Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b9ddaf6e-e301-4643-a7c7-f31fb91540a6.roa
File:                     b9ddaf6e-e301-4643-a7c7-f31fb91540a6.roa (raw, json)
Hash identifier:          Fi3W+U0NZdE57z1rxMGMmqC8FFkVgWm+rg/gTwpibGY=
Subject key identifier:   EF:BC:25:4F:A4:83:6E:50:B7:98:50:B1:BF:0E:B4:BD:58:7E:A5:04
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       6D1EFA4DD8ED07892FBC94801CB6DB32E93C343C
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b9ddaf6e-e301-4643-a7c7-f31fb91540a6.roa
Signing time:             Mon 13 Feb 2023 00:00:00 +0000
ROA not before:           Mon 13 Feb 2023 00:00:00 +0000
ROA not after:            Thu 16 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:1e:fa:4d:d8:ed:07:89:2f:bc:94:80:1c:b6:db:32:e9:3c:34:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 13 00:00:00 2023 GMT
            Not After : Feb 16 23:59:59 2023 GMT
        Subject: serialNumber=2e0bb9f45e8fa71ee834c5ed5258f2295ca26a3c30c1cb3eea73c85034f908d7, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:3a:59:0b:49:2c:ca:99:9a:48:ca:4f:46:f9:
                    b5:75:80:0f:42:66:6f:a8:7d:a7:54:50:20:46:00:
                    97:f0:b8:48:a7:ca:0c:c4:2f:8b:bf:32:f3:6e:5a:
                    44:10:25:07:e7:36:82:d5:ba:d3:f2:48:c5:27:b8:
                    be:1e:a4:14:ad:15:22:58:fc:16:ab:93:1e:8c:47:
                    3b:00:46:a0:1b:84:9a:39:92:f2:f4:5b:2b:dc:d6:
                    f8:91:29:70:b8:c4:2f:76:2b:bf:1b:a7:29:7e:30:
                    44:28:6e:ba:3c:b5:02:3f:96:7e:3f:07:9d:28:74:
                    f1:1e:a6:25:86:e7:c3:94:02:63:54:7e:68:46:80:
                    f8:5c:9d:46:85:ad:42:4f:ea:fe:8d:5a:b4:d8:2e:
                    52:36:c5:ad:6f:a3:ff:cd:eb:7f:0e:d4:1d:70:e9:
                    98:b2:40:2b:94:55:70:f1:10:01:4e:93:a5:f7:f8:
                    26:f3:9c:99:e2:3c:aa:72:dc:30:2a:ba:5a:78:e7:
                    13:b7:de:74:c7:d8:84:c2:2c:23:55:9f:0d:e5:be:
                    1a:ae:07:c6:87:9f:cb:42:02:6e:e2:50:9f:36:ac:
                    36:43:22:6a:f8:e1:71:70:67:b7:23:01:dd:19:37:
                    b8:18:eb:53:f5:85:17:48:99:a8:c4:d4:f8:ad:a9:
                    a1:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:BC:25:4F:A4:83:6E:50:B7:98:50:B1:BF:0E:B4:BD:58:7E:A5:04
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/b9ddaf6e-e301-4643-a7c7-f31fb91540a6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:51:05:d8:15:31:8a:3f:02:e6:f7:98:8d:6e:10:19:7d:f4:
         d1:08:64:bc:ed:6f:13:d0:bb:6b:ba:13:07:17:6d:8e:22:b8:
         cc:b3:3e:1e:e4:40:4a:72:5e:ca:42:93:cd:72:cd:33:14:f2:
         09:dc:dc:6a:c2:be:1b:84:1c:48:4d:0f:ce:df:99:e2:c7:46:
         e8:21:b3:46:3d:2c:8d:b3:f1:b8:d6:bc:76:3d:a1:46:e6:66:
         d7:a0:9a:cf:b9:99:8c:d2:06:7b:8b:5d:d9:6e:bd:e5:17:12:
         81:b9:83:3b:32:e4:0a:23:64:b1:84:42:ff:07:e9:bb:fa:e7:
         f7:99:5c:57:4e:9b:9a:71:eb:e7:00:06:20:f2:24:2f:d9:41:
         f6:e5:79:eb:44:94:84:b9:41:fc:04:29:98:10:3c:b7:d8:ee:
         b9:be:4f:a8:31:ca:12:f9:3d:fe:e1:e0:d5:ab:4b:9c:6a:62:
         4d:97:90:3d:9c:69:73:c3:0d:9c:4b:9e:51:b4:fa:73:26:fc:
         be:a0:7b:73:01:f5:59:f3:89:c2:1c:8f:4f:53:32:bc:3c:25:
         89:cb:73:04:c3:fe:ab:8c:40:9e:32:3c:2b:f0:2f:da:e2:5d:
         02:bc:8b:33:db:ef:ff:cd:a7:71:ee:24:a3:c9:cd:2b:89:8e:
         78:a2:96:75
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUbR76TdjtB4kvvJSAHLbbMuk8NDwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjEzMDAwMDAwWhcNMjMwMjE2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMmUwYmI5ZjQ1ZThmYTcxZWU4MzRjNWVkNTI1OGYyMjk1
Y2EyNmEzYzMwYzFjYjNlZWE3M2M4NTAzNGY5MDhkNzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJ86WQtJLMqZmkjKT0b5tXWAD0Jmb6h9p1RQIEYAl/C4SKfKDMQv
i78y825aRBAlB+c2gtW60/JIxSe4vh6kFK0VIlj8FquTHoxHOwBGoBuEmjmS8vRb
K9zW+JEpcLjEL3YrvxunKX4wRChuujy1Aj+Wfj8HnSh08R6mJYbnw5QCY1R+aEaA
+FydRoWtQk/q/o1atNguUjbFrW+j/83rfw7UHXDpmLJAK5RVcPEQAU6Tpff4JvOc
meI8qnLcMCq6WnjnE7fedMfYhMIsI1WfDeW+Gq4Hxoefy0ICbuJQnzasNkMiavjh
cXBntyMB3Rk3uBjrU/WFF0iZqMTU+K2poRMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTvvCVPpINuULeYULG/DrS9WH6lBDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYjlkZGFmNmUtZTMwMS00NjQzLWE3YzctZjMxZmI5MTU0MGE2LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJZRBdgVMYo/Aub3
mI1uEBl99NEIZLztbxPQu2u6EwcXbY4iuMyzPh7kQEpyXspCk81yzTMU8gnc3GrC
vhuEHEhND87fmeLHRughs0Y9LI2z8bjWvHY9oUbmZtegms+5mYzSBnuLXdluveUX
EoG5gzsy5AojZLGEQv8H6bv65/eZXFdOm5px6+cABiDyJC/ZQfbleetElIS5QfwE
KZgQPLfY7rm+T6gxyhL5Pf7h4NWrS5xqYk2XkD2caXPDDZxLnlG0+nMm/L6ge3MB
9VnzicIcj09TMrw8JYnLcwTD/quMQJ4yPCvwL9riXQK8izPb7//Np3HuJKPJzSuJ
jniilnU=
-----END CERTIFICATE-----