Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b37bf0ec-c608-4340-9e35-70ac076b3fb7.roa
File:                     b37bf0ec-c608-4340-9e35-70ac076b3fb7.roa (raw, json)
Hash identifier:          4nFGt7YqySAdl1f3SlXufI9tg+8u2tOjfvUsi9aSxxg=
Subject key identifier:   94:06:DD:70:D8:0B:10:5A:A7:23:88:A8:F4:9D:B0:0B:57:43:4E:DF
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       09B0A04A34D4F7EF17A8AADA1742F2F67422A97B
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b37bf0ec-c608-4340-9e35-70ac076b3fb7.roa
Signing time:             Mon 13 Mar 2023 00:00:00 +0000
ROA not before:           Mon 13 Mar 2023 00:00:00 +0000
ROA not after:            Thu 16 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:b0:a0:4a:34:d4:f7:ef:17:a8:aa:da:17:42:f2:f6:74:22:a9:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 13 00:00:00 2023 GMT
            Not After : Mar 16 23:59:59 2023 GMT
        Subject: serialNumber=1bd2c8cbf2f2e8d29cfb24a760169053e3afc3e2c543ba681e6d574803f820af, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:bb:e0:15:34:3c:65:33:9c:76:6a:b1:8d:99:
                    7a:bd:4b:75:9d:e9:60:47:98:13:d6:21:75:53:c6:
                    86:6e:e5:aa:91:4e:d5:f4:2e:40:79:63:c5:0d:a2:
                    c7:d2:ab:29:06:53:41:4a:cf:ee:59:d0:e9:d2:42:
                    af:b5:41:20:9d:79:a8:76:e6:2e:7d:62:54:0f:f2:
                    69:00:51:ab:1b:92:00:54:12:0b:3b:78:79:47:29:
                    43:58:5a:22:85:24:f4:0b:98:57:d1:ba:9c:65:38:
                    88:98:b3:4a:9c:5f:8c:38:b7:c4:8c:e7:4d:8e:19:
                    45:c2:14:8a:61:18:d2:76:00:f8:d0:95:e9:9d:60:
                    7b:69:0f:46:6f:75:24:5d:b4:46:e9:c3:bf:d3:ca:
                    e4:19:a7:f2:c9:aa:da:9f:84:9b:92:53:f8:34:78:
                    3d:48:b3:a6:bb:c7:58:bf:bb:06:8d:89:1d:b0:bf:
                    6a:5c:6a:be:16:7b:c7:e8:25:bf:14:62:46:b0:2e:
                    ae:ba:b9:14:48:ae:2f:d3:ec:2a:36:8d:ea:eb:c0:
                    0f:91:f7:6e:a0:97:40:f7:ff:c7:cc:a4:80:d1:68:
                    a2:2e:cb:df:5f:a9:85:3a:f5:6d:c6:b4:7c:52:f6:
                    a3:35:97:2a:a6:c3:9d:4d:ab:f8:5e:dc:6d:e6:fc:
                    17:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:06:DD:70:D8:0B:10:5A:A7:23:88:A8:F4:9D:B0:0B:57:43:4E:DF
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b37bf0ec-c608-4340-9e35-70ac076b3fb7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:a0:2f:97:a6:f1:9d:8d:3e:b9:77:e3:86:9b:31:a1:38:7e:
         e0:dd:b1:b9:fa:6a:f4:1b:ba:53:65:69:89:33:dd:eb:15:f1:
         79:ad:d7:f5:55:46:71:da:4c:ea:32:d3:7c:a3:f3:6b:86:9f:
         4b:17:5c:4d:60:33:64:72:c8:4e:a9:16:27:d3:67:ea:dc:6b:
         d4:1e:b6:03:d5:c4:06:19:71:ea:a8:ab:7f:1b:7b:04:8e:11:
         42:ca:73:50:2b:37:c3:c4:5e:a8:da:dd:02:25:98:38:fe:d9:
         79:d3:2a:a0:a3:a5:3b:15:75:1d:75:14:bf:f5:cf:41:60:9b:
         e2:b0:97:1e:f3:f5:f5:11:99:be:79:f8:30:27:b8:0c:fb:02:
         6e:ff:59:6b:3f:18:9a:b6:68:b2:1a:2c:2d:59:2b:c7:65:4d:
         f7:3f:8c:91:6f:79:8b:73:de:79:33:da:ec:87:5d:78:92:88:
         c8:62:2d:b9:f7:29:1b:25:8e:58:62:4c:db:00:80:c3:7c:bf:
         02:72:cb:0b:22:7c:ae:fb:a8:a1:64:44:6e:2a:8b:cf:f8:dc:
         38:fe:ee:0e:c7:8f:ef:75:9a:22:e8:53:28:e3:0f:4d:db:3e:
         a2:3c:e2:d1:d5:04:ad:e9:1f:c0:fa:09:71:a9:3b:ad:e4:79:
         8c:e5:a0:02
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUCbCgSjTU9+8XqKraF0Ly9nQiqXswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzEzMDAwMDAwWhcNMjMwMzE2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMWJkMmM4Y2JmMmYyZThkMjljZmIyNGE3NjAxNjkwNTNl
M2FmYzNlMmM1NDNiYTY4MWU2ZDU3NDgwM2Y4MjBhZjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKW74BU0PGUznHZqsY2Zer1LdZ3pYEeYE9YhdVPGhm7lqpFO1fQu
QHljxQ2ix9KrKQZTQUrP7lnQ6dJCr7VBIJ15qHbmLn1iVA/yaQBRqxuSAFQSCzt4
eUcpQ1haIoUk9AuYV9G6nGU4iJizSpxfjDi3xIznTY4ZRcIUimEY0nYA+NCV6Z1g
e2kPRm91JF20RunDv9PK5Bmn8smq2p+Em5JT+DR4PUizprvHWL+7Bo2JHbC/alxq
vhZ7x+glvxRiRrAurrq5FEiuL9PsKjaN6uvAD5H3bqCXQPf/x8ykgNFooi7L31+p
hTr1bca0fFL2ozWXKqbDnU2r+F7cbeb8F4cCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSUBt1w2AsQWqcjiKj0nbALV0NO3zAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYjM3YmYwZWMtYzYwOC00MzQwLTllMzUtNzBhYzA3NmIzZmI3LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFqgL5em8Z2NPrl3
44abMaE4fuDdsbn6avQbulNlaYkz3esV8Xmt1/VVRnHaTOoy03yj82uGn0sXXE1g
M2RyyE6pFifTZ+rca9QetgPVxAYZceqoq38bewSOEULKc1ArN8PEXqja3QIlmDj+
2XnTKqCjpTsVdR11FL/1z0Fgm+Kwlx7z9fURmb55+DAnuAz7Am7/WWs/GJq2aLIa
LC1ZK8dlTfc/jJFveYtz3nkz2uyHXXiSiMhiLbn3KRsljlhiTNsAgMN8vwJyywsi
fK77qKFkRG4qi8/43Dj+7g7Hj+91miLoUyjjD03bPqI84tHVBK3pH8D6CXGpO63k
eYzloAI=
-----END CERTIFICATE-----