Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b0c88d25-33fe-41dd-a3d5-e07da66402f9.roa
File:                     b0c88d25-33fe-41dd-a3d5-e07da66402f9.roa (raw, json)
Hash identifier:          UwFCY6EjIb1T0fnvPCSAkreYDJMfAMY1HGr1EE+W1OU=
Subject key identifier:   EB:64:F5:1E:E3:59:96:B9:97:A8:02:BF:3F:CC:58:74:1B:C4:ED:3B
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       560D46DA2E726562C3CAA8B1E35A28E80158E494
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b0c88d25-33fe-41dd-a3d5-e07da66402f9.roa
Signing time:             Fri 14 Apr 2023 00:00:00 +0000
ROA not before:           Fri 14 Apr 2023 00:00:00 +0000
ROA not after:            Mon 17 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:0d:46:da:2e:72:65:62:c3:ca:a8:b1:e3:5a:28:e8:01:58:e4:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 14 00:00:00 2023 GMT
            Not After : Apr 17 23:59:59 2023 GMT
        Subject: serialNumber=d7e1a1950363d7b1e41dd4465fd96d115b0182425d76b151028bb3d50f3cd899, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:ac:bb:9c:e1:1c:8e:92:68:af:f3:c8:de:7e:
                    a6:a3:23:92:fd:fe:c5:a5:5b:ee:f4:40:df:ff:ae:
                    94:79:8e:cc:27:d6:61:ba:51:3c:6e:58:86:12:63:
                    53:15:23:51:b5:ac:24:3d:e7:68:c2:b7:91:50:95:
                    0d:d1:82:a4:eb:77:46:1d:75:69:7a:7f:64:e2:eb:
                    6c:ab:ad:61:59:76:a7:b9:9b:d1:0b:75:8f:48:8a:
                    c5:01:1d:84:b4:43:1c:85:aa:02:61:52:6b:df:3a:
                    f9:28:d8:da:7c:78:03:12:26:c2:2d:4f:0b:05:c0:
                    7f:30:e9:6c:45:95:f5:09:ab:c8:b7:c3:0b:70:e4:
                    45:f2:02:c7:6f:4e:39:6e:47:5a:a0:42:ef:db:a7:
                    0d:ee:51:b6:50:02:59:4e:e5:23:48:93:7b:68:9e:
                    a8:0a:22:bd:61:6b:7f:27:66:30:81:aa:fc:dd:76:
                    7d:f7:2a:b2:a6:5c:50:1f:1b:19:5e:26:3f:fb:82:
                    9a:82:c7:1e:c7:fe:2b:3b:02:91:a3:b9:fa:3a:b5:
                    a0:fe:03:82:e2:64:ff:4a:22:33:66:e4:e3:15:60:
                    f7:9a:74:d7:45:55:e4:b4:09:9f:92:74:c8:49:5c:
                    84:95:65:51:3f:58:91:d9:ef:51:f6:f5:c4:f4:95:
                    ed:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:64:F5:1E:E3:59:96:B9:97:A8:02:BF:3F:CC:58:74:1B:C4:ED:3B
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b0c88d25-33fe-41dd-a3d5-e07da66402f9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:48:1f:21:c4:a0:78:3e:1b:cc:2d:d4:f7:3b:44:0a:a7:c3:
         cb:5d:42:ee:d1:a5:f6:f1:93:a8:18:9d:70:8e:82:c0:28:89:
         41:00:83:48:bb:5e:84:cd:ad:65:64:67:5b:b1:97:05:11:2d:
         c1:2b:d0:46:32:f2:5b:5a:5c:86:f0:b7:cc:6f:ab:40:3a:41:
         c8:6d:58:a2:99:5b:d5:f8:61:80:d3:98:6c:69:7d:a0:17:f0:
         b0:8f:bd:bc:d9:8d:65:80:4d:3c:4a:12:5c:f6:15:72:81:6a:
         de:49:d1:8e:45:cd:f0:57:a8:75:6a:a6:3e:b0:a9:ba:70:b9:
         95:a7:79:a4:c7:71:d2:21:a1:6f:b0:32:b4:5d:74:03:d9:a4:
         ed:76:2f:a5:40:fa:b4:fd:8e:ea:e8:ff:60:98:10:14:13:da:
         02:30:8e:49:7b:f7:58:0b:a1:8e:22:14:e2:f7:93:0c:1a:f4:
         48:2a:6b:c7:9b:fe:ca:54:f1:5f:bf:0e:c4:fe:6b:fd:24:79:
         1f:de:40:13:ec:1d:a1:5e:b7:08:cc:1c:e1:27:c3:ce:82:89:
         8f:41:78:ac:90:98:bb:d0:bf:20:2b:45:98:bf:f6:07:0f:5e:
         89:bf:ba:6c:cb:62:bd:d0:7d:e1:21:11:b7:81:a7:40:2e:3c:
         f8:67:f3:43
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUVg1G2i5yZWLDyqix41oo6AFY5JQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDE0MDAwMDAwWhcNMjMwNDE3MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZDdlMWExOTUwMzYzZDdiMWU0MWRkNDQ2NWZkOTZkMTE1
YjAxODI0MjVkNzZiMTUxMDI4YmIzZDUwZjNjZDg5OTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANSsu5zhHI6SaK/zyN5+pqMjkv3+xaVb7vRA3/+ulHmOzCfWYbpR
PG5YhhJjUxUjUbWsJD3naMK3kVCVDdGCpOt3Rh11aXp/ZOLrbKutYVl2p7mb0Qt1
j0iKxQEdhLRDHIWqAmFSa986+SjY2nx4AxImwi1PCwXAfzDpbEWV9QmryLfDC3Dk
RfICx29OOW5HWqBC79unDe5RtlACWU7lI0iTe2ieqAoivWFrfydmMIGq/N12ffcq
sqZcUB8bGV4mP/uCmoLHHsf+KzsCkaO5+jq1oP4DguJk/0oiM2bk4xVg95p010VV
5LQJn5J0yElchJVlUT9YkdnvUfb1xPSV7XsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTrZPUe41mWuZeoAr8/zFh0G8TtOzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYjBjODhkMjUtMzNmZS00MWRkLWEzZDUtZTA3ZGE2NjQwMmY5LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFtIHyHEoHg+G8wt
1Pc7RAqnw8tdQu7Rpfbxk6gYnXCOgsAoiUEAg0i7XoTNrWVkZ1uxlwURLcEr0EYy
8ltaXIbwt8xvq0A6QchtWKKZW9X4YYDTmGxpfaAX8LCPvbzZjWWATTxKElz2FXKB
at5J0Y5FzfBXqHVqpj6wqbpwuZWneaTHcdIhoW+wMrRddAPZpO12L6VA+rT9juro
/2CYEBQT2gIwjkl791gLoY4iFOL3kwwa9Egqa8eb/spU8V+/DsT+a/0keR/eQBPs
HaFetwjMHOEnw86CiY9BeKyQmLvQvyArRZi/9gcPXom/umzLYr3QfeEhEbeBp0Au
PPhn80M=
-----END CERTIFICATE-----