Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/abf85e2d-79ba-47dc-965e-c4c2b33d282c.roa
File:                     abf85e2d-79ba-47dc-965e-c4c2b33d282c.roa (raw, json)
Hash identifier:          DRoD6SCJjRHg7msIIutGlfMB9e4EwzkVdj5qUZ+UA18=
Subject key identifier:   75:9A:56:F3:84:2F:9F:DD:09:03:EB:09:A7:2C:AC:28:08:D1:85:80
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       3704968E7941230BDB38010CFC6D15FC43AADF18
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/abf85e2d-79ba-47dc-965e-c4c2b33d282c.roa
Signing time:             Fri 27 Jan 2023 00:00:00 +0000
ROA not before:           Fri 27 Jan 2023 00:00:00 +0000
ROA not after:            Mon 30 Jan 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:04:96:8e:79:41:23:0b:db:38:01:0c:fc:6d:15:fc:43:aa:df:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jan 27 00:00:00 2023 GMT
            Not After : Jan 30 23:59:59 2023 GMT
        Subject: serialNumber=3f2fe7b49096b342ee41c44b457584162a82d5af91a40384b73ea00d0d74951d, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:f6:e0:2e:c3:70:9d:8d:89:e1:06:6a:90:8a:
                    f9:fb:0c:2d:62:fa:5e:b5:77:aa:63:f1:86:15:15:
                    b8:44:5e:d3:10:cc:26:0e:6c:60:26:ea:c7:cf:51:
                    1c:76:ab:1a:4a:45:e1:cf:a0:a8:58:33:21:63:4d:
                    ae:7c:77:f4:5f:66:31:bc:0f:55:be:e9:69:9a:44:
                    dc:9c:c6:ab:64:02:21:04:5f:e8:86:ba:cf:ce:04:
                    af:cd:c8:5b:a3:65:9f:5b:aa:a1:64:d6:a9:9f:a4:
                    6a:2f:23:3d:91:8a:c8:0f:68:79:12:0c:46:6d:37:
                    c9:f6:14:43:b0:ca:77:18:69:94:df:c3:86:d8:eb:
                    d7:1e:63:ea:25:c8:03:4d:61:c2:8c:59:cb:3a:24:
                    60:f1:57:76:1a:82:22:25:dd:94:be:f7:0f:6c:28:
                    98:ea:c4:9c:d0:1f:6b:b7:68:d0:f5:e0:7c:05:dc:
                    a0:f4:d3:41:4b:c5:19:88:ba:10:22:ff:90:f4:18:
                    19:38:30:85:28:13:0e:39:67:a6:72:c3:60:79:96:
                    00:8b:0e:0c:2b:37:29:a6:90:ce:57:4c:c2:27:d3:
                    f6:42:44:3f:99:f0:0d:c4:d7:d6:9e:68:19:59:ee:
                    40:17:f2:ee:cf:c3:aa:35:42:cb:aa:75:58:4c:52:
                    46:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:9A:56:F3:84:2F:9F:DD:09:03:EB:09:A7:2C:AC:28:08:D1:85:80
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/abf85e2d-79ba-47dc-965e-c4c2b33d282c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:39:28:9e:c7:83:c5:e5:1a:40:98:64:d4:3a:97:2b:2c:be:
         05:9a:bf:bd:3c:a4:19:8a:be:01:48:96:9b:c2:34:2b:11:b2:
         7e:69:44:e5:76:d4:8c:69:b5:57:45:bf:81:34:cd:6f:92:9e:
         e1:bc:36:0c:29:85:88:9c:0f:bf:f4:40:d3:0c:7a:58:fd:7b:
         25:b3:70:d4:f9:3e:6e:c5:a5:d1:cc:e5:ab:d0:6f:49:e7:dc:
         b2:f0:7a:4c:4f:a3:0d:ef:a2:71:e0:ce:4f:c9:be:5e:5b:d7:
         e2:2e:db:26:79:6b:f5:da:98:d9:6e:5c:6a:a2:4a:b6:4f:ee:
         06:0b:bb:44:4f:65:49:ad:b3:eb:69:3f:94:0e:75:65:ed:c7:
         8d:42:78:08:16:60:2f:4b:fa:a4:6f:45:91:10:6b:44:97:7f:
         ff:78:96:44:01:57:23:47:b9:2e:0d:d0:ad:3d:47:c0:7f:68:
         28:76:e2:b6:bb:2a:2c:43:a8:22:73:22:40:c1:08:4a:de:0b:
         5f:3e:bc:00:ca:fc:a1:93:08:eb:4f:97:59:98:49:28:85:0c:
         f2:af:ea:3d:c8:f9:99:5c:65:07:bf:60:6f:5d:e2:60:4c:ec:
         71:48:ca:11:10:b0:e7:de:8b:31:37:be:e3:eb:33:ba:2c:3d:
         73:f2:48:f9
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUNwSWjnlBIwvbOAEM/G0V/EOq3xgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMTI3MDAwMDAwWhcNMjMwMTMwMjM1OTU5
WjCBpTFJMEcGA1UEBRNAM2YyZmU3YjQ5MDk2YjM0MmVlNDFjNDRiNDU3NTg0MTYy
YTgyZDVhZjkxYTQwMzg0YjczZWEwMGQwZDc0OTUxZDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAPX24C7DcJ2NieEGapCK+fsMLWL6XrV3qmPxhhUVuERe0xDMJg5s
YCbqx89RHHarGkpF4c+gqFgzIWNNrnx39F9mMbwPVb7paZpE3JzGq2QCIQRf6Ia6
z84Er83IW6Nln1uqoWTWqZ+kai8jPZGKyA9oeRIMRm03yfYUQ7DKdxhplN/Dhtjr
1x5j6iXIA01hwoxZyzokYPFXdhqCIiXdlL73D2womOrEnNAfa7do0PXgfAXcoPTT
QUvFGYi6ECL/kPQYGTgwhSgTDjlnpnLDYHmWAIsODCs3KaaQzldMwifT9kJEP5nw
DcTX1p5oGVnuQBfy7s/DqjVCy6p1WExSRkkCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBR1mlbzhC+f3QkD6wmnLKwoCNGFgDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYWJmODVlMmQtNzliYS00N2RjLTk2NWUtYzRjMmIzM2QyODJjLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAL45KJ7Hg8XlGkCY
ZNQ6lyssvgWav708pBmKvgFIlpvCNCsRsn5pROV21IxptVdFv4E0zW+SnuG8Ngwp
hYicD7/0QNMMelj9eyWzcNT5Pm7FpdHM5avQb0nn3LLwekxPow3vonHgzk/Jvl5b
1+Iu2yZ5a/XamNluXGqiSrZP7gYLu0RPZUmts+tpP5QOdWXtx41CeAgWYC9L+qRv
RZEQa0SXf/94lkQBVyNHuS4N0K09R8B/aCh24ra7KixDqCJzIkDBCEreC18+vADK
/KGTCOtPl1mYSSiFDPKv6j3I+ZlcZQe/YG9d4mBM7HFIyhEQsOfeizE3vuPrM7os
PXPySPk=
-----END CERTIFICATE-----