Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/acbd28a2-f597-41ce-b8fc-0343a00896b2.roa
File:                     acbd28a2-f597-41ce-b8fc-0343a00896b2.roa (raw, json)
Hash identifier:          glJWtGsvw7AVnx3wpxhy4vGVQu64V4OadA0ZXiB7cUo=
Subject key identifier:   69:A5:F0:D2:6E:42:1B:BC:67:74:9D:70:1F:BA:95:64:A1:6B:35:DC
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       0C5390827F8C4CC131565C2B0C7A42EC613C341F
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/acbd28a2-f597-41ce-b8fc-0343a00896b2.roa
Signing time:             Mon 13 Feb 2023 00:00:00 +0000
ROA not before:           Mon 13 Feb 2023 00:00:00 +0000
ROA not after:            Thu 16 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:53:90:82:7f:8c:4c:c1:31:56:5c:2b:0c:7a:42:ec:61:3c:34:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 13 00:00:00 2023 GMT
            Not After : Feb 16 23:59:59 2023 GMT
        Subject: serialNumber=e1076d8ecb45fff50a05c52c9e1a001c846bf93550a95a0853590598ad782eca, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:b9:77:22:b9:52:40:cf:2c:28:44:c0:c8:ae:
                    3d:f3:09:8f:ae:51:7a:42:73:fb:b7:76:59:28:4c:
                    91:db:a8:a9:50:35:6f:01:e4:1f:0b:3d:d5:af:50:
                    0f:d5:a4:b0:dc:9a:c3:6c:98:2c:7e:95:48:c4:cd:
                    68:e4:55:d3:79:8c:05:d9:7e:74:38:81:bf:05:c3:
                    2e:9b:fd:14:23:ae:58:f4:52:72:97:ce:bc:a5:d0:
                    78:f8:39:05:be:0d:e3:8d:b6:7c:42:8c:2e:be:f9:
                    ba:ff:5f:92:61:61:9c:6d:1c:07:db:e2:db:d0:cf:
                    0e:ff:47:bf:9d:b8:60:65:a8:12:be:de:7c:8e:31:
                    33:f9:3d:e2:4b:57:bf:ea:da:f6:d0:3d:23:04:10:
                    4f:82:ab:9b:4b:b2:32:30:93:89:fb:08:86:ea:c0:
                    d4:f3:1c:4b:c2:ee:81:ce:f6:0b:ec:8a:8c:c6:1b:
                    03:50:1a:eb:7e:1f:a9:89:9e:b4:f5:ab:96:46:c3:
                    ca:76:98:9e:d3:44:0e:4f:72:40:39:b9:0b:90:ee:
                    fc:ab:76:7a:a7:b4:0d:8f:80:f2:86:43:01:4a:61:
                    fa:e4:e4:e2:8e:21:67:2b:42:e7:ae:95:18:a4:88:
                    e1:d6:50:cc:db:2b:c5:39:b9:d4:e7:e4:1a:f9:d7:
                    cf:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:A5:F0:D2:6E:42:1B:BC:67:74:9D:70:1F:BA:95:64:A1:6B:35:DC
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/acbd28a2-f597-41ce-b8fc-0343a00896b2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:98:10:b5:5c:47:61:82:b4:ce:fb:3d:91:9f:db:19:a3:a3:
         28:98:1e:6b:8d:60:4b:03:9f:bc:d7:c3:df:7b:84:d2:5f:17:
         01:0a:17:a1:55:cf:e2:2d:92:ec:ca:58:a7:10:07:1e:73:c5:
         7d:85:a2:71:81:8d:88:90:5b:e6:51:ca:01:2a:5e:98:29:62:
         12:a6:c5:50:04:76:17:1a:f7:15:05:2c:6e:e0:63:e4:48:53:
         3c:62:96:4b:8f:c3:2a:fa:90:d2:ed:06:65:03:6c:2a:fc:83:
         93:0d:1c:07:e3:fa:a2:03:76:55:f8:a2:0e:4f:29:8d:90:06:
         e6:b5:70:ad:26:a4:eb:82:42:a1:08:55:37:ac:a1:ec:90:04:
         c7:8b:e7:5b:0c:bb:66:7f:78:87:58:1c:42:7d:e2:36:29:fb:
         41:6a:c9:c5:26:82:7b:7a:d8:4b:73:b4:3b:2c:f8:ef:ff:b5:
         cb:78:77:f2:ae:0b:64:0d:7a:a0:68:8f:c5:60:e6:6b:71:f2:
         d7:75:fd:a6:0b:24:3c:8e:1e:48:88:8e:63:9a:5d:fa:0a:32:
         72:59:57:f6:3b:9d:6b:41:c7:9c:9c:0e:c9:74:cb:53:a6:35:
         b0:f4:ea:f3:84:f1:79:44:53:b1:54:f7:22:38:bc:62:0c:12:
         13:57:da:54
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUDFOQgn+MTMExVlwrDHpC7GE8NB8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjEzMDAwMDAwWhcNMjMwMjE2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZTEwNzZkOGVjYjQ1ZmZmNTBhMDVjNTJjOWUxYTAwMWM4
NDZiZjkzNTUwYTk1YTA4NTM1OTA1OThhZDc4MmVjYTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMO5dyK5UkDPLChEwMiuPfMJj65RekJz+7d2WShMkduoqVA1bwHk
Hws91a9QD9WksNyaw2yYLH6VSMTNaORV03mMBdl+dDiBvwXDLpv9FCOuWPRScpfO
vKXQePg5Bb4N4422fEKMLr75uv9fkmFhnG0cB9vi29DPDv9Hv524YGWoEr7efI4x
M/k94ktXv+ra9tA9IwQQT4Krm0uyMjCTifsIhurA1PMcS8Lugc72C+yKjMYbA1Aa
634fqYmetPWrlkbDynaYntNEDk9yQDm5C5Du/Kt2eqe0DY+A8oZDAUph+uTk4o4h
ZytC566VGKSI4dZQzNsrxTm51OfkGvnXz2UCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRppfDSbkIbvGd0nXAfupVkoWs13DAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYWNiZDI4YTItZjU5Ny00MWNlLWI4ZmMtMDM0M2EwMDg5NmIyLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAL6YELVcR2GCtM77
PZGf2xmjoyiYHmuNYEsDn7zXw997hNJfFwEKF6FVz+ItkuzKWKcQBx5zxX2FonGB
jYiQW+ZRygEqXpgpYhKmxVAEdhca9xUFLG7gY+RIUzxilkuPwyr6kNLtBmUDbCr8
g5MNHAfj+qIDdlX4og5PKY2QBua1cK0mpOuCQqEIVTesoeyQBMeL51sMu2Z/eIdY
HEJ94jYp+0FqycUmgnt62EtztDss+O//tct4d/KuC2QNeqBoj8Vg5mtx8td1/aYL
JDyOHkiIjmOaXfoKMnJZV/Y7nWtBx5ycDsl0y1OmNbD06vOE8XlEU7FU9yI4vGIM
EhNX2lQ=
-----END CERTIFICATE-----