Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b2a4f85d-5256-4490-bcad-09f573a61cc2.roa
File:                     b2a4f85d-5256-4490-bcad-09f573a61cc2.roa (raw, json)
Hash identifier:          ocDvdLAqz5/iN7ke8BCgcs/+5r3oEaT8z1aOwZww5kQ=
Subject key identifier:   F0:5F:D3:88:38:F7:13:EC:39:F5:0E:3B:4A:1F:5E:EE:65:A1:06:D8
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       439917F36ED7254E8D766EDB8B9085973CE66191
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b2a4f85d-5256-4490-bcad-09f573a61cc2.roa
Signing time:             Sat 11 Feb 2023 00:00:00 +0000
ROA not before:           Sat 11 Feb 2023 00:00:00 +0000
ROA not after:            Tue 14 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:99:17:f3:6e:d7:25:4e:8d:76:6e:db:8b:90:85:97:3c:e6:61:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 11 00:00:00 2023 GMT
            Not After : Feb 14 23:59:59 2023 GMT
        Subject: serialNumber=049ebc402c88e83c996a856225762fd84dace28cd8bc65e7432d4b88bb9149a8, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:65:c0:a1:00:ef:e5:82:35:7a:42:98:49:89:
                    9d:7d:cd:2a:f2:25:c5:a5:26:c4:d1:87:1c:af:fe:
                    b3:85:88:ae:a9:1d:de:66:28:b5:de:63:8e:c8:42:
                    3a:f3:a2:dd:ec:35:62:b7:39:4f:91:ca:ee:cd:45:
                    11:1a:eb:47:e5:ab:91:78:3d:40:61:b3:e2:2c:0b:
                    a0:56:02:b4:ac:2a:63:8f:b0:2e:17:ec:5e:7a:49:
                    8d:5f:34:11:f1:aa:6a:a6:a8:0c:2f:dc:e0:4c:ce:
                    d2:4a:1c:08:39:da:80:27:0a:63:98:76:8e:cb:fa:
                    c3:98:b2:22:b9:d6:9e:fa:c1:43:b2:73:f3:c3:fc:
                    5c:ad:f3:f3:55:c6:9e:cb:44:4e:a1:3b:17:33:5f:
                    7b:16:4b:39:ca:28:ee:fd:72:fe:6f:c4:1e:b9:a0:
                    f0:14:42:b7:90:d3:53:33:85:6c:9b:d1:25:5f:46:
                    b5:0a:25:d4:be:21:5c:ba:3c:8e:ff:9b:10:33:f2:
                    ad:58:0f:37:56:36:9a:f4:80:5b:57:3f:a4:8c:1f:
                    6f:eb:79:60:55:6d:29:ff:a1:c1:36:3e:eb:b4:ec:
                    5d:cf:18:0e:24:b9:c3:9d:6d:9d:d3:db:54:67:d2:
                    87:6a:40:4d:7b:1a:76:36:0e:35:33:cb:d5:54:85:
                    8c:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:5F:D3:88:38:F7:13:EC:39:F5:0E:3B:4A:1F:5E:EE:65:A1:06:D8
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b2a4f85d-5256-4490-bcad-09f573a61cc2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:67:43:23:61:57:1f:d1:31:ed:31:cf:bc:ef:1c:00:77:ab:
         b2:b8:b2:4e:26:86:fb:f9:ef:9f:f4:66:1d:61:28:bd:83:23:
         a7:9c:69:19:a3:01:04:24:ca:59:b3:92:87:c7:d5:26:4b:d3:
         20:ce:0d:26:be:ea:44:fe:31:c8:a7:24:d2:02:42:97:33:35:
         dc:d0:3c:2f:41:6a:52:a7:db:35:ef:84:f6:8e:59:52:36:a0:
         68:95:da:2e:dc:a1:13:67:67:3b:b1:4a:21:3d:6f:f5:0a:67:
         f4:e2:1c:90:7d:4a:7c:ed:0b:af:fd:ef:55:85:d7:c7:2c:16:
         e4:31:47:52:52:bc:89:42:d7:61:43:9f:f6:63:7e:6b:cb:8f:
         92:83:f0:77:8f:68:bc:81:2c:d3:dd:1e:9d:f7:11:7a:3a:35:
         ff:28:7d:45:71:32:ae:df:84:cb:3f:6a:9f:b4:66:73:36:4c:
         52:5a:64:1e:be:1b:7b:8d:63:2b:b4:9b:8c:eb:c9:9c:49:62:
         f6:74:91:ec:7d:47:87:72:cc:f5:cc:23:09:be:b6:d1:cb:ea:
         ef:99:76:61:94:1a:63:74:85:21:ed:e5:f4:ae:4e:8d:24:8b:
         69:b1:88:2d:f7:eb:14:0a:fa:1b:d8:fa:80:10:5d:97:31:18:
         0e:f5:a8:59
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUQ5kX827XJU6Ndm7bi5CFlzzmYZEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjExMDAwMDAwWhcNMjMwMjE0MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMDQ5ZWJjNDAyYzg4ZTgzYzk5NmE4NTYyMjU3NjJmZDg0
ZGFjZTI4Y2Q4YmM2NWU3NDMyZDRiODhiYjkxNDlhODEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKFlwKEA7+WCNXpCmEmJnX3NKvIlxaUmxNGHHK/+s4WIrqkd3mYo
td5jjshCOvOi3ew1Yrc5T5HK7s1FERrrR+WrkXg9QGGz4iwLoFYCtKwqY4+wLhfs
XnpJjV80EfGqaqaoDC/c4EzO0kocCDnagCcKY5h2jsv6w5iyIrnWnvrBQ7Jz88P8
XK3z81XGnstETqE7FzNfexZLOcoo7v1y/m/EHrmg8BRCt5DTUzOFbJvRJV9GtQol
1L4hXLo8jv+bEDPyrVgPN1Y2mvSAW1c/pIwfb+t5YFVtKf+hwTY+67TsXc8YDiS5
w51tndPbVGfSh2pATXsadjYONTPL1VSFjE0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTwX9OIOPcT7Dn1DjtKH17uZaEG2DAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYjJhNGY4NWQtNTI1Ni00NDkwLWJjYWQtMDlmNTczYTYxY2MyLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGBnQyNhVx/RMe0x
z7zvHAB3q7K4sk4mhvv575/0Zh1hKL2DI6ecaRmjAQQkylmzkofH1SZL0yDODSa+
6kT+McinJNICQpczNdzQPC9BalKn2zXvhPaOWVI2oGiV2i7coRNnZzuxSiE9b/UK
Z/TiHJB9SnztC6/971WF18csFuQxR1JSvIlC12FDn/ZjfmvLj5KD8HePaLyBLNPd
Hp33EXo6Nf8ofUVxMq7fhMs/ap+0ZnM2TFJaZB6+G3uNYyu0m4zryZxJYvZ0kex9
R4dyzPXMIwm+ttHL6u+ZdmGUGmN0hSHt5fSuTo0ki2mxiC336xQK+hvY+oAQXZcx
GA71qFk=
-----END CERTIFICATE-----