Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a9a00851-9dc6-4da0-9ab7-db4bd891e9b5.roa
File:                     a9a00851-9dc6-4da0-9ab7-db4bd891e9b5.roa (raw, json)
Hash identifier:          XnVwdO6iyIQIyKrzbDMIvQqWqx6RpTbdbrf3FszlFX8=
Subject key identifier:   75:AF:73:37:73:7F:66:0B:5E:D7:FB:23:65:5E:71:9F:F5:87:F4:16
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       356219634DBF639748761CC962CEC38FE6A48B44
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a9a00851-9dc6-4da0-9ab7-db4bd891e9b5.roa
Signing time:             Mon 13 Feb 2023 00:00:00 +0000
ROA not before:           Mon 13 Feb 2023 00:00:00 +0000
ROA not after:            Thu 16 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:62:19:63:4d:bf:63:97:48:76:1c:c9:62:ce:c3:8f:e6:a4:8b:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 13 00:00:00 2023 GMT
            Not After : Feb 16 23:59:59 2023 GMT
        Subject: serialNumber=8587ff7252271c977b418f5f1f5dbf9f3ec99af3aafb74f96de94749cb8f2a7b, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:4e:c7:e2:27:cb:54:5b:de:f7:be:1a:8e:98:
                    bf:4a:2f:b7:78:4b:ad:a0:02:cb:bf:0a:8c:c8:85:
                    87:46:e5:89:b0:91:56:86:83:b2:cd:90:9d:33:1d:
                    39:25:95:0d:19:c6:4e:05:63:e6:fd:3e:34:96:de:
                    19:82:3e:d3:2b:82:e8:f0:ac:30:e1:57:91:e7:0f:
                    3b:d0:77:44:9f:4a:3e:27:ea:8f:fa:3f:7b:e2:51:
                    18:91:91:17:00:f2:41:02:ce:c7:1c:f6:a1:4a:50:
                    61:19:4b:c7:d3:7c:7c:8c:19:c0:1f:62:af:ee:ba:
                    c8:36:56:28:5b:a0:2b:a5:ec:25:37:38:8d:2f:01:
                    93:69:e1:f7:15:f0:12:ea:aa:04:e0:0d:b2:61:29:
                    83:df:ed:c7:f7:a9:18:2b:02:99:99:da:de:42:71:
                    0b:52:cf:49:b7:db:b2:75:e5:0f:8f:24:26:4a:e8:
                    a8:7b:e5:e0:88:19:bd:89:f1:7f:5c:75:bc:3b:53:
                    a3:3e:81:1f:06:58:e5:6c:ab:ab:45:b5:56:1d:2c:
                    02:a5:05:91:68:85:75:c2:de:7a:58:f2:b8:d9:7f:
                    7f:77:0e:94:1d:45:22:dc:c4:8a:c2:9c:e0:bd:9b:
                    ba:24:b7:15:7f:98:c6:96:3d:09:5e:2b:40:2f:a3:
                    d8:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:AF:73:37:73:7F:66:0B:5E:D7:FB:23:65:5E:71:9F:F5:87:F4:16
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/a9a00851-9dc6-4da0-9ab7-db4bd891e9b5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:a9:74:a3:a9:24:b3:20:1e:f2:84:83:94:26:96:f1:89:fc:
         aa:78:c9:c5:11:3c:c5:93:48:fb:45:68:c3:f9:31:b5:bb:56:
         e7:2c:e9:c8:60:f0:70:74:a7:bb:61:19:c0:4b:92:85:0a:ec:
         ab:72:51:bb:a7:fb:00:d0:df:08:b8:8c:ac:68:0d:8c:f3:b3:
         1a:0b:7c:40:73:cd:f0:dd:6d:d7:82:e1:bd:21:ba:1a:b3:e8:
         48:76:fa:8c:0e:a3:bc:8e:e5:c6:0f:bb:4b:c0:82:64:f5:78:
         ce:c4:8a:44:a8:b3:6d:d1:4b:f7:34:2c:b4:43:94:06:ab:71:
         2e:7d:31:a8:6a:0c:04:10:0a:14:92:bc:93:29:c7:82:fa:65:
         86:bc:b2:8d:36:30:45:54:3f:fa:3f:69:ef:77:27:a7:d6:94:
         07:6d:14:e1:a4:2b:92:37:6c:38:e0:6e:05:53:17:12:a8:6d:
         0c:40:5d:5a:d9:48:5c:1f:38:62:0d:3c:d7:c8:ac:42:aa:c3:
         a3:e5:6c:e9:45:d9:c4:ea:72:bf:40:4e:91:f9:90:48:3f:b8:
         c7:69:a5:5a:ca:d5:60:1e:c3:54:16:b0:0c:83:cc:34:1f:69:
         ce:1a:99:8a:fe:6b:c8:ea:9b:7a:1a:12:a1:d9:0b:b5:0a:e1:
         f1:b9:9e:2f
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUNWIZY02/Y5dIdhzJYs7Dj+aki0QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjEzMDAwMDAwWhcNMjMwMjE2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAODU4N2ZmNzI1MjI3MWM5NzdiNDE4ZjVmMWY1ZGJmOWYz
ZWM5OWFmM2FhZmI3NGY5NmRlOTQ3NDljYjhmMmE3YjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKVOx+Iny1Rb3ve+Go6Yv0ovt3hLraACy78KjMiFh0blibCRVoaD
ss2QnTMdOSWVDRnGTgVj5v0+NJbeGYI+0yuC6PCsMOFXkecPO9B3RJ9KPifqj/o/
e+JRGJGRFwDyQQLOxxz2oUpQYRlLx9N8fIwZwB9ir+66yDZWKFugK6XsJTc4jS8B
k2nh9xXwEuqqBOANsmEpg9/tx/epGCsCmZna3kJxC1LPSbfbsnXlD48kJkroqHvl
4IgZvYnxf1x1vDtToz6BHwZY5Wyrq0W1Vh0sAqUFkWiFdcLeeljyuNl/f3cOlB1F
ItzEisKc4L2buiS3FX+YxpY9CV4rQC+j2B0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBR1r3M3c39mC17X+yNlXnGf9Yf0FjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYTlhMDA4NTEtOWRjNi00ZGEwLTlhYjctZGI0YmQ4OTFlOWI1LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAI2pdKOpJLMgHvKE
g5QmlvGJ/Kp4ycURPMWTSPtFaMP5MbW7Vucs6chg8HB0p7thGcBLkoUK7KtyUbun
+wDQ3wi4jKxoDYzzsxoLfEBzzfDdbdeC4b0huhqz6Eh2+owOo7yO5cYPu0vAgmT1
eM7EikSos23RS/c0LLRDlAarcS59MahqDAQQChSSvJMpx4L6ZYa8so02MEVUP/o/
ae93J6fWlAdtFOGkK5I3bDjgbgVTFxKobQxAXVrZSFwfOGINPNfIrEKqw6PlbOlF
2cTqcr9ATpH5kEg/uMdppVrK1WAew1QWsAyDzDQfac4amYr+a8jqm3oaEqHZC7UK
4fG5ni8=
-----END CERTIFICATE-----