Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a4ecc557-cf9e-4c10-9570-0c1d07d33ed4.roa
File:                     a4ecc557-cf9e-4c10-9570-0c1d07d33ed4.roa (raw, json)
Hash identifier:          Llu8pzGoIGDBaFGcPABLhl3Exg34flrzZR3+uelej3k=
Subject key identifier:   6E:08:F4:6F:C7:8C:7F:72:81:04:D0:39:5B:E0:DC:35:AF:31:F6:C6
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       50E61079D49D26FF9E779BBEFF4C27FEE408CEFB
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a4ecc557-cf9e-4c10-9570-0c1d07d33ed4.roa
Signing time:             Tue 28 Mar 2023 00:00:00 +0000
ROA not before:           Tue 28 Mar 2023 00:00:00 +0000
ROA not after:            Fri 31 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:e6:10:79:d4:9d:26:ff:9e:77:9b:be:ff:4c:27:fe:e4:08:ce:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 28 00:00:00 2023 GMT
            Not After : Mar 31 23:59:59 2023 GMT
        Subject: serialNumber=f1d64793eca589ab1bc9778e809faab296df86d2d26a98edd48349403b39097e, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:82:53:83:8b:cf:f9:1d:df:9c:7c:d9:8f:91:
                    8f:18:cb:f1:13:01:c5:7f:b6:58:47:92:39:f4:e0:
                    dc:e3:18:08:c4:10:d4:f9:01:c0:bc:e6:a5:56:d0:
                    27:a2:18:73:c9:54:9f:76:25:42:21:ed:82:80:9f:
                    cd:ad:ab:42:e9:6b:ff:2b:4b:fa:44:0a:b2:d7:b1:
                    bd:21:1f:df:83:ac:2a:3e:38:fc:71:af:c0:21:3e:
                    72:5c:1b:b9:63:5e:71:3c:f8:8c:8f:96:cd:d1:9f:
                    e6:e4:32:84:62:b7:85:85:3f:94:77:94:56:45:c2:
                    ee:3f:74:d9:7d:81:90:f1:55:10:74:b8:96:f7:7f:
                    9b:33:88:c7:50:23:11:d8:da:d7:aa:ac:fa:83:bb:
                    56:43:c5:c9:f7:df:c7:d5:fb:0e:24:31:e4:da:3e:
                    a3:bf:50:72:c2:16:da:86:29:2e:27:4e:fd:b7:9d:
                    28:17:c0:15:00:67:88:09:5c:33:4d:ac:0e:f6:0f:
                    1e:3b:34:fb:e6:30:ac:8b:36:7f:2d:0a:db:f3:21:
                    08:21:d3:39:e7:c9:1b:56:18:33:64:33:83:90:44:
                    bd:46:2b:2f:33:77:06:37:48:23:d7:c9:c5:37:44:
                    a9:9d:77:b8:5f:7e:45:82:af:dd:c8:5d:36:76:6e:
                    f5:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:08:F4:6F:C7:8C:7F:72:81:04:D0:39:5B:E0:DC:35:AF:31:F6:C6
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a4ecc557-cf9e-4c10-9570-0c1d07d33ed4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:ad:9b:8b:b1:11:9e:5a:d8:4d:58:e3:cd:ed:74:8f:46:e0:
         56:96:ff:a0:bd:61:1a:ed:27:7d:b0:90:74:97:99:7f:52:bb:
         50:c1:fb:48:53:7d:65:4e:6a:7a:ac:d5:43:41:73:9b:4e:f2:
         8d:bf:7b:bd:2e:2d:39:69:eb:a9:3a:49:67:23:13:5b:f1:d0:
         67:9d:aa:4b:c8:8b:44:78:70:fc:d1:1c:b5:58:a6:20:87:97:
         0a:75:dd:aa:89:15:35:3d:74:89:86:2c:57:12:44:fe:80:1c:
         63:17:f3:c5:41:48:27:e0:33:2c:78:43:f2:13:72:50:fd:0a:
         88:40:02:5d:dc:50:dc:86:dd:e7:af:37:01:09:98:ac:1e:a6:
         d8:0c:86:08:b9:9c:1f:c8:c0:46:34:bb:ca:10:db:7a:e3:ff:
         71:3a:62:98:d6:c0:fa:28:d2:38:d1:8b:49:b9:43:00:ed:4d:
         97:95:81:f4:26:ff:51:7a:5f:3e:c6:4b:d6:2a:3b:ad:4c:71:
         37:98:a8:39:29:16:97:05:fd:1a:93:dd:a5:55:48:3b:98:1f:
         cd:dc:7e:94:f6:b9:09:ff:91:e0:58:73:e7:6a:df:7d:e0:f9:
         d4:61:7d:32:93:a8:f1:51:03:14:d2:9a:da:15:39:4a:1a:d2:
         c7:40:d0:c3
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUUOYQedSdJv+ed5u+/0wn/uQIzvswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzI4MDAwMDAwWhcNMjMwMzMxMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZjFkNjQ3OTNlY2E1ODlhYjFiYzk3NzhlODA5ZmFhYjI5
NmRmODZkMmQyNmE5OGVkZDQ4MzQ5NDAzYjM5MDk3ZTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJqCU4OLz/kd35x82Y+RjxjL8RMBxX+2WEeSOfTg3OMYCMQQ1PkB
wLzmpVbQJ6IYc8lUn3YlQiHtgoCfza2rQulr/ytL+kQKstexvSEf34OsKj44/HGv
wCE+clwbuWNecTz4jI+WzdGf5uQyhGK3hYU/lHeUVkXC7j902X2BkPFVEHS4lvd/
mzOIx1AjEdja16qs+oO7VkPFyfffx9X7DiQx5No+o79QcsIW2oYpLidO/bedKBfA
FQBniAlcM02sDvYPHjs0++YwrIs2fy0K2/MhCCHTOefJG1YYM2Qzg5BEvUYrLzN3
BjdII9fJxTdEqZ13uF9+RYKv3chdNnZu9XcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRuCPRvx4x/coEE0Dlb4Nw1rzH2xjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYTRlY2M1NTctY2Y5ZS00YzEwLTk1NzAtMGMxZDA3ZDMzZWQ0LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADetm4uxEZ5a2E1Y
483tdI9G4FaW/6C9YRrtJ32wkHSXmX9Su1DB+0hTfWVOanqs1UNBc5tO8o2/e70u
LTlp66k6SWcjE1vx0GedqkvIi0R4cPzRHLVYpiCHlwp13aqJFTU9dImGLFcSRP6A
HGMX88VBSCfgMyx4Q/ITclD9CohAAl3cUNyG3eevNwEJmKweptgMhgi5nB/IwEY0
u8oQ23rj/3E6YpjWwPoo0jjRi0m5QwDtTZeVgfQm/1F6Xz7GS9YqO61McTeYqDkp
FpcF/RqT3aVVSDuYH83cfpT2uQn/keBYc+dq333g+dRhfTKTqPFRAxTSmtoVOUoa
0sdA0MM=
-----END CERTIFICATE-----