Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/af3703b3-7145-41a4-bbef-5801bc14ccbb.roa
File:                     af3703b3-7145-41a4-bbef-5801bc14ccbb.roa (raw, json)
Hash identifier:          l/VR3YOj1GjI2oqujnO1dQAp/8oxM6JlrBj9B1qgBhU=
Subject key identifier:   A1:7D:51:61:11:7E:11:D6:3C:47:7F:1C:0C:86:3F:E1:EB:39:1B:12
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       1D49E75D898703DDA57827EF3B7A086BC85C57ED
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/af3703b3-7145-41a4-bbef-5801bc14ccbb.roa
Signing time:             Mon 27 Feb 2023 00:00:00 +0000
ROA not before:           Mon 27 Feb 2023 00:00:00 +0000
ROA not after:            Thu 02 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:49:e7:5d:89:87:03:dd:a5:78:27:ef:3b:7a:08:6b:c8:5c:57:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 27 00:00:00 2023 GMT
            Not After : Mar  2 23:59:59 2023 GMT
        Subject: serialNumber=36ef94028226dcc805f7f84b14813e6dfaccf229cf3d64a468bbbb58e34cca9a, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:f2:e2:9d:f3:15:c3:b2:3f:b4:e2:cf:aa:ad:
                    a1:b6:ca:30:2c:9a:b2:26:28:78:f4:aa:e3:8e:5f:
                    29:d4:c7:b4:87:5a:76:12:d6:41:3c:37:d0:b5:94:
                    e1:71:66:4e:78:6b:24:5d:5d:cc:24:f8:e5:e2:49:
                    5f:e8:0e:bf:f4:0a:80:15:56:5e:2c:fc:b5:c0:fc:
                    73:0a:bd:a8:c6:22:53:22:9d:ff:7a:fe:62:1c:3d:
                    f5:a6:60:fa:f8:3a:9f:f0:5e:b7:2a:e1:98:3f:ac:
                    4b:eb:62:f8:5a:c6:b5:b1:ec:57:31:4a:de:e5:42:
                    84:24:49:62:13:17:32:f5:18:d5:01:db:98:7e:e0:
                    de:b9:6e:19:62:75:71:4f:29:bf:e1:9e:73:81:cd:
                    1a:ca:b5:77:92:99:3c:3f:5c:c2:c8:d8:55:31:d8:
                    06:1b:21:b8:ab:77:d1:7b:9b:14:5c:df:75:22:b5:
                    d6:23:d3:97:3d:a3:ce:3d:17:26:54:b3:33:87:d5:
                    02:f0:61:9d:30:95:8f:09:1a:a6:f8:d0:96:4b:27:
                    87:23:08:37:15:31:c3:3a:b5:1a:0b:a6:3c:12:d6:
                    19:cd:6a:18:2c:8b:ab:f4:d5:46:98:b8:b2:0f:36:
                    91:8d:35:c8:12:f1:22:44:d1:8a:54:f8:b5:1b:ab:
                    40:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:7D:51:61:11:7E:11:D6:3C:47:7F:1C:0C:86:3F:E1:EB:39:1B:12
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/af3703b3-7145-41a4-bbef-5801bc14ccbb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:a2:24:8b:c5:1d:75:0a:da:92:1d:62:98:2b:60:cb:c9:e2:
         9b:85:02:59:11:36:76:1b:e5:b9:34:ab:67:ff:35:48:2e:61:
         7a:48:62:2d:c1:2c:24:ae:2f:4c:7b:bf:a3:4f:bb:dc:b8:68:
         44:af:61:b9:41:8e:9a:fc:70:b3:c4:7f:75:94:21:a2:ca:a8:
         85:c6:b5:2d:53:a5:61:79:07:a6:19:b1:b5:65:58:d5:ce:72:
         0d:0d:01:9f:0d:02:ad:91:79:25:d6:9e:9a:37:b3:94:a9:97:
         3e:92:9b:e2:66:9f:ad:11:16:53:56:4e:bb:76:92:18:9c:48:
         89:05:2d:ef:30:92:6d:82:d7:5d:03:62:1b:ae:18:55:09:8f:
         94:6d:95:3e:5b:0e:72:84:4a:1b:9b:ec:7c:a7:86:06:45:28:
         e0:a3:31:67:8d:3d:8d:7b:d4:e3:18:a1:61:12:de:90:81:66:
         4a:97:14:56:27:d3:42:4d:45:3c:89:1d:8b:a6:59:24:7f:84:
         74:ee:2f:02:3c:d5:b4:13:c9:ad:98:e6:bd:70:79:d0:11:68:
         14:a2:b3:c5:b6:65:c3:c7:69:af:39:2c:36:6f:45:c2:a7:67:
         49:70:cb:9e:d9:11:ee:49:8d:a3:8f:ed:5b:4e:7e:6c:4e:09:
         11:f9:08:d0
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUHUnnXYmHA92leCfvO3oIa8hcV+0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjI3MDAwMDAwWhcNMjMwMzAyMjM1OTU5
WjCBpTFJMEcGA1UEBRNAMzZlZjk0MDI4MjI2ZGNjODA1ZjdmODRiMTQ4MTNlNmRm
YWNjZjIyOWNmM2Q2NGE0NjhiYmJiNThlMzRjY2E5YTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJfy4p3zFcOyP7Tiz6qtobbKMCyasiYoePSq445fKdTHtIdadhLW
QTw30LWU4XFmTnhrJF1dzCT45eJJX+gOv/QKgBVWXiz8tcD8cwq9qMYiUyKd/3r+
Yhw99aZg+vg6n/BetyrhmD+sS+ti+FrGtbHsVzFK3uVChCRJYhMXMvUY1QHbmH7g
3rluGWJ1cU8pv+Gec4HNGsq1d5KZPD9cwsjYVTHYBhshuKt30XubFFzfdSK11iPT
lz2jzj0XJlSzM4fVAvBhnTCVjwkapvjQlksnhyMINxUxwzq1GgumPBLWGc1qGCyL
q/TVRpi4sg82kY01yBLxIkTRilT4tRurQCECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBShfVFhEX4R1jxHfxwMhj/h6zkbEjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYWYzNzAzYjMtNzE0NS00MWE0LWJiZWYtNTgwMWJjMTRjY2JiLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAI+iJIvFHXUK2pId
YpgrYMvJ4puFAlkRNnYb5bk0q2f/NUguYXpIYi3BLCSuL0x7v6NPu9y4aESvYblB
jpr8cLPEf3WUIaLKqIXGtS1TpWF5B6YZsbVlWNXOcg0NAZ8NAq2ReSXWnpo3s5Sp
lz6Sm+Jmn60RFlNWTrt2khicSIkFLe8wkm2C110DYhuuGFUJj5RtlT5bDnKEShub
7HynhgZFKOCjMWeNPY171OMYoWES3pCBZkqXFFYn00JNRTyJHYumWSR/hHTuLwI8
1bQTya2Y5r1wedARaBSis8W2ZcPHaa85LDZvRcKnZ0lwy57ZEe5JjaOP7VtOfmxO
CRH5CNA=
-----END CERTIFICATE-----