Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/aa5e60c5-fcbc-44f0-8de6-b53098d5dd7f.roa
File:                     aa5e60c5-fcbc-44f0-8de6-b53098d5dd7f.roa (raw, json)
Hash identifier:          C46Bg4/numM1U6DeSdae3uG+dcMv2JWDDtl2dUtFxyM=
Subject key identifier:   50:21:48:09:B7:48:37:5A:13:A2:02:11:64:EC:B3:D8:BD:78:C3:84
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       544D7325BF4815DF50BB7C55E72051ED78C899A5
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/aa5e60c5-fcbc-44f0-8de6-b53098d5dd7f.roa
Signing time:             Fri 24 Mar 2023 00:00:00 +0000
ROA not before:           Fri 24 Mar 2023 00:00:00 +0000
ROA not after:            Mon 27 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:4d:73:25:bf:48:15:df:50:bb:7c:55:e7:20:51:ed:78:c8:99:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 24 00:00:00 2023 GMT
            Not After : Mar 27 23:59:59 2023 GMT
        Subject: serialNumber=08e914251ab5b06ca4dc15ef3441effde0ce318336caaca6d3b04215af36227f, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:e1:2f:cd:28:a3:b9:52:e9:20:41:73:e0:3d:
                    a5:e2:36:f4:71:a9:9a:b2:0a:76:07:6a:22:2c:9e:
                    c4:14:95:4d:4a:b4:5e:7a:c4:0f:a6:e1:dd:71:de:
                    be:0b:e9:cc:ce:7c:ef:f0:68:af:74:50:9f:30:77:
                    53:89:c9:48:33:1f:b7:0a:f2:3f:3c:f8:47:71:f8:
                    ee:12:21:f2:c5:2d:0c:c4:51:24:cc:8a:03:80:f2:
                    2c:23:72:83:6d:1a:6c:c5:be:6f:10:6e:a0:3f:28:
                    ba:e2:4e:26:ba:79:54:49:a6:b3:76:d3:d6:5c:4a:
                    e4:ea:2f:1e:57:c7:51:86:74:6b:d7:4d:1b:f9:69:
                    80:9c:2d:6a:b0:26:7c:ec:2e:f2:06:e4:a5:6b:e2:
                    49:95:4f:7d:b2:43:43:96:ae:a4:a0:7c:5c:5e:0f:
                    20:3c:8d:85:2f:7f:c3:c6:62:cd:05:65:b6:bb:3b:
                    5d:c2:01:fc:3e:d8:3a:04:2d:57:ec:9a:25:03:3c:
                    e4:aa:41:07:93:6b:90:d5:89:d0:93:15:aa:df:53:
                    1c:ef:57:19:f3:73:02:8e:96:ce:7d:0c:cc:b1:33:
                    c8:f0:ec:c9:0d:0d:58:a9:7a:b0:7a:da:17:16:aa:
                    b9:de:00:ae:41:44:02:36:71:f4:9c:0b:35:00:06:
                    31:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:21:48:09:B7:48:37:5A:13:A2:02:11:64:EC:B3:D8:BD:78:C3:84
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/aa5e60c5-fcbc-44f0-8de6-b53098d5dd7f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c4:0a:d3:cf:5d:15:8b:bc:59:82:c0:1a:86:57:bd:15:3f:f7:
         56:fc:1f:eb:0d:53:ed:fd:ad:1b:af:a2:59:81:8a:b9:d5:43:
         1a:f2:51:f9:cb:dd:1b:1c:b2:cf:9d:72:72:da:83:45:0e:ab:
         cd:43:0a:b9:38:29:c0:31:47:ad:1f:fc:d9:9e:bc:76:86:6c:
         3b:8f:16:47:05:df:f6:fd:d4:8f:1b:f8:c0:3b:0d:42:05:cd:
         86:d8:d2:1d:f3:a0:f5:fa:1d:5e:f1:21:b8:ce:06:90:e8:67:
         09:14:39:dc:c6:f0:4c:3d:07:12:11:c7:39:c3:ab:63:1b:2a:
         9d:46:6a:fb:37:c5:d0:0d:7c:9f:f1:86:1f:cf:2c:02:20:95:
         dd:77:60:35:9f:c5:17:17:d4:5f:33:6b:04:e0:50:96:05:84:
         e8:61:2e:b1:b1:09:88:79:b4:da:a1:cc:b3:44:74:84:19:6b:
         b1:52:b3:62:82:dc:d4:94:5d:ba:8a:50:31:40:83:dd:97:0f:
         ce:20:7a:ec:ba:a3:67:29:a5:5b:69:92:aa:ec:a4:01:37:c1:
         d7:75:c0:ed:c4:53:b1:e4:ec:64:74:95:92:4f:f1:09:a1:d1:
         75:e4:ed:0b:1d:e4:d9:12:41:97:aa:68:eb:51:b2:68:7f:c7:
         f3:9b:2e:15
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUVE1zJb9IFd9Qu3xV5yBR7XjImaUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzI0MDAwMDAwWhcNMjMwMzI3MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMDhlOTE0MjUxYWI1YjA2Y2E0ZGMxNWVmMzQ0MWVmZmRl
MGNlMzE4MzM2Y2FhY2E2ZDNiMDQyMTVhZjM2MjI3ZjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALLhL80oo7lS6SBBc+A9peI29HGpmrIKdgdqIiyexBSVTUq0XnrE
D6bh3XHevgvpzM587/Bor3RQnzB3U4nJSDMftwryPzz4R3H47hIh8sUtDMRRJMyK
A4DyLCNyg20abMW+bxBuoD8ouuJOJrp5VEmms3bT1lxK5OovHlfHUYZ0a9dNG/lp
gJwtarAmfOwu8gbkpWviSZVPfbJDQ5aupKB8XF4PIDyNhS9/w8ZizQVltrs7XcIB
/D7YOgQtV+yaJQM85KpBB5NrkNWJ0JMVqt9THO9XGfNzAo6Wzn0MzLEzyPDsyQ0N
WKl6sHraFxaqud4ArkFEAjZx9JwLNQAGMW0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRQIUgJt0g3WhOiAhFk7LPYvXjDhDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYWE1ZTYwYzUtZmNiYy00NGYwLThkZTYtYjUzMDk4ZDVkZDdmLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAMQK089dFYu8WYLA
GoZXvRU/91b8H+sNU+39rRuvolmBirnVQxryUfnL3Rscss+dcnLag0UOq81DCrk4
KcAxR60f/NmevHaGbDuPFkcF3/b91I8b+MA7DUIFzYbY0h3zoPX6HV7xIbjOBpDo
ZwkUOdzG8Ew9BxIRxznDq2MbKp1Gavs3xdANfJ/xhh/PLAIgld13YDWfxRcX1F8z
awTgUJYFhOhhLrGxCYh5tNqhzLNEdIQZa7FSs2KC3NSUXbqKUDFAg92XD84geuy6
o2cppVtpkqrspAE3wdd1wO3EU7Hk7GR0lZJP8Qmh0XXk7Qsd5NkSQZeqaOtRsmh/
x/ObLhU=
-----END CERTIFICATE-----