Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a7ae05bf-7396-4fc6-ad29-e72dd538a39c.roa
File:                     a7ae05bf-7396-4fc6-ad29-e72dd538a39c.roa (raw, json)
Hash identifier:          nKERp30PEp74ClKD546FIdn25ffo4rYQfb9VmUjAT2U=
Subject key identifier:   BE:63:76:60:5A:4C:23:B3:91:C6:C1:77:57:D4:EA:DC:55:7D:F7:DB
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       369690B5E5DDC527F79EE9EA2B0210E0722E8F5B
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a7ae05bf-7396-4fc6-ad29-e72dd538a39c.roa
Signing time:             Thu 23 Mar 2023 00:00:00 +0000
ROA not before:           Thu 23 Mar 2023 00:00:00 +0000
ROA not after:            Sun 26 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:96:90:b5:e5:dd:c5:27:f7:9e:e9:ea:2b:02:10:e0:72:2e:8f:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 23 00:00:00 2023 GMT
            Not After : Mar 26 23:59:59 2023 GMT
        Subject: serialNumber=615e54a8f0c3379056b43d2d9ac596049d1a9d946b2057249f1be3d9d888b8fe, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:2b:da:23:d5:b7:e3:99:85:56:19:0c:6c:36:
                    8a:21:64:c7:f7:8a:28:b7:da:0d:7a:24:de:b7:f1:
                    c9:8d:78:f4:75:cc:58:f3:52:1c:58:92:4a:5d:3c:
                    e0:af:1b:e5:2b:2b:f1:e2:af:e8:97:a9:b6:7a:fc:
                    b3:93:55:5b:4b:ca:e5:ac:d5:e0:2c:73:25:4f:6e:
                    2d:25:e9:af:3a:ce:4d:db:14:6b:ad:f6:09:3c:9f:
                    d1:23:ed:e1:dc:1b:ba:ef:82:d6:a3:7f:01:27:07:
                    67:07:af:37:eb:13:5b:f5:08:73:9b:08:20:a5:88:
                    c8:4b:28:54:5b:73:18:af:89:dc:e1:e5:e1:bb:30:
                    82:5b:e7:de:58:3f:90:90:c4:75:3c:4f:3a:69:10:
                    9d:3f:0e:7b:cd:11:f8:ff:c8:34:14:fb:e6:db:02:
                    31:8e:f7:2b:25:24:7a:e3:e6:38:81:e3:35:59:07:
                    49:f2:c7:ae:24:b9:18:6b:53:12:1b:cb:b3:7f:26:
                    f9:f6:1e:31:ee:bc:6d:fb:7e:b1:86:42:ef:9e:fa:
                    5b:ce:82:ca:a6:14:88:2e:1e:ac:1e:50:2a:d7:37:
                    ca:61:9c:a7:5e:19:27:ff:8a:fa:6a:90:1b:2e:ea:
                    68:74:90:0f:b9:77:12:ef:03:bd:98:b9:1a:14:28:
                    f5:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:63:76:60:5A:4C:23:B3:91:C6:C1:77:57:D4:EA:DC:55:7D:F7:DB
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a7ae05bf-7396-4fc6-ad29-e72dd538a39c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:d4:bd:d4:ed:80:27:44:b2:93:80:5e:f1:3f:07:cb:4e:56:
         64:42:72:6f:b5:5d:ff:19:fb:8b:1b:dd:a3:e3:97:2d:95:5b:
         3b:80:e0:71:6d:9b:0a:48:9d:fb:ce:d7:93:2d:f2:0a:07:65:
         63:10:93:aa:db:24:be:f9:15:e1:2e:9a:d1:55:bb:ac:67:92:
         38:fe:1d:f6:82:4e:a5:0b:e3:74:50:6d:08:5b:9b:8a:88:1b:
         d3:5e:a7:ac:33:51:58:72:be:34:22:9a:39:2e:78:10:1b:44:
         5a:2b:cb:9b:82:6f:30:70:e0:e2:75:24:64:29:a2:dd:97:2d:
         87:41:b1:a3:8b:dd:23:0a:0a:38:66:a3:22:29:ce:2b:b4:2b:
         a4:65:4f:2d:22:e6:7e:0a:47:6b:d1:14:14:60:28:f9:6c:5f:
         7b:e5:2f:0b:6d:c5:57:45:f6:df:e5:e4:e8:62:94:41:be:62:
         9f:0c:99:1d:37:83:4f:54:77:30:c1:9a:71:f6:c4:b9:f6:42:
         2f:5d:0c:23:38:1b:43:10:bd:15:c3:65:b8:5a:96:d4:27:c3:
         0a:7f:67:7d:60:6b:61:30:3f:3d:3b:c1:80:bd:16:05:c1:4b:
         64:26:d1:91:e0:d9:0f:a7:53:ce:52:d6:bc:e4:58:40:27:34:
         d6:4d:b6:12
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUNpaQteXdxSf3nunqKwIQ4HIuj1swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzIzMDAwMDAwWhcNMjMwMzI2MjM1OTU5
WjCBpTFJMEcGA1UEBRNANjE1ZTU0YThmMGMzMzc5MDU2YjQzZDJkOWFjNTk2MDQ5
ZDFhOWQ5NDZiMjA1NzI0OWYxYmUzZDlkODg4YjhmZTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAM0r2iPVt+OZhVYZDGw2iiFkx/eKKLfaDXok3rfxyY149HXMWPNS
HFiSSl084K8b5Ssr8eKv6Jeptnr8s5NVW0vK5azV4CxzJU9uLSXprzrOTdsUa632
CTyf0SPt4dwbuu+C1qN/AScHZwevN+sTW/UIc5sIIKWIyEsoVFtzGK+J3OHl4bsw
glvn3lg/kJDEdTxPOmkQnT8Oe80R+P/INBT75tsCMY73KyUkeuPmOIHjNVkHSfLH
riS5GGtTEhvLs38m+fYeMe68bft+sYZC7576W86CyqYUiC4erB5QKtc3ymGcp14Z
J/+K+mqQGy7qaHSQD7l3Eu8DvZi5GhQo9W8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBS+Y3ZgWkwjs5HGwXdX1OrcVX332zAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYTdhZTA1YmYtNzM5Ni00ZmM2LWFkMjktZTcyZGQ1MzhhMzljLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFfUvdTtgCdEspOA
XvE/B8tOVmRCcm+1Xf8Z+4sb3aPjly2VWzuA4HFtmwpInfvO15Mt8goHZWMQk6rb
JL75FeEumtFVu6xnkjj+HfaCTqUL43RQbQhbm4qIG9Nep6wzUVhyvjQimjkueBAb
RFory5uCbzBw4OJ1JGQpot2XLYdBsaOL3SMKCjhmoyIpziu0K6RlTy0i5n4KR2vR
FBRgKPlsX3vlLwttxVdF9t/l5OhilEG+Yp8MmR03g09UdzDBmnH2xLn2Qi9dDCM4
G0MQvRXDZbhaltQnwwp/Z31ga2EwPz07wYC9FgXBS2Qm0ZHg2Q+nU85S1rzkWEAn
NNZNthI=
-----END CERTIFICATE-----