:af:bf:94:30:56:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 25 00:00:00 2023 GMT
            Not After : Apr 28 23:59:59 2023 GMT
        Subject: serialNumber=669ce6fd22ff823235e6d3cb4a9b6defbe0055ba4abf9fb2733bbe69802dc4cc, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:fe:42:9d:87:88:fc:f1:61:ed:9e:ab:78:b3:
                    9c:e7:ef:dd:3b:ef:ca:0d:9f:82:3a:2c:3e:d5:fa:
                    ec:40:f8:43:2a:fa:ce:1e:c0:f0:a5:29:c3:48:7e:
                    13:93:34:e6:62:88:02:63:0e:ab:77:64:60:3e:53:
                    ed:65:55:8d:7f:e0:a2:db:ba:60:60:cc:bd:b5:f7:
                    99:13:5f:ec:2d:5f:d3:49:83:b8:64:f4:45:36:b3:
                    cb:87:3a:88:4c:65:d6:fe:05:a8:ee:2c:f0:9f:b0:
                    91:58:97:af:b8:53:51:24:9d:91:2d:9f:44:45:a0:
                    db:bd:ab:84:26:f5:8d:9c:11:6b:c8:ba:d0:b9:c0:
                    ec:e6:80:75:35:4b:85:4c:6c:83:16:d6:79:d7:a0:
                    a7:b9:13:19:53:da:c5:bf:9e:5b:c9:b1:dc:a8:ea:
                    2e:bb:88:73:d4:85:94:47:97:00:86:5a:fb:23:47:
                    a4:fa:7c:36:5c:02:e7:2a:5b:2a:18:cc:4c:d7:08:
                    c4:53:8f:e1:e6:95:41:1c:35:58:6d:44:4c:e0:54:
                    cc:ab:66:b8:e9:e8:cc:f0:dd:a2:45:35:16:5d:c9:
                    b8:f1:3c:97:68:2d:49:1c:24:d4:67:35:ac:ea:ae:
                    3d:8b:85:6f:85:62:39:db:28:f8:ef:a3:86:6d:a3:
                    d4:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:26:7C:25:71:45:2F:A2:F2:E6:B2:B8:86:CF:3C:19:4F:1B:D6:85
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a3e815f2-baed-4592-8949-f3ac0ce0ffa6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:db:7a:fe:6a:63:7a:55:99:28:2f:31:5d:62:d1:40:9c:2c:
         cb:64:46:54:a4:86:87:ce:22:b9:37:5e:21:1f:4c:1c:40:35:
         6c:6a:5a:4e:49:c6:8b:8c:01:7d:f7:40:1c:64:b1:44:fe:4b:
         fb:06:74:de:7e:01:d6:32:e5:a7:a2:5e:33:fa:0e:9c:f1:42:
         54:1b:33:31:22:30:d1:69:bf:d9:82:1b:69:8b:a4:a1:86:f6:
         fc:07:34:25:a6:d0:61:2f:d5:57:8d:f2:12:44:23:c3:c0:03:
         ec:7c:c8:00:99:80:fb:d3:d0:20:7a:a1:a0:fc:13:d7:b2:c0:
         0e:6f:4d:c5:69:0d:07:e2:ed:d2:25:a7:71:26:bd:47:d1:8f:
         61:26:ee:4e:57:53:1f:30:2d:0b:a0:ae:94:9c:0b:43:f0:a0:
         88:e4:e9:66:91:64:a6:d7:41:32:97:c0:bc:c8:fd:5c:e7:03:
         fc:2b:25:2f:9a:0e:0b:40:be:cd:b9:d7:eb:c2:ed:be:1e:48:
         ed:3b:19:a0:ad:8c:52:9b:60:dc:7e:c9:9f:be:24:5a:26:57:
         b1:31:ee:dc:cb:ee:ca:c7:a2:fe:43:e3:24:af:d3:c7:ec:17:
         a3:cb:44:95:3e:a6:54:1b:48:41:91:c1:b8:95:71:45:cb:bc:
         b6:1c:82:3b
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUcdKhxajvDjzBgG+uZwyvv5QwVjcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDI1MDAwMDAwWhcNMjMwNDI4MjM1OTU5
WjCBpTFJMEcGA1UEBRNANjY5Y2U2ZmQyMmZmODIzMjM1ZTZkM2NiNGE5YjZkZWZi
ZTAwNTViYTRhYmY5ZmIyNzMzYmJlNjk4MDJkYzRjYzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJX+Qp2HiPzxYe2eq3iznOfv3Tvvyg2fgjosPtX67ED4Qyr6zh7A
8KUpw0h+E5M05mKIAmMOq3dkYD5T7WVVjX/gotu6YGDMvbX3mRNf7C1f00mDuGT0
RTazy4c6iExl1v4FqO4s8J+wkViXr7hTUSSdkS2fREWg272rhCb1jZwRa8i60LnA
7OaAdTVLhUxsgxbWedegp7kTGVPaxb+eW8mx3KjqLruIc9SFlEeXAIZa+yNHpPp8
NlwC5ypbKhjMTNcIxFOP4eaVQRw1WG1ETOBUzKtmuOnozPDdokU1Fl3JuPE8l2gt
SRwk1Gc1rOquPYuFb4ViOdso+O+jhm2j1NECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBR3JnwlcUUvovLmsriGzzwZTxvWhTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYTNlODE1ZjItYmFlZC00NTkyLTg5NDktZjNhYzBjZTBmZmE2LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEnbev5qY3pVmSgv
MV1i0UCcLMtkRlSkhofOIrk3XiEfTBxANWxqWk5JxouMAX33QBxksUT+S/sGdN5+
AdYy5aeiXjP6DpzxQlQbMzEiMNFpv9mCG2mLpKGG9vwHNCWm0GEv1VeN8hJEI8PA
A+x8yACZgPvT0CB6oaD8E9eywA5vTcVpDQfi7dIlp3EmvUfRj2Em7k5XUx8wLQug
rpScC0PwoIjk6WaRZKbXQTKXwLzI/VznA/wrJS+aDgtAvs251+vC7b4eSO07GaCt
jFKbYNx+yZ++JFomV7Ex7tzL7srHov5D4ySv08fsF6PLRJU+plQbSEGRwbiVcUXL
vLYcgjs=
-----END CERTIFICATE-----