Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/bb403c06-80c4-49d9-bf48-7b2e2a1f0187.roa
File:                     bb403c06-80c4-49d9-bf48-7b2e2a1f0187.roa (raw, json)
Hash identifier:          cA2jQivSLHGBiwBUSejdYwWPqbH3wOqiW5N0kOvcMiM=
Subject key identifier:   9C:16:BB:02:74:6F:86:CA:0B:8A:EE:89:6D:8D:20:BF:1A:47:54:0C
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       2F3D0636174FE62B8B6A4EB55C740A05F2AD5754
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/bb403c06-80c4-49d9-bf48-7b2e2a1f0187.roa
Signing time:             Fri 24 Feb 2023 00:00:00 +0000
ROA not before:           Fri 24 Feb 2023 00:00:00 +0000
ROA not after:            Mon 27 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:3d:06:36:17:4f:e6:2b:8b:6a:4e:b5:5c:74:0a:05:f2:ad:57:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 24 00:00:00 2023 GMT
            Not After : Feb 27 23:59:59 2023 GMT
        Subject: serialNumber=39b6ab1d9aea738a5713cccfd0b395c7d027932713472413d71bae896ace08b9, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:c3:00:73:4b:a1:1d:6f:73:66:81:e7:6c:61:
                    b7:8d:2d:05:7b:cd:6c:fe:0b:ca:15:75:bd:fb:0d:
                    b5:e3:44:c0:4b:82:ca:14:c8:06:bb:6f:19:14:03:
                    c4:56:35:21:f0:d1:ed:55:b6:e5:12:55:54:7c:d6:
                    0b:04:c5:39:b1:40:52:7a:8e:e2:bc:a4:9f:fb:12:
                    d7:63:c4:2a:10:52:e4:d4:02:d3:b7:e3:60:28:14:
                    e4:b5:a4:9f:82:e6:67:9d:2a:22:b9:7d:98:53:b5:
                    ff:dd:cc:2e:a1:09:6e:90:2a:aa:fa:e6:0b:cc:05:
                    0e:52:81:2c:80:69:5e:cf:34:86:c4:fa:a5:b9:b5:
                    41:2c:8d:62:23:a8:51:a2:b3:34:f7:85:bb:63:4b:
                    f6:cf:6f:06:f8:ec:c7:4f:32:88:b6:ca:f9:e2:6e:
                    c4:20:e4:5d:0d:47:ee:e2:61:10:8a:c0:61:ff:53:
                    3b:88:99:17:16:52:a9:e2:93:6a:b4:cb:97:08:c6:
                    b2:aa:28:c9:af:43:a8:8e:15:8b:f6:7b:fa:37:94:
                    99:ff:65:4e:a0:fe:fb:19:5b:8b:7c:61:27:6c:ee:
                    e0:df:a8:2c:c9:f0:4e:27:07:0a:78:8f:25:52:c8:
                    dd:b7:b8:c3:43:1b:d3:22:7d:e7:57:78:6d:d8:1e:
                    80:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:16:BB:02:74:6F:86:CA:0B:8A:EE:89:6D:8D:20:BF:1A:47:54:0C
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/bb403c06-80c4-49d9-bf48-7b2e2a1f0187.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c9:3e:a3:02:df:42:64:91:81:44:1d:d1:26:66:e0:e5:6d:48:
         9d:5b:08:5e:d9:4d:6c:c0:99:9f:ee:b9:29:a4:8c:d9:50:33:
         fb:dc:0a:da:f5:28:f3:f9:4e:9a:fa:41:e1:95:f7:42:e3:1f:
         47:ac:bc:03:0f:aa:27:bf:a4:b2:31:ed:09:79:4a:6e:13:e9:
         90:3a:5f:4f:ec:05:39:07:ab:63:93:de:0e:8d:76:29:5b:3e:
         5a:c2:a8:4f:b2:57:24:67:4a:6b:26:cf:f2:69:5a:24:54:0b:
         ac:44:0c:cf:57:64:57:b0:78:4d:b6:43:88:1c:33:8d:4b:fc:
         fa:7f:10:c4:db:b8:9f:6a:f8:ab:fe:fd:38:23:34:d8:90:c3:
         39:91:be:af:50:91:e7:fe:1d:ee:5c:cf:8d:bd:4e:0d:d9:6e:
         07:3a:17:5e:ac:a1:30:db:46:92:b1:5f:91:96:9a:c6:ed:5f:
         23:b3:fd:69:63:c7:06:91:84:a4:6c:ed:7e:2e:2d:5e:7c:20:
         30:76:d4:dc:8b:0a:2c:1f:62:3d:a2:e4:05:ae:7b:a6:19:40:
         42:55:c7:1d:f2:e6:58:09:ec:b2:e8:3f:fb:1d:07:02:ef:ae:
         fb:58:2a:5f:cd:fb:ff:7d:fb:4a:16:30:8c:93:c5:63:63:4e:
         c7:5c:08:6c
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIULz0GNhdP5iuLak61XHQKBfKtV1QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjI0MDAwMDAwWhcNMjMwMjI3MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMzliNmFiMWQ5YWVhNzM4YTU3MTNjY2NmZDBiMzk1Yzdk
MDI3OTMyNzEzNDcyNDEzZDcxYmFlODk2YWNlMDhiOTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAO3DAHNLoR1vc2aB52xht40tBXvNbP4LyhV1vfsNteNEwEuCyhTI
BrtvGRQDxFY1IfDR7VW25RJVVHzWCwTFObFAUnqO4rykn/sS12PEKhBS5NQC07fj
YCgU5LWkn4LmZ50qIrl9mFO1/93MLqEJbpAqqvrmC8wFDlKBLIBpXs80hsT6pbm1
QSyNYiOoUaKzNPeFu2NL9s9vBvjsx08yiLbK+eJuxCDkXQ1H7uJhEIrAYf9TO4iZ
FxZSqeKTarTLlwjGsqooya9DqI4Vi/Z7+jeUmf9lTqD++xlbi3xhJ2zu4N+oLMnw
TicHCniPJVLI3be4w0Mb0yJ951d4bdgegHMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBScFrsCdG+GyguK7oltjSC/GkdUDDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYmI0MDNjMDYtODBjNC00OWQ5LWJmNDgtN2IyZTJhMWYwMTg3LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAMk+owLfQmSRgUQd
0SZm4OVtSJ1bCF7ZTWzAmZ/uuSmkjNlQM/vcCtr1KPP5Tpr6QeGV90LjH0esvAMP
qie/pLIx7Ql5Sm4T6ZA6X0/sBTkHq2OT3g6NdilbPlrCqE+yVyRnSmsmz/JpWiRU
C6xEDM9XZFeweE22Q4gcM41L/Pp/EMTbuJ9q+Kv+/TgjNNiQwzmRvq9Qkef+He5c
z429Tg3Zbgc6F16soTDbRpKxX5GWmsbtXyOz/WljxwaRhKRs7X4uLV58IDB21NyL
CiwfYj2i5AWue6YZQEJVxx3y5lgJ7LLoP/sdBwLvrvtYKl/N+/99+0oWMIyTxWNj
TsdcCGw=
-----END CERTIFICATE-----