Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b035351b-f3c5-4de6-a2de-3880da87fb6b.roa
File:                     b035351b-f3c5-4de6-a2de-3880da87fb6b.roa (raw, json)
Hash identifier:          gCg9CNFvSL5dTOTJyLF4yHtSCwp/J4BL+IahzIZGrgA=
Subject key identifier:   0E:F1:91:1C:83:7B:30:8C:0F:66:9D:07:55:0D:0C:16:DA:E1:59:9E
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       148E362D59FE75BBA1C9212764B77E4F0D7FFB45
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b035351b-f3c5-4de6-a2de-3880da87fb6b.roa
Signing time:             Mon 13 Mar 2023 00:00:00 +0000
ROA not before:           Mon 13 Mar 2023 00:00:00 +0000
ROA not after:            Thu 16 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:8e:36:2d:59:fe:75:bb:a1:c9:21:27:64:b7:7e:4f:0d:7f:fb:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 13 00:00:00 2023 GMT
            Not After : Mar 16 23:59:59 2023 GMT
        Subject: serialNumber=ed1bea0b76b8040e99d66bebd07bd3ef3937db3580c1fd78dbc4f23090628602, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:6c:31:50:08:8a:ef:ea:e5:e5:98:35:47:9c:
                    67:4e:2c:38:1a:72:f7:15:10:ff:94:c9:bf:76:a6:
                    fe:b3:f2:59:0f:1b:64:a6:6e:f4:aa:32:5e:0e:82:
                    2a:dd:26:89:5a:c2:72:ee:06:fd:3d:47:98:ed:6f:
                    ce:9d:e0:a5:5e:36:df:11:f3:ab:a8:0a:ac:ad:8d:
                    0a:b7:97:26:e9:86:d5:60:e8:af:c1:3a:e0:5e:c7:
                    b0:76:8a:81:ad:d9:4c:35:42:0d:82:bb:dc:3a:d4:
                    64:f9:34:b4:4a:0e:ac:c5:c6:f0:a2:58:39:dc:2f:
                    7c:e9:35:4e:2b:d3:23:d8:77:b8:4b:85:30:8f:6e:
                    27:1b:23:ea:48:77:62:74:f5:65:0b:85:4c:28:c5:
                    a8:2c:6d:d2:1e:66:12:41:b9:b2:51:41:2b:cc:c2:
                    7a:e1:f4:45:20:d8:ec:7a:6a:92:02:d5:34:00:c8:
                    93:1d:25:b5:f2:19:e8:ec:05:00:77:ee:bf:4c:1f:
                    92:fc:84:17:ef:47:89:21:09:64:c2:8e:65:39:b5:
                    60:b8:b6:02:8d:d9:12:bf:88:f0:3e:fc:46:4d:48:
                    8a:b2:ed:1f:11:94:30:c2:fe:b1:e3:86:af:81:fb:
                    44:86:b7:43:6a:8b:c2:e5:6c:6d:78:c7:b2:5f:27:
                    a6:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:F1:91:1C:83:7B:30:8C:0F:66:9D:07:55:0D:0C:16:DA:E1:59:9E
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b035351b-f3c5-4de6-a2de-3880da87fb6b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:d2:bf:fb:35:44:e4:ca:cc:76:31:33:0f:74:c9:ae:6c:50:
         c6:f0:9c:cd:ae:c5:47:77:ab:ca:3a:48:b1:ea:b2:74:e0:d4:
         cb:9f:8f:69:7d:cb:37:bb:f7:af:51:fc:85:34:28:f2:8e:74:
         ed:b8:8b:6d:d2:73:90:61:d9:34:5b:14:62:aa:1e:40:06:34:
         ff:e9:d1:d5:af:01:75:0a:ec:53:31:4d:8b:1f:f1:31:be:93:
         0d:f0:61:dd:06:9f:1f:7f:92:0c:53:c5:19:2a:f5:e0:4a:09:
         fe:e3:6c:9a:b2:4f:5a:c0:a1:c9:e3:3e:75:4e:7f:40:9b:b8:
         32:75:6b:1f:09:c8:be:9b:cf:74:9b:97:7c:fb:d7:18:e8:68:
         2e:8d:c7:ba:e9:94:57:b3:e0:7c:f5:4c:e7:10:15:5d:b8:d8:
         f2:80:c1:14:25:33:9c:64:44:d4:6e:cf:4f:38:a1:68:a0:74:
         52:b0:50:e7:11:7b:6c:8b:52:ec:85:08:7c:f5:2e:05:bc:a3:
         b7:e0:82:b4:e9:4c:84:4c:ac:bb:ab:aa:5c:fe:eb:c2:d1:c2:
         e4:9a:f6:4e:91:34:a6:dc:1c:7b:71:00:35:df:45:fc:80:af:
         f6:80:e1:d7:b3:1b:e2:0e:e5:73:b5:78:5b:e2:0b:96:83:88:
         71:9e:76:a9
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUFI42LVn+dbuhySEnZLd+Tw1/+0UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzEzMDAwMDAwWhcNMjMwMzE2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZWQxYmVhMGI3NmI4MDQwZTk5ZDY2YmViZDA3YmQzZWYz
OTM3ZGIzNTgwYzFmZDc4ZGJjNGYyMzA5MDYyODYwMjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJRsMVAIiu/q5eWYNUecZ04sOBpy9xUQ/5TJv3am/rPyWQ8bZKZu
9KoyXg6CKt0miVrCcu4G/T1HmO1vzp3gpV423xHzq6gKrK2NCreXJumG1WDor8E6
4F7HsHaKga3ZTDVCDYK73DrUZPk0tEoOrMXG8KJYOdwvfOk1TivTI9h3uEuFMI9u
Jxsj6kh3YnT1ZQuFTCjFqCxt0h5mEkG5slFBK8zCeuH0RSDY7HpqkgLVNADIkx0l
tfIZ6OwFAHfuv0wfkvyEF+9HiSEJZMKOZTm1YLi2Ao3ZEr+I8D78Rk1IirLtHxGU
MML+seOGr4H7RIa3Q2qLwuVsbXjHsl8npi0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQO8ZEcg3swjA9mnQdVDQwW2uFZnjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYjAzNTM1MWItZjNjNS00ZGU2LWEyZGUtMzg4MGRhODdmYjZiLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAELSv/s1ROTKzHYx
Mw90ya5sUMbwnM2uxUd3q8o6SLHqsnTg1Mufj2l9yze7969R/IU0KPKOdO24i23S
c5Bh2TRbFGKqHkAGNP/p0dWvAXUK7FMxTYsf8TG+kw3wYd0Gnx9/kgxTxRkq9eBK
Cf7jbJqyT1rAocnjPnVOf0CbuDJ1ax8JyL6bz3Sbl3z71xjoaC6Nx7rplFez4Hz1
TOcQFV242PKAwRQlM5xkRNRuz084oWigdFKwUOcRe2yLUuyFCHz1LgW8o7fggrTp
TIRMrLurqlz+68LRwuSa9k6RNKbcHHtxADXfRfyAr/aA4dezG+IO5XO1eFviC5aD
iHGedqk=
-----END CERTIFICATE-----