Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c03a5a45-fef9-418c-9eeb-c5c2087a4e2c.roa
File:                     c03a5a45-fef9-418c-9eeb-c5c2087a4e2c.roa (raw, json)
Hash identifier:          kIYlk7DwPd0Yhbrg/RfEJ8QAX9sLFzzHPmGSGpbJ48Q=
Subject key identifier:   6D:57:93:9D:95:63:9D:70:ED:77:F2:39:FB:40:24:10:DD:9C:29:27
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       5E014D71B7F0A974884D91F956D6E909280C54E8
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c03a5a45-fef9-418c-9eeb-c5c2087a4e2c.roa
Signing time:             Wed 18 Jan 2023 00:00:00 +0000
ROA not before:           Wed 18 Jan 2023 00:00:00 +0000
ROA not after:            Sat 21 Jan 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:01:4d:71:b7:f0:a9:74:88:4d:91:f9:56:d6:e9:09:28:0c:54:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jan 18 00:00:00 2023 GMT
            Not After : Jan 21 23:59:59 2023 GMT
        Subject: serialNumber=7dfae11dfc4c1bfac8262de8ffa2a95a9b5581f2cb37428e7324096f24f5d474, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:e4:97:dd:18:5b:5b:a3:03:c1:e6:f0:39:2d:
                    54:01:0c:cf:3f:09:36:c8:69:2e:f9:94:8f:b8:01:
                    35:97:52:a3:f3:74:32:b2:f4:b7:d1:8a:ed:38:4a:
                    13:63:88:9e:59:42:ed:ce:8a:c3:1a:35:2d:28:84:
                    04:3d:21:10:a1:ce:15:76:f0:29:c5:9f:24:21:a8:
                    06:eb:74:9e:cb:22:ef:0c:a5:e9:77:27:39:86:0b:
                    e1:f9:2e:c2:78:34:5f:cc:7f:8a:f5:e5:9e:d4:14:
                    6c:a2:9e:6a:24:64:70:8f:de:c6:16:e1:e9:f4:8d:
                    f5:3e:20:f5:e1:23:28:dc:43:72:0c:02:aa:dc:f5:
                    1c:5d:84:89:fc:7c:81:65:c3:5e:09:8e:99:03:2f:
                    c4:01:65:69:b5:f6:d8:73:a3:eb:a2:d0:5c:ec:ac:
                    76:39:02:4b:14:ee:8d:27:71:34:ac:c9:fc:d2:09:
                    5a:b2:5c:fc:06:cd:23:c7:34:10:74:ba:25:97:2d:
                    49:6f:46:77:7d:22:ee:b8:b7:f9:ab:d0:fb:e3:06:
                    ba:a1:a3:30:c6:96:f1:af:55:09:a5:6b:f2:b6:0f:
                    db:5e:e2:ba:bd:47:07:19:6f:95:ab:1e:60:94:31:
                    8f:a9:cc:d2:83:aa:fc:ac:7c:6f:0a:c5:af:91:7f:
                    a9:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:57:93:9D:95:63:9D:70:ED:77:F2:39:FB:40:24:10:DD:9C:29:27
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c03a5a45-fef9-418c-9eeb-c5c2087a4e2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:9b:c9:ad:59:c6:a7:1e:e1:ed:0a:1f:1a:9a:54:dd:49:82:
         a5:82:1b:1b:4b:07:f2:0c:4a:67:7e:71:f5:7f:2f:36:85:8b:
         fb:a4:20:01:c3:35:d5:cc:26:b2:49:74:82:db:78:71:17:42:
         00:bf:bb:0a:f6:a3:ca:9a:52:d6:0f:75:4e:c0:17:c4:1c:a7:
         6e:d4:84:39:9e:89:78:85:c9:f0:04:22:f2:77:23:10:7d:d9:
         6a:a4:a4:07:6a:6c:56:f5:54:bf:8b:99:f1:83:0c:ad:03:46:
         1f:8a:88:1a:d4:57:df:a9:47:2e:e5:b3:7c:76:d5:88:fe:31:
         4f:6d:ff:43:0a:5e:09:53:99:2d:fd:2a:3f:f4:14:9e:a8:2d:
         c1:19:a8:b0:a3:a7:39:99:8b:39:bf:e8:39:55:30:7a:ae:2f:
         00:ae:da:d9:88:9f:17:96:45:8f:db:83:ac:67:94:2b:44:32:
         3e:f2:57:d6:a1:04:ef:64:e8:ce:3b:26:69:63:5c:18:f8:b2:
         6e:e9:48:02:e6:5d:de:cf:5d:a9:60:4e:32:10:5e:49:86:c0:
         50:e1:4c:71:8f:90:18:34:a7:b1:10:47:b7:93:fe:7a:81:9d:
         a2:85:e8:93:42:71:a8:5f:ac:d4:a5:5f:4d:08:0e:42:79:53:
         e0:8c:00:93
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUXgFNcbfwqXSITZH5VtbpCSgMVOgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMTE4MDAwMDAwWhcNMjMwMTIxMjM1OTU5
WjCBpTFJMEcGA1UEBRNAN2RmYWUxMWRmYzRjMWJmYWM4MjYyZGU4ZmZhMmE5NWE5
YjU1ODFmMmNiMzc0MjhlNzMyNDA5NmYyNGY1ZDQ3NDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJXkl90YW1ujA8Hm8DktVAEMzz8JNshpLvmUj7gBNZdSo/N0MrL0
t9GK7ThKE2OInllC7c6Kwxo1LSiEBD0hEKHOFXbwKcWfJCGoBut0nssi7wyl6Xcn
OYYL4fkuwng0X8x/ivXlntQUbKKeaiRkcI/exhbh6fSN9T4g9eEjKNxDcgwCqtz1
HF2Eifx8gWXDXgmOmQMvxAFlabX22HOj66LQXOysdjkCSxTujSdxNKzJ/NIJWrJc
/AbNI8c0EHS6JZctSW9Gd30i7ri3+avQ++MGuqGjMMaW8a9VCaVr8rYP217iur1H
BxlvlaseYJQxj6nM0oOq/Kx8bwrFr5F/qSUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRtV5OdlWOdcO138jn7QCQQ3ZwpJzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYzAzYTVhNDUtZmVmOS00MThjLTllZWItYzVjMjA4N2E0ZTJjLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACqbya1Zxqce4e0K
HxqaVN1JgqWCGxtLB/IMSmd+cfV/LzaFi/ukIAHDNdXMJrJJdILbeHEXQgC/uwr2
o8qaUtYPdU7AF8Qcp27UhDmeiXiFyfAEIvJ3IxB92WqkpAdqbFb1VL+LmfGDDK0D
Rh+KiBrUV9+pRy7ls3x21Yj+MU9t/0MKXglTmS39Kj/0FJ6oLcEZqLCjpzmZizm/
6DlVMHquLwCu2tmInxeWRY/bg6xnlCtEMj7yV9ahBO9k6M47JmljXBj4sm7pSALm
Xd7PXalgTjIQXkmGwFDhTHGPkBg0p7EQR7eT/nqBnaKF6JNCcahfrNSlX00IDkJ5
U+CMAJM=
-----END CERTIFICATE-----