Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b88f6705-be9c-4e09-bfe2-caec9e71dbb2.roa
File:                     b88f6705-be9c-4e09-bfe2-caec9e71dbb2.roa (raw, json)
Hash identifier:          lW3OGlF+lKujPnWkhzjomogM//EAGAajWOTJKUzzLMk=
Subject key identifier:   74:2F:CA:DD:7B:D2:3F:BD:12:A3:4C:0A:30:70:B9:8C:52:F0:EE:D3
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       478FA47BCC089685571AA8963733F0359FF78BAF
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b88f6705-be9c-4e09-bfe2-caec9e71dbb2.roa
Signing time:             Tue 11 Apr 2023 00:00:00 +0000
ROA not before:           Tue 11 Apr 2023 00:00:00 +0000
ROA not after:            Fri 14 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:8f:a4:7b:cc:08:96:85:57:1a:a8:96:37:33:f0:35:9f:f7:8b:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 11 00:00:00 2023 GMT
            Not After : Apr 14 23:59:59 2023 GMT
        Subject: serialNumber=4d1b9df4e83b3b92cc2e31a2fb5e8fa13c0ffd5090151dfb15e1c7987d8c2b31, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:d6:da:64:90:cc:47:af:9d:97:0a:76:91:ad:
                    90:c0:60:1b:16:b5:af:69:30:8b:be:95:1f:9e:14:
                    99:4b:6a:f5:a5:f9:ca:2b:a1:cd:c5:03:ac:a1:2e:
                    78:4e:86:9a:12:a4:b8:30:60:fc:5f:73:29:0a:0b:
                    94:20:30:81:3d:f4:04:85:d3:ad:9c:e0:13:33:36:
                    b1:a2:32:1e:ed:4d:30:98:b5:89:22:1e:b7:08:3a:
                    0f:3f:5e:da:c1:92:3c:8b:4e:7d:26:22:b0:b4:df:
                    31:01:03:cf:0b:26:e9:12:e6:2b:1a:3d:41:de:ed:
                    9e:17:54:89:3d:4a:1d:e1:de:90:9e:96:ea:9f:03:
                    9e:22:1d:10:67:10:79:bf:61:61:c0:51:77:ad:86:
                    53:3c:57:85:9b:3a:e5:3d:2e:a6:9d:18:62:5f:a5:
                    af:a6:1b:f5:06:e4:d3:8f:d8:5c:aa:8a:69:95:5a:
                    2e:bf:38:b2:13:b0:db:d8:4e:06:90:b2:c4:dc:e6:
                    b1:37:09:8b:b7:a6:e6:66:76:28:da:78:56:2c:f7:
                    d3:f2:b5:a7:49:9b:6d:88:43:e5:26:8f:60:ef:b5:
                    54:3a:88:fa:42:0b:9f:48:84:dd:b7:5c:6b:c2:ab:
                    e6:da:b0:f7:02:84:ab:7d:cb:27:bc:ae:38:77:af:
                    ed:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:2F:CA:DD:7B:D2:3F:BD:12:A3:4C:0A:30:70:B9:8C:52:F0:EE:D3
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b88f6705-be9c-4e09-bfe2-caec9e71dbb2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:e4:30:e5:04:b9:fe:0f:ec:d4:c9:0c:14:9f:e3:e1:05:f3:
         56:73:eb:aa:b2:e0:5b:da:2f:61:1e:57:33:26:28:7c:95:87:
         8a:1f:02:0a:ad:f1:8a:35:e9:7e:4d:7e:fe:dc:4d:ca:1a:71:
         3e:9e:e4:1f:89:c4:f9:a5:27:f8:aa:35:65:73:d5:bf:41:4a:
         af:74:af:38:d8:38:c9:05:94:03:06:88:d4:07:04:f9:db:1b:
         8e:9e:ff:19:ee:72:97:85:c0:18:7a:b0:1d:e8:93:26:c9:73:
         8f:b8:83:69:72:f5:dd:38:86:3e:2d:36:e3:ac:6d:52:29:99:
         94:cb:d7:39:a7:8c:27:1f:1e:44:cb:e8:8d:1d:4e:68:18:0a:
         63:3d:32:41:66:c1:d2:90:4b:3b:0b:8b:eb:55:33:a4:28:49:
         65:b4:2f:8c:f7:b6:81:85:45:fc:13:39:0d:d3:0f:b4:9e:c9:
         b6:e8:a0:dc:12:81:8a:fa:98:21:4a:84:4a:8b:0c:a7:98:bd:
         0f:52:e6:9a:c0:83:9c:73:44:8f:ca:c0:b9:12:71:5c:bb:23:
         38:21:0f:b2:0c:4b:8f:36:24:b5:d8:e8:46:2f:ee:91:18:c7:
         31:ba:5e:f9:68:2d:56:6f:fc:a4:68:9a:7c:d7:cd:f9:3d:ff:
         e4:79:a4:60
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUR4+ke8wIloVXGqiWNzPwNZ/3i68wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDExMDAwMDAwWhcNMjMwNDE0MjM1OTU5
WjCBpTFJMEcGA1UEBRNANGQxYjlkZjRlODNiM2I5MmNjMmUzMWEyZmI1ZThmYTEz
YzBmZmQ1MDkwMTUxZGZiMTVlMWM3OTg3ZDhjMmIzMTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMvW2mSQzEevnZcKdpGtkMBgGxa1r2kwi76VH54UmUtq9aX5yiuh
zcUDrKEueE6GmhKkuDBg/F9zKQoLlCAwgT30BIXTrZzgEzM2saIyHu1NMJi1iSIe
twg6Dz9e2sGSPItOfSYisLTfMQEDzwsm6RLmKxo9Qd7tnhdUiT1KHeHekJ6W6p8D
niIdEGcQeb9hYcBRd62GUzxXhZs65T0upp0YYl+lr6Yb9Qbk04/YXKqKaZVaLr84
shOw29hOBpCyxNzmsTcJi7em5mZ2KNp4Viz30/K1p0mbbYhD5SaPYO+1VDqI+kIL
n0iE3bdca8Kr5tqw9wKEq33LJ7yuOHev7fsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBR0L8rde9I/vRKjTAowcLmMUvDu0zAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYjg4ZjY3MDUtYmU5Yy00ZTA5LWJmZTItY2FlYzllNzFkYmIyLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAD7kMOUEuf4P7NTJ
DBSf4+EF81Zz66qy4FvaL2EeVzMmKHyVh4ofAgqt8Yo16X5Nfv7cTcoacT6e5B+J
xPmlJ/iqNWVz1b9BSq90rzjYOMkFlAMGiNQHBPnbG46e/xnucpeFwBh6sB3okybJ
c4+4g2ly9d04hj4tNuOsbVIpmZTL1zmnjCcfHkTL6I0dTmgYCmM9MkFmwdKQSzsL
i+tVM6QoSWW0L4z3toGFRfwTOQ3TD7SeybbooNwSgYr6mCFKhEqLDKeYvQ9S5prA
g5xzRI/KwLkScVy7IzghD7IMS482JLXY6EYv7pEYxzG6XvloLVZv/KRomnzXzfk9
/+R5pGA=
-----END CERTIFICATE-----