Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/be86fb62-c7b2-4045-8fc1-5b29fb1d45fd.roa
File:                     be86fb62-c7b2-4045-8fc1-5b29fb1d45fd.roa (raw, json)
Hash identifier:          r0n+QIl3PETl54FVe81DHWSNApPnBiBAd9ryY1g4pN4=
Subject key identifier:   AB:2F:52:BC:70:E4:AA:60:68:32:9D:4E:AF:E1:7E:AF:42:AC:96:CD
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       539B9B95F1753DE7CE55C2C5F1DFC4609F224505
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/be86fb62-c7b2-4045-8fc1-5b29fb1d45fd.roa
Signing time:             Sun 12 Feb 2023 00:00:00 +0000
ROA not before:           Sun 12 Feb 2023 00:00:00 +0000
ROA not after:            Wed 15 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:9b:9b:95:f1:75:3d:e7:ce:55:c2:c5:f1:df:c4:60:9f:22:45:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 12 00:00:00 2023 GMT
            Not After : Feb 15 23:59:59 2023 GMT
        Subject: serialNumber=869112dfc0e85a21b8cb94a30adfd69ac9615daf077f068edbd3685c5b6ff0e4, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:e2:ef:69:d8:98:93:35:23:13:11:62:6a:5d:
                    b7:8f:40:d7:e6:d1:d3:8c:76:71:ee:69:81:0d:21:
                    ac:45:71:c2:c0:90:d9:77:36:1e:e2:f3:b8:9e:d7:
                    fe:be:9f:91:13:0a:cc:cc:6e:8f:32:1b:93:77:bf:
                    76:fa:af:94:97:19:da:68:2c:ad:18:c2:87:7a:76:
                    01:d3:c5:f0:0d:bc:ff:8b:1b:be:9c:de:46:c6:4c:
                    15:04:7d:3b:d7:2d:ba:7f:c6:70:db:8a:0b:99:2b:
                    04:9f:24:a6:8d:f7:94:e4:ff:ab:d4:e6:64:35:57:
                    e3:bf:e0:a4:f5:7b:3d:7b:36:21:72:2f:b9:46:5f:
                    ee:a9:1a:69:6b:77:9f:72:02:07:b6:9f:41:ac:42:
                    c8:c9:20:5c:11:85:a8:52:94:e8:ff:d0:56:c2:78:
                    78:07:63:ee:10:39:81:94:56:85:69:68:1c:83:63:
                    df:52:57:eb:7e:3c:9e:1f:69:44:6e:e0:ee:e8:7d:
                    fd:83:a7:33:bd:d8:39:1e:57:57:aa:70:e3:3d:71:
                    44:3f:8e:0a:6a:c1:f0:bd:ef:22:d6:ea:02:58:6b:
                    62:79:88:2b:7f:a1:61:9a:ca:2c:85:a6:36:77:60:
                    13:d5:8e:42:79:ba:d8:8d:26:88:fa:0c:7b:b0:11:
                    80:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:2F:52:BC:70:E4:AA:60:68:32:9D:4E:AF:E1:7E:AF:42:AC:96:CD
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/be86fb62-c7b2-4045-8fc1-5b29fb1d45fd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:74:1b:c7:fb:3f:9f:3a:43:56:27:12:f9:6a:8c:6b:8c:69:
         d8:e7:e7:2e:19:e1:9f:71:b2:4d:4c:06:68:5e:3a:26:d3:a6:
         a4:a3:7f:a6:41:59:dc:1b:3b:30:2d:e7:45:fe:73:5b:81:39:
         68:d3:ed:61:43:d5:2e:17:11:7b:f0:59:69:85:0b:33:6b:2d:
         19:38:38:39:c1:8f:19:12:d5:03:d2:e8:2e:69:0f:75:39:4a:
         38:5c:59:7a:f1:25:ae:0a:1c:87:a6:28:a9:d0:bc:cd:84:37:
         3e:54:05:3c:39:c4:c8:0c:c9:87:48:ce:3f:cf:2c:21:01:a5:
         e6:af:26:07:a8:17:2c:94:14:a9:05:e7:d6:26:fc:92:8b:94:
         16:47:5b:cd:30:13:6b:fb:05:43:28:c2:15:4b:17:52:39:73:
         49:e5:0a:c0:ca:d7:2b:28:74:a9:15:aa:2b:82:65:55:f7:a6:
         f8:5f:b1:80:6e:15:97:00:f9:0c:5e:57:4f:57:7a:ee:e3:80:
         cc:65:85:9c:7f:f7:a5:11:10:a3:aa:33:ba:26:81:c2:0b:f6:
         8c:1b:ed:21:aa:73:37:5f:4a:c1:4d:92:0f:41:06:1a:c9:27:
         e9:47:8f:89:bb:6b:54:12:35:94:4e:53:dd:86:29:f0:32:5d:
         cb:7e:79:c3
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUU5ublfF1PefOVcLF8d/EYJ8iRQUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjEyMDAwMDAwWhcNMjMwMjE1MjM1OTU5
WjCBpTFJMEcGA1UEBRNAODY5MTEyZGZjMGU4NWEyMWI4Y2I5NGEzMGFkZmQ2OWFj
OTYxNWRhZjA3N2YwNjhlZGJkMzY4NWM1YjZmZjBlNDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALHi72nYmJM1IxMRYmpdt49A1+bR04x2ce5pgQ0hrEVxwsCQ2Xc2
HuLzuJ7X/r6fkRMKzMxujzIbk3e/dvqvlJcZ2mgsrRjCh3p2AdPF8A28/4sbvpze
RsZMFQR9O9ctun/GcNuKC5krBJ8kpo33lOT/q9TmZDVX47/gpPV7PXs2IXIvuUZf
7qkaaWt3n3ICB7afQaxCyMkgXBGFqFKU6P/QVsJ4eAdj7hA5gZRWhWloHINj31JX
6348nh9pRG7g7uh9/YOnM73YOR5XV6pw4z1xRD+OCmrB8L3vItbqAlhrYnmIK3+h
YZrKLIWmNndgE9WOQnm62I0miPoMe7ARgIMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSrL1K8cOSqYGgynU6v4X6vQqyWzTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYmU4NmZiNjItYzdiMi00MDQ1LThmYzEtNWIyOWZiMWQ0NWZkLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAMF0G8f7P586Q1Yn
EvlqjGuMadjn5y4Z4Z9xsk1MBmheOibTpqSjf6ZBWdwbOzAt50X+c1uBOWjT7WFD
1S4XEXvwWWmFCzNrLRk4ODnBjxkS1QPS6C5pD3U5SjhcWXrxJa4KHIemKKnQvM2E
Nz5UBTw5xMgMyYdIzj/PLCEBpeavJgeoFyyUFKkF59Ym/JKLlBZHW80wE2v7BUMo
whVLF1I5c0nlCsDK1ysodKkVqiuCZVX3pvhfsYBuFZcA+QxeV09Xeu7jgMxlhZx/
96UREKOqM7omgcIL9owb7SGqczdfSsFNkg9BBhrJJ+lHj4m7a1QSNZROU92GKfAy
Xct+ecM=
-----END CERTIFICATE-----