Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a4d35a37-cc31-4aa8-bfc9-40fa7932fd47.roa
File:                     a4d35a37-cc31-4aa8-bfc9-40fa7932fd47.roa (raw, json)
Hash identifier:          2JYfbPl7j3UPu4yBv0va0o1wSwrMlKpML7ojGiNS+Ck=
Subject key identifier:   D5:06:8B:60:9F:1C:4C:AD:98:CA:24:45:34:49:41:4A:90:06:2C:05
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       39D7735BF9BA8FD31662A6A42ACDF1CF3928FD76
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a4d35a37-cc31-4aa8-bfc9-40fa7932fd47.roa
Signing time:             Wed 26 Apr 2023 00:00:00 +0000
ROA not before:           Wed 26 Apr 2023 00:00:00 +0000
ROA not after:            Sat 29 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:d7:73:5b:f9:ba:8f:d3:16:62:a6:a4:2a:cd:f1:cf:39:28:fd:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 26 00:00:00 2023 GMT
            Not After : Apr 29 23:59:59 2023 GMT
        Subject: serialNumber=44299cd09e76ee794862d16a25e776c412b4375e9a16c5db79981e9cead3bd51, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:81:92:7a:c3:fe:23:7e:fe:1b:0c:90:19:07:
                    86:f4:38:b2:3e:b6:17:05:ef:8e:9c:90:a1:b1:39:
                    74:13:3d:cf:bb:dc:91:01:27:92:7d:4b:78:1d:d3:
                    e8:65:8e:db:e0:81:ad:d4:ff:79:da:0e:37:21:5d:
                    96:d0:80:0d:0f:e3:69:85:d1:45:c3:ef:e7:85:02:
                    37:df:6b:7b:20:df:29:e0:48:41:37:aa:18:a7:c6:
                    4c:a6:88:8c:4c:4c:99:6b:fc:08:eb:22:d4:20:cf:
                    69:34:33:e9:f1:80:78:ad:54:ad:fa:04:1e:6f:a7:
                    7a:d1:f5:98:35:9f:fe:e4:15:56:be:2a:ad:61:4e:
                    b8:4b:45:b1:10:da:72:da:c4:af:74:44:ab:a0:a2:
                    e0:ad:f7:a4:cd:ad:bd:ff:d7:7a:45:84:fd:d6:fe:
                    d6:d2:e4:eb:58:9f:1a:18:01:c6:b9:5d:31:48:ca:
                    d1:ad:ec:bc:ed:84:e7:9e:41:f4:41:02:1f:7d:12:
                    4d:2e:e2:7d:89:b1:9d:b8:ab:16:be:31:74:d0:3c:
                    4a:1d:46:7f:95:a6:e0:19:75:33:6f:0d:90:da:65:
                    72:8e:52:cd:fd:f7:cd:50:c1:1d:5e:cf:17:75:59:
                    9a:39:59:5f:44:1e:dd:ef:aa:43:be:49:17:34:88:
                    fc:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:06:8B:60:9F:1C:4C:AD:98:CA:24:45:34:49:41:4A:90:06:2C:05
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a4d35a37-cc31-4aa8-bfc9-40fa7932fd47.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:8b:b3:f0:9e:2e:32:0d:5c:99:4c:eb:df:cd:e3:39:60:4c:
         24:fc:09:af:98:dc:42:55:af:a5:d4:24:48:26:8b:27:d2:73:
         db:d3:c5:f7:e4:a8:c9:b3:1e:f9:b8:a7:c2:06:7d:a8:45:e7:
         ec:35:48:4c:18:e3:9c:da:a4:ec:64:eb:99:88:cf:ae:cc:af:
         bf:ae:a6:7e:f1:41:b2:7e:65:5b:00:ee:9a:00:9f:70:04:f7:
         0f:40:97:e4:48:8f:65:bc:aa:dc:ab:f1:9f:d6:68:4a:1a:aa:
         76:2f:58:ed:8c:04:81:68:83:c2:ba:03:6d:ff:53:0d:57:73:
         5a:33:83:1a:ed:c6:fa:14:fc:91:5a:47:51:f0:79:f3:ea:eb:
         52:3e:a4:81:c8:85:6a:a2:81:8b:45:cc:25:ce:23:b9:4f:1e:
         2c:ec:49:0c:a8:9c:12:ed:99:93:49:2d:eb:4a:ae:ff:f9:0a:
         27:bb:d2:4a:b4:98:a7:77:31:36:0f:72:c3:63:7c:92:38:f7:
         c4:17:15:07:fa:99:a7:5b:86:53:8a:8d:fd:59:98:b6:d7:19:
         fa:3a:8e:09:01:84:cd:80:36:bb:4b:49:3d:dc:28:00:ae:86:
         9b:de:a2:f0:a3:18:c0:f9:b0:09:c0:90:93:92:be:d5:ba:f6:
         bd:34:8c:2c
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUOddzW/m6j9MWYqakKs3xzzko/XYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDI2MDAwMDAwWhcNMjMwNDI5MjM1OTU5
WjCBpTFJMEcGA1UEBRNANDQyOTljZDA5ZTc2ZWU3OTQ4NjJkMTZhMjVlNzc2YzQx
MmI0Mzc1ZTlhMTZjNWRiNzk5ODFlOWNlYWQzYmQ1MTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAOmBknrD/iN+/hsMkBkHhvQ4sj62FwXvjpyQobE5dBM9z7vckQEn
kn1LeB3T6GWO2+CBrdT/edoONyFdltCADQ/jaYXRRcPv54UCN99reyDfKeBIQTeq
GKfGTKaIjExMmWv8COsi1CDPaTQz6fGAeK1UrfoEHm+netH1mDWf/uQVVr4qrWFO
uEtFsRDactrEr3REq6Ci4K33pM2tvf/XekWE/db+1tLk61ifGhgBxrldMUjK0a3s
vO2E555B9EECH30STS7ifYmxnbirFr4xdNA8Sh1Gf5Wm4Bl1M28NkNplco5Szf33
zVDBHV7PF3VZmjlZX0Qe3e+qQ75JFzSI/I8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTVBotgnxxMrZjKJEU0SUFKkAYsBTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYTRkMzVhMzctY2MzMS00YWE4LWJmYzktNDBmYTc5MzJmZDQ3LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFKLs/CeLjINXJlM
69/N4zlgTCT8Ca+Y3EJVr6XUJEgmiyfSc9vTxffkqMmzHvm4p8IGfahF5+w1SEwY
45zapOxk65mIz67Mr7+upn7xQbJ+ZVsA7poAn3AE9w9Al+RIj2W8qtyr8Z/WaEoa
qnYvWO2MBIFog8K6A23/Uw1Xc1ozgxrtxvoU/JFaR1HwefPq61I+pIHIhWqigYtF
zCXOI7lPHizsSQyonBLtmZNJLetKrv/5Cie70kq0mKd3MTYPcsNjfJI498QXFQf6
madbhlOKjf1ZmLbXGfo6jgkBhM2ANrtLST3cKACuhpveovCjGMD5sAnAkJOSvtW6
9r00jCw=
-----END CERTIFICATE-----