Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/bd5ed9c8-e627-4bc4-8ca3-e7718a259f40.roa
File:                     bd5ed9c8-e627-4bc4-8ca3-e7718a259f40.roa (raw, json)
Hash identifier:          zHnPN9IEmEsHsTLhX2CMGLzLnlVwESrbH3tA5IVJlM0=
Subject key identifier:   5A:BF:E1:9D:6D:97:64:02:02:D7:4A:73:8E:56:EB:F7:88:11:18:70
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       10C191585C959D7B00CAB579717DE9A7FD8849EC
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/bd5ed9c8-e627-4bc4-8ca3-e7718a259f40.roa
Signing time:             Sat 18 Mar 2023 00:00:00 +0000
ROA not before:           Sat 18 Mar 2023 00:00:00 +0000
ROA not after:            Tue 21 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:c1:91:58:5c:95:9d:7b:00:ca:b5:79:71:7d:e9:a7:fd:88:49:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 18 00:00:00 2023 GMT
            Not After : Mar 21 23:59:59 2023 GMT
        Subject: serialNumber=6cb61015fdb25d7895e55e3747bbaaeeba48bff4da8fa700bb8b76c2ed83ada7, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:a0:1d:50:1a:73:52:88:ea:36:11:cf:47:91:
                    4d:61:69:6c:86:fc:02:4b:83:6d:34:5b:84:ae:56:
                    ae:99:76:64:46:8a:9b:af:46:5d:7f:fe:40:68:5c:
                    74:98:dc:02:a6:b9:fc:be:78:0b:7d:86:43:38:01:
                    df:df:50:3f:70:60:00:7e:00:4a:6d:ca:8d:1f:7f:
                    b6:0d:e0:59:1d:99:db:03:a5:cb:6f:32:ae:03:dc:
                    ee:14:47:6c:3a:67:ad:16:d9:c3:e9:96:dc:da:f6:
                    ec:65:5b:70:76:ca:e0:57:42:81:31:c8:34:d0:de:
                    ae:27:dc:63:e9:e1:53:b8:b9:2f:85:cf:b9:c1:69:
                    bb:f5:59:b7:64:2c:e4:27:4c:47:8a:57:0b:5f:cd:
                    fe:69:87:03:86:eb:02:88:06:72:a2:a5:50:2c:5a:
                    80:32:9d:f1:e9:6b:71:9e:42:f8:f5:24:1c:72:00:
                    ad:03:9c:e6:b7:f5:e6:9b:7b:3f:d6:b6:ab:bd:92:
                    40:fd:08:e1:85:fa:14:31:85:3d:e9:2d:17:7e:a1:
                    25:be:38:26:16:89:36:7b:3a:6e:3e:25:0f:86:7c:
                    2b:6e:52:e6:50:a6:b8:da:62:21:fe:b9:ec:21:4e:
                    62:cf:7e:24:0a:e3:c9:5b:1c:df:10:b5:0f:5e:20:
                    90:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:BF:E1:9D:6D:97:64:02:02:D7:4A:73:8E:56:EB:F7:88:11:18:70
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/bd5ed9c8-e627-4bc4-8ca3-e7718a259f40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:15:7d:7e:48:01:9d:8d:a8:c7:7c:6c:99:20:4c:0d:04:53:
         8a:68:52:9e:1a:e6:23:70:2f:9d:3f:02:d3:ee:50:b4:43:3f:
         06:c0:06:16:ab:d7:e3:e7:7b:f0:d0:15:34:bc:15:c7:c4:36:
         98:1e:e8:58:e4:e2:4e:60:b6:95:ac:e2:07:38:46:79:99:3f:
         2c:e5:5e:29:f0:2a:9d:97:9f:7d:1f:85:93:37:9f:7e:3d:f2:
         fa:fe:72:96:72:5e:2c:31:1b:1e:b6:79:71:b8:46:dd:a4:67:
         24:50:d6:02:52:a5:91:30:ce:f8:3a:95:6e:d4:95:50:2c:d7:
         37:3e:97:ce:69:d2:53:26:83:42:62:1c:ff:98:10:6f:da:86:
         43:67:30:87:60:74:16:c3:b3:3f:c7:3c:15:d6:c0:01:5d:ea:
         36:c5:78:a3:8d:80:ba:87:88:e1:7e:07:29:c4:bc:f4:86:96:
         01:b5:83:72:d5:b0:12:b9:c1:b2:63:cc:bd:cc:3d:1f:85:96:
         96:93:77:39:5e:38:49:4f:78:ec:fe:de:16:bb:07:bf:d8:76:
         58:02:df:c7:c9:89:fb:a4:24:15:a0:f6:3e:12:f6:89:3a:a0:
         86:c3:c6:db:7c:5e:e7:29:e5:21:8e:23:61:19:d2:06:c0:36:
         ae:2e:bd:45
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUEMGRWFyVnXsAyrV5cX3pp/2ISewwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzE4MDAwMDAwWhcNMjMwMzIxMjM1OTU5
WjCBpTFJMEcGA1UEBRNANmNiNjEwMTVmZGIyNWQ3ODk1ZTU1ZTM3NDdiYmFhZWVi
YTQ4YmZmNGRhOGZhNzAwYmI4Yjc2YzJlZDgzYWRhNzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKSgHVAac1KI6jYRz0eRTWFpbIb8AkuDbTRbhK5Wrpl2ZEaKm69G
XX/+QGhcdJjcAqa5/L54C32GQzgB399QP3BgAH4ASm3KjR9/tg3gWR2Z2wOly28y
rgPc7hRHbDpnrRbZw+mW3Nr27GVbcHbK4FdCgTHINNDerifcY+nhU7i5L4XPucFp
u/VZt2Qs5CdMR4pXC1/N/mmHA4brAogGcqKlUCxagDKd8elrcZ5C+PUkHHIArQOc
5rf15pt7P9a2q72SQP0I4YX6FDGFPektF36hJb44JhaJNns6bj4lD4Z8K25S5lCm
uNpiIf657CFOYs9+JArjyVsc3xC1D14gkDUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRav+GdbZdkAgLXSnOOVuv3iBEYcDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYmQ1ZWQ5YzgtZTYyNy00YmM0LThjYTMtZTc3MThhMjU5ZjQwLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADIVfX5IAZ2NqMd8
bJkgTA0EU4poUp4a5iNwL50/AtPuULRDPwbABhar1+Pne/DQFTS8FcfENpge6Fjk
4k5gtpWs4gc4RnmZPyzlXinwKp2Xn30fhZM3n3498vr+cpZyXiwxGx62eXG4Rt2k
ZyRQ1gJSpZEwzvg6lW7UlVAs1zc+l85p0lMmg0JiHP+YEG/ahkNnMIdgdBbDsz/H
PBXWwAFd6jbFeKONgLqHiOF+BynEvPSGlgG1g3LVsBK5wbJjzL3MPR+FlpaTdzle
OElPeOz+3ha7B7/YdlgC38fJifukJBWg9j4S9ok6oIbDxtt8Xucp5SGOI2EZ0gbA
Nq4uvUU=
-----END CERTIFICATE-----