Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/bfd1f862-b462-42b7-bc5e-9d6f42c0a015.roa
File:                     bfd1f862-b462-42b7-bc5e-9d6f42c0a015.roa (raw, json)
Hash identifier:          JDBUaXaA1uBpYtAmgWlhbPnQOHhupiP5Z40HLAFLIhw=
Subject key identifier:   96:47:AE:ED:3D:78:70:25:67:AF:6C:7B:E3:80:1C:83:ED:AE:64:F1
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       0455018811A66A0FA4DDF2E4EC3F9FB78ECFE0CC
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/bfd1f862-b462-42b7-bc5e-9d6f42c0a015.roa
Signing time:             Mon 20 Feb 2023 00:00:00 +0000
ROA not before:           Mon 20 Feb 2023 00:00:00 +0000
ROA not after:            Thu 23 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:55:01:88:11:a6:6a:0f:a4:dd:f2:e4:ec:3f:9f:b7:8e:cf:e0:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 20 00:00:00 2023 GMT
            Not After : Feb 23 23:59:59 2023 GMT
        Subject: serialNumber=16ebb93ecbf81183fefaf54900fdedd13cfb67f1682ce0597e2efceb708d79d7, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:b5:3f:38:48:8e:73:43:bb:50:cc:0b:c9:28:
                    f1:13:a2:b6:13:ed:54:af:88:b9:01:41:cf:c2:1b:
                    1c:1a:e1:64:35:e3:34:31:9d:df:08:05:05:c8:ab:
                    fe:00:49:64:62:a2:0f:5f:08:c8:bd:6f:48:43:c7:
                    f6:9c:23:b7:94:bc:ab:bb:13:b4:a7:80:0a:9a:bc:
                    43:1d:b5:90:e7:c1:87:ef:cd:71:55:cd:07:91:38:
                    da:0d:58:9e:71:86:47:ae:ec:c3:74:de:ba:a4:47:
                    e0:20:ad:be:65:5f:de:4e:59:d2:08:e2:70:dd:35:
                    c9:a0:2b:3d:e7:7f:ad:be:11:df:ea:22:d7:4c:4f:
                    b4:d0:0f:b5:f4:f3:ac:ae:3c:a7:25:eb:31:b0:16:
                    bc:ff:32:24:62:84:e9:2d:82:af:50:8c:8c:55:b9:
                    82:88:1c:41:02:65:38:16:42:fe:17:3e:35:a9:17:
                    1f:72:4e:d5:39:23:63:bb:91:8b:0e:5e:2e:1e:bc:
                    45:7d:af:14:f4:26:c6:40:14:62:d5:ef:cc:41:1f:
                    08:a8:3b:68:76:6d:75:61:a8:e9:d0:71:00:71:91:
                    e5:33:bf:ef:4a:72:25:40:2b:0b:77:3d:0a:3c:25:
                    3c:e9:9a:4f:4d:7b:b6:c7:9b:dc:e9:7f:ca:31:86:
                    56:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:47:AE:ED:3D:78:70:25:67:AF:6C:7B:E3:80:1C:83:ED:AE:64:F1
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/bfd1f862-b462-42b7-bc5e-9d6f42c0a015.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:87:70:71:39:88:c0:74:82:27:c6:ee:b6:5d:a8:63:49:53:
         6f:1d:f4:b7:02:b1:94:56:19:65:7a:97:1d:78:73:90:3d:e5:
         ce:f6:f9:cd:20:9b:31:8d:d4:82:a4:00:35:48:30:0b:14:29:
         ee:c3:f4:5c:fc:43:bb:56:17:10:d9:b9:81:77:f9:40:f8:ff:
         76:37:78:ab:dc:89:d1:c4:64:bc:2f:c5:05:07:52:b7:4a:eb:
         3d:5d:e6:d5:20:0e:ae:89:e5:c9:0e:ea:67:5c:1f:3f:b9:5c:
         38:6c:c5:b8:f1:dc:8a:5e:6a:d8:6f:4e:da:fd:2a:7e:85:da:
         19:3f:07:d8:50:26:c4:a2:25:b1:52:75:60:9e:e7:99:66:a3:
         97:d5:a5:47:73:78:33:de:2c:08:f4:1a:79:35:07:65:16:ed:
         06:0a:eb:1f:b0:bd:68:16:09:ff:29:29:c0:26:76:37:6b:73:
         a2:b4:00:26:f9:c6:82:d4:6d:ab:8f:04:1b:6f:04:f7:24:53:
         c2:be:8b:d4:55:73:42:f4:74:b1:32:9f:f1:c3:a6:df:36:5a:
         6f:4c:bf:d0:13:9d:9b:01:f3:97:14:9c:92:c8:aa:2e:12:80:
         da:63:2b:ad:80:1e:fa:b7:3e:77:59:79:33:e6:e6:23:90:7f:
         87:b5:1d:9c
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUBFUBiBGmag+k3fLk7D+ft47P4MwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjIwMDAwMDAwWhcNMjMwMjIzMjM1OTU5
WjCBpTFJMEcGA1UEBRNAMTZlYmI5M2VjYmY4MTE4M2ZlZmFmNTQ5MDBmZGVkZDEz
Y2ZiNjdmMTY4MmNlMDU5N2UyZWZjZWI3MDhkNzlkNzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAOG1PzhIjnNDu1DMC8ko8ROithPtVK+IuQFBz8IbHBrhZDXjNDGd
3wgFBcir/gBJZGKiD18IyL1vSEPH9pwjt5S8q7sTtKeACpq8Qx21kOfBh+/NcVXN
B5E42g1YnnGGR67sw3TeuqRH4CCtvmVf3k5Z0gjicN01yaArPed/rb4R3+oi10xP
tNAPtfTzrK48pyXrMbAWvP8yJGKE6S2Cr1CMjFW5gogcQQJlOBZC/hc+NakXH3JO
1TkjY7uRiw5eLh68RX2vFPQmxkAUYtXvzEEfCKg7aHZtdWGo6dBxAHGR5TO/70py
JUArC3c9CjwlPOmaT017tseb3Ol/yjGGVsMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSWR67tPXhwJWevbHvjgByD7a5k8TAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYmZkMWY4NjItYjQ2Mi00MmI3LWJjNWUtOWQ2ZjQyYzBhMDE1LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFeHcHE5iMB0gifG
7rZdqGNJU28d9LcCsZRWGWV6lx14c5A95c72+c0gmzGN1IKkADVIMAsUKe7D9Fz8
Q7tWFxDZuYF3+UD4/3Y3eKvcidHEZLwvxQUHUrdK6z1d5tUgDq6J5ckO6mdcHz+5
XDhsxbjx3IpeathvTtr9Kn6F2hk/B9hQJsSiJbFSdWCe55lmo5fVpUdzeDPeLAj0
Gnk1B2UW7QYK6x+wvWgWCf8pKcAmdjdrc6K0ACb5xoLUbauPBBtvBPckU8K+i9RV
c0L0dLEyn/HDpt82Wm9Mv9ATnZsB85cUnJLIqi4SgNpjK62AHvq3PndZeTPm5iOQ
f4e1HZw=
-----END CERTIFICATE-----