Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/af4a047e-8237-4074-b157-2c4dcdcaf3bf.roa
File:                     af4a047e-8237-4074-b157-2c4dcdcaf3bf.roa (raw, json)
Hash identifier:          qSZv+WoNk1xdlv3xrGTkiIPUrOMHpgZi6crDmUBC+EI=
Subject key identifier:   EA:C0:B5:90:A4:2E:E9:F9:20:B7:3E:74:B5:E7:C9:35:0C:64:73:1B
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       3709B57489513766B4DE34B1E78E39F8B317944B
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/af4a047e-8237-4074-b157-2c4dcdcaf3bf.roa
Signing time:             Tue 07 Mar 2023 00:00:00 +0000
ROA not before:           Tue 07 Mar 2023 00:00:00 +0000
ROA not after:            Fri 10 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:09:b5:74:89:51:37:66:b4:de:34:b1:e7:8e:39:f8:b3:17:94:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar  7 00:00:00 2023 GMT
            Not After : Mar 10 23:59:59 2023 GMT
        Subject: serialNumber=4d4381c31202aad3633a1d105a49f248c379458eb92dad7a869852bf887cdd10, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:23:9e:36:26:04:75:03:f2:07:9b:58:42:0c:
                    a5:08:1d:5f:85:19:9a:fb:69:9b:6f:bf:5f:2e:76:
                    d9:1d:4c:1c:d9:c3:43:61:a8:82:86:81:61:0e:80:
                    6a:a9:c8:ec:af:36:6c:c8:4c:20:42:a8:e4:4c:40:
                    28:1b:75:44:bd:4b:7a:19:67:a2:31:a0:4a:d1:37:
                    b7:2b:cb:51:ad:dc:9c:e8:41:22:5d:45:11:c7:ca:
                    97:38:63:15:f2:53:db:29:fe:cd:24:6e:54:bb:54:
                    36:2a:68:a8:54:1e:4c:7f:06:52:c0:9f:f8:ab:94:
                    8e:fc:85:12:45:1a:12:60:7c:09:ca:94:72:d7:fc:
                    1f:ba:3e:dd:d8:03:df:e7:dc:f4:9b:eb:bb:13:13:
                    bc:83:0a:8a:04:78:03:e4:7c:d9:90:f4:af:3f:0f:
                    0c:4b:fd:b7:73:44:24:d0:3d:4b:ba:9a:6f:21:33:
                    55:8b:cb:d9:6d:a9:c3:55:6a:ee:f3:09:c7:0f:cd:
                    64:fa:88:a1:dc:9f:c7:67:9b:14:63:44:9d:39:bc:
                    bd:86:e1:70:b9:0e:3f:66:0a:b4:00:3b:85:ef:fa:
                    d5:81:26:a5:4b:d5:a3:7f:6a:87:af:2e:b9:50:fd:
                    98:fe:41:36:89:3c:4f:24:72:54:94:09:9e:f3:50:
                    4a:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:C0:B5:90:A4:2E:E9:F9:20:B7:3E:74:B5:E7:C9:35:0C:64:73:1B
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/af4a047e-8237-4074-b157-2c4dcdcaf3bf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:5e:d6:18:86:10:11:3a:84:24:75:01:ee:4d:e5:af:73:2c:
         4f:98:71:69:be:aa:7a:ca:70:03:27:8a:f4:20:d5:23:f4:0e:
         a9:e4:9a:3d:72:7d:c5:f5:97:c5:ec:e1:5b:33:55:8f:b0:eb:
         b3:de:5e:bb:e9:7d:d7:f1:20:78:c6:9c:a8:18:d4:f7:f8:9f:
         58:1c:4c:fd:11:c8:ca:87:3e:e9:96:64:2c:62:e1:1f:4b:65:
         c1:40:f9:ac:fd:e6:aa:a4:ee:20:78:9e:fb:e8:7d:d5:9b:83:
         c5:09:29:52:98:94:af:97:40:a9:9d:4b:cb:fc:fe:75:5f:80:
         8b:68:b8:37:61:dc:99:f4:a5:40:b0:5a:25:55:a7:33:33:80:
         08:88:2b:e4:3d:bc:be:a1:d7:6d:f6:bf:2d:1d:95:41:55:65:
         37:74:71:ab:07:85:64:87:5e:7d:a9:cd:7c:97:64:6c:97:ce:
         df:24:bd:ec:5d:ca:49:89:b4:ad:87:ce:3d:10:14:44:ff:da:
         0d:88:32:4f:0a:92:e6:29:62:bf:f2:d5:00:81:c1:3c:be:ee:
         aa:91:41:bb:44:6c:ee:05:d5:68:3d:14:af:d2:88:b1:5e:5d:
         14:ab:1e:87:f3:c5:06:64:db:43:9c:71:94:da:a9:3a:25:40:
         76:18:4d:48
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUNwm1dIlRN2a03jSx5445+LMXlEswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzA3MDAwMDAwWhcNMjMwMzEwMjM1OTU5
WjCBpTFJMEcGA1UEBRNANGQ0MzgxYzMxMjAyYWFkMzYzM2ExZDEwNWE0OWYyNDhj
Mzc5NDU4ZWI5MmRhZDdhODY5ODUyYmY4ODdjZGQxMDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANgjnjYmBHUD8gebWEIMpQgdX4UZmvtpm2+/Xy522R1MHNnDQ2Go
goaBYQ6AaqnI7K82bMhMIEKo5ExAKBt1RL1LehlnojGgStE3tyvLUa3cnOhBIl1F
EcfKlzhjFfJT2yn+zSRuVLtUNipoqFQeTH8GUsCf+KuUjvyFEkUaEmB8CcqUctf8
H7o+3dgD3+fc9JvruxMTvIMKigR4A+R82ZD0rz8PDEv9t3NEJNA9S7qabyEzVYvL
2W2pw1Vq7vMJxw/NZPqIodyfx2ebFGNEnTm8vYbhcLkOP2YKtAA7he/61YEmpUvV
o39qh68uuVD9mP5BNok8TyRyVJQJnvNQSqECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTqwLWQpC7p+SC3PnS158k1DGRzGzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYWY0YTA0N2UtODIzNy00MDc0LWIxNTctMmM0ZGNkY2FmM2JmLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFNe1hiGEBE6hCR1
Ae5N5a9zLE+YcWm+qnrKcAMnivQg1SP0Dqnkmj1yfcX1l8Xs4VszVY+w67PeXrvp
fdfxIHjGnKgY1Pf4n1gcTP0RyMqHPumWZCxi4R9LZcFA+az95qqk7iB4nvvofdWb
g8UJKVKYlK+XQKmdS8v8/nVfgItouDdh3Jn0pUCwWiVVpzMzgAiIK+Q9vL6h1232
vy0dlUFVZTd0casHhWSHXn2pzXyXZGyXzt8kvexdykmJtK2Hzj0QFET/2g2IMk8K
kuYpYr/y1QCBwTy+7qqRQbtEbO4F1Wg9FK/SiLFeXRSrHofzxQZk20OccZTaqTol
QHYYTUg=
-----END CERTIFICATE-----