Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b70f1540-8df6-43be-a21e-5a244ab939bd.roa
File:                     b70f1540-8df6-43be-a21e-5a244ab939bd.roa (raw, json)
Hash identifier:          /F4EiQGCek2ZbM6Gzkt1zVYQNM28dz3FWVeqRrBc2vA=
Subject key identifier:   F0:86:1B:C8:E5:90:4C:E8:D0:39:C6:25:4B:75:2E:A6:82:12:1B:A8
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       6931E96516830EAE3FB3D9A5FFFE039E2F7FE898
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b70f1540-8df6-43be-a21e-5a244ab939bd.roa
Signing time:             Sun 26 Feb 2023 00:00:00 +0000
ROA not before:           Sun 26 Feb 2023 00:00:00 +0000
ROA not after:            Wed 01 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:31:e9:65:16:83:0e:ae:3f:b3:d9:a5:ff:fe:03:9e:2f:7f:e8:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 26 00:00:00 2023 GMT
            Not After : Mar  1 23:59:59 2023 GMT
        Subject: serialNumber=c4d4b2dc885e7080e92d0acaeca9ec21fbce87913cd9a11268d270ca0ceab646, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:18:9d:e1:fc:f3:75:b9:47:c6:d6:9a:18:82:
                    a9:1b:bc:3a:b0:9a:fa:0c:ff:b0:9d:00:e6:1a:00:
                    ac:c1:c2:49:ce:46:ba:ef:dc:49:1e:03:73:58:6d:
                    11:32:9a:78:61:43:fe:2a:5b:f4:5e:93:9a:25:a4:
                    d1:9c:ae:cf:dc:27:cb:14:46:99:78:cd:91:fc:a4:
                    ee:26:3d:67:14:fb:47:c5:0b:b3:d7:cd:60:95:fc:
                    1b:58:c4:39:61:86:87:60:0d:de:c3:67:9b:17:db:
                    15:18:85:c4:49:de:27:a0:f8:fc:ac:1f:a4:5e:5b:
                    d8:16:e2:8a:fb:8b:7b:3d:a2:6b:b1:32:2a:3f:26:
                    cb:e4:03:d2:86:b2:a0:b4:03:4d:10:ca:67:31:32:
                    1f:ee:f9:79:83:07:e4:6e:5e:17:bb:62:65:a0:a6:
                    73:32:a7:c3:05:37:60:55:c3:43:b1:32:cf:bc:d8:
                    16:5e:a9:bf:db:d0:b7:d5:11:e4:34:3d:c8:d2:32:
                    ba:31:dd:fc:24:89:0d:33:b4:89:52:2f:19:44:1c:
                    a6:b5:64:df:7b:e3:ae:76:84:16:c2:a3:13:6b:8d:
                    c0:12:8e:21:ad:ab:e5:fb:ee:e8:f7:a2:4c:2f:2d:
                    6a:ec:73:ff:d4:63:cb:08:31:82:86:06:52:10:47:
                    26:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:86:1B:C8:E5:90:4C:E8:D0:39:C6:25:4B:75:2E:A6:82:12:1B:A8
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b70f1540-8df6-43be-a21e-5a244ab939bd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:00:e2:c9:aa:cf:a5:60:42:50:68:2a:2b:6e:19:2a:8f:a8:
         8c:34:28:00:71:44:c7:19:22:e1:42:5f:8a:58:53:da:46:e0:
         d5:d1:9e:43:b1:65:98:e4:f3:f7:9e:2b:09:a0:94:e0:b2:39:
         8a:cf:74:4a:50:4a:5b:42:97:b4:45:f4:c8:65:8c:5e:74:a2:
         0f:96:8e:d8:bf:0b:01:bd:c0:5b:65:a3:15:a1:5c:d1:98:87:
         ca:8f:6b:e6:16:f7:e8:e3:1a:1b:33:e8:f7:04:da:aa:79:7c:
         7a:db:67:14:5c:ef:b4:4c:7f:63:40:49:ef:c8:18:2c:d3:6b:
         cc:cb:af:f7:1b:79:20:5e:a6:d6:5e:74:53:2c:86:2b:2d:8a:
         28:89:5b:c3:18:9e:21:9f:15:d1:d5:36:3f:0a:7b:8a:45:14:
         25:51:05:7a:54:c3:43:ba:9b:c8:54:e7:62:8d:0c:36:2c:4f:
         b8:d2:ed:3b:79:8a:14:0e:8d:bb:21:d4:db:c6:ce:3e:81:82:
         cd:2b:78:9a:81:96:c0:b0:62:3b:29:61:28:f6:dc:0a:0c:b6:
         af:d1:f0:d5:e1:f5:49:f8:3b:ca:bb:60:50:75:81:d3:fc:d6:
         7d:13:78:ae:4f:b2:b6:42:21:6a:72:8b:cb:15:c8:07:54:db:
         b2:f0:c0:de
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUaTHpZRaDDq4/s9ml//4Dni9/6JgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjI2MDAwMDAwWhcNMjMwMzAxMjM1OTU5
WjCBpTFJMEcGA1UEBRNAYzRkNGIyZGM4ODVlNzA4MGU5MmQwYWNhZWNhOWVjMjFm
YmNlODc5MTNjZDlhMTEyNjhkMjcwY2EwY2VhYjY0NjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAK0YneH883W5R8bWmhiCqRu8OrCa+gz/sJ0A5hoArMHCSc5Guu/c
SR4Dc1htETKaeGFD/ipb9F6TmiWk0Zyuz9wnyxRGmXjNkfyk7iY9ZxT7R8ULs9fN
YJX8G1jEOWGGh2AN3sNnmxfbFRiFxEneJ6D4/KwfpF5b2BbiivuLez2ia7EyKj8m
y+QD0oayoLQDTRDKZzEyH+75eYMH5G5eF7tiZaCmczKnwwU3YFXDQ7Eyz7zYFl6p
v9vQt9UR5DQ9yNIyujHd/CSJDTO0iVIvGUQcprVk33vjrnaEFsKjE2uNwBKOIa2r
5fvu6PeiTC8tauxz/9RjywgxgoYGUhBHJm0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTwhhvI5ZBM6NA5xiVLdS6mghIbqDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYjcwZjE1NDAtOGRmNi00M2JlLWEyMWUtNWEyNDRhYjkzOWJkLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAG0A4smqz6VgQlBo
KituGSqPqIw0KABxRMcZIuFCX4pYU9pG4NXRnkOxZZjk8/eeKwmglOCyOYrPdEpQ
SltCl7RF9MhljF50og+Wjti/CwG9wFtloxWhXNGYh8qPa+YW9+jjGhsz6PcE2qp5
fHrbZxRc77RMf2NASe/IGCzTa8zLr/cbeSBeptZedFMshistiiiJW8MYniGfFdHV
Nj8Ke4pFFCVRBXpUw0O6m8hU52KNDDYsT7jS7Tt5ihQOjbsh1NvGzj6Bgs0reJqB
lsCwYjspYSj23AoMtq/R8NXh9Un4O8q7YFB1gdP81n0TeK5PsrZCIWpyi8sVyAdU
27LwwN4=
-----END CERTIFICATE-----