Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c1d93cde-b14e-4a88-9211-0acbbe73a091.roa
File:                     c1d93cde-b14e-4a88-9211-0acbbe73a091.roa (raw, json)
Hash identifier:          il6xS5rmBiA3fPTKPmbyrrBxkgSHfofSWqmGQWnTvP4=
Subject key identifier:   4F:DB:F5:D9:A3:9F:9D:21:89:8B:A7:9C:F3:97:E0:67:28:68:54:18
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       65547C8FDBE858EDF82D347F247AB1678F50508D
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c1d93cde-b14e-4a88-9211-0acbbe73a091.roa
Signing time:             Sun 26 Feb 2023 00:00:00 +0000
ROA not before:           Sun 26 Feb 2023 00:00:00 +0000
ROA not after:            Wed 01 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:54:7c:8f:db:e8:58:ed:f8:2d:34:7f:24:7a:b1:67:8f:50:50:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 26 00:00:00 2023 GMT
            Not After : Mar  1 23:59:59 2023 GMT
        Subject: serialNumber=74df0a4655bbb3ec91121144d0607c3b643dbbd5b1098c2e3525fefb105cf31d, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:6b:16:8b:4d:85:26:3a:3c:36:e7:dc:08:75:
                    37:53:42:d3:0e:08:2a:d2:3a:b0:50:98:3f:7f:3e:
                    fd:90:01:2b:ca:57:f0:1c:cb:bb:80:df:4e:a2:78:
                    74:76:da:bb:b2:1a:6e:55:61:68:f1:53:fa:f8:6b:
                    34:7a:9e:4c:56:40:27:58:00:9b:e9:f8:5d:52:d9:
                    bc:36:61:1a:23:3a:7e:b3:e3:57:1e:ce:fa:98:08:
                    d7:8f:39:f4:86:9b:e2:5f:61:1c:93:86:b1:13:12:
                    57:a2:af:f7:7f:fc:a8:a1:a2:df:b1:7f:fe:77:27:
                    29:08:be:07:9f:62:30:26:13:99:c7:6d:78:74:5a:
                    9d:16:3d:5c:5c:9e:11:9e:a9:35:6f:75:08:04:95:
                    bc:bf:9f:78:28:76:64:03:29:c8:82:49:a5:07:a5:
                    da:76:ed:e9:7f:ce:70:b9:18:b5:9c:b6:50:4a:6e:
                    30:b1:ca:eb:b6:1e:68:8b:02:73:fb:13:c3:ed:5d:
                    a8:37:86:e0:0d:03:19:b4:1d:fc:a6:61:99:91:57:
                    60:31:ef:b6:75:6f:ed:1e:05:12:4a:e9:64:2a:7b:
                    99:05:9d:e5:89:2f:90:81:f8:b1:a5:9d:c0:45:83:
                    ef:a5:ac:e5:15:dc:11:39:79:63:10:75:e4:8f:c2:
                    14:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:DB:F5:D9:A3:9F:9D:21:89:8B:A7:9C:F3:97:E0:67:28:68:54:18
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c1d93cde-b14e-4a88-9211-0acbbe73a091.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:88:d8:99:93:03:3a:80:d4:36:b7:96:d9:54:6a:aa:35:9a:
         f2:a7:dd:c2:ec:ab:ae:9e:19:6a:83:f9:38:60:f0:9f:32:ce:
         f0:b2:a9:9c:5e:cc:7a:ef:b3:50:85:36:05:72:61:d8:a7:85:
         2f:c3:b0:01:9f:1d:3c:b0:df:d6:db:c9:90:3a:f6:34:f3:35:
         82:d6:0a:e7:45:6d:38:57:4b:3c:f3:5f:9f:7d:a2:6e:e8:d0:
         26:73:9c:10:82:04:f8:6e:2c:f2:ea:72:e5:fb:ea:2f:3e:d2:
         84:1e:d1:04:23:c1:c2:57:db:11:9c:51:b3:2a:88:22:75:c0:
         11:d9:0b:e9:ec:75:a6:95:fb:e0:4e:00:22:b0:d1:b0:5e:15:
         17:00:7f:89:78:9d:b0:c9:85:6d:0a:ff:64:85:41:1f:f6:90:
         dc:cc:32:ae:c8:78:e9:2d:5b:42:74:d7:f5:0d:a1:3b:34:f1:
         9a:db:80:61:8b:c3:6c:0f:96:09:92:ea:d1:4e:1d:50:68:09:
         e7:92:61:69:f7:50:79:99:12:ae:d8:db:cb:37:0b:1a:7f:35:
         22:ec:eb:bc:82:5f:15:2e:f7:c6:89:ca:80:82:35:9a:d8:f5:
         75:3c:97:f9:3a:fa:0d:21:de:6b:d9:5d:6a:d4:b6:76:8e:b5:
         e9:6c:5f:b1
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUZVR8j9voWO34LTR/JHqxZ49QUI0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjI2MDAwMDAwWhcNMjMwMzAxMjM1OTU5
WjCBpTFJMEcGA1UEBRNANzRkZjBhNDY1NWJiYjNlYzkxMTIxMTQ0ZDA2MDdjM2I2
NDNkYmJkNWIxMDk4YzJlMzUyNWZlZmIxMDVjZjMxZDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAORrFotNhSY6PDbn3Ah1N1NC0w4IKtI6sFCYP38+/ZABK8pX8BzL
u4DfTqJ4dHbau7IablVhaPFT+vhrNHqeTFZAJ1gAm+n4XVLZvDZhGiM6frPjVx7O
+pgI14859Iab4l9hHJOGsRMSV6Kv93/8qKGi37F//ncnKQi+B59iMCYTmcdteHRa
nRY9XFyeEZ6pNW91CASVvL+feCh2ZAMpyIJJpQel2nbt6X/OcLkYtZy2UEpuMLHK
67YeaIsCc/sTw+1dqDeG4A0DGbQd/KZhmZFXYDHvtnVv7R4FEkrpZCp7mQWd5Ykv
kIH4saWdwEWD76Ws5RXcETl5YxB15I/CFOsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRP2/XZo5+dIYmLp5zzl+BnKGhUGDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYzFkOTNjZGUtYjE0ZS00YTg4LTkyMTEtMGFjYmJlNzNhMDkxLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAI6I2JmTAzqA1Da3
ltlUaqo1mvKn3cLsq66eGWqD+Thg8J8yzvCyqZxezHrvs1CFNgVyYdinhS/DsAGf
HTyw39bbyZA69jTzNYLWCudFbThXSzzzX599om7o0CZznBCCBPhuLPLqcuX76i8+
0oQe0QQjwcJX2xGcUbMqiCJ1wBHZC+nsdaaV++BOACKw0bBeFRcAf4l4nbDJhW0K
/2SFQR/2kNzMMq7IeOktW0J01/UNoTs08ZrbgGGLw2wPlgmS6tFOHVBoCeeSYWn3
UHmZEq7Y28s3Cxp/NSLs67yCXxUu98aJyoCCNZrY9XU8l/k6+g0h3mvZXWrUtnaO
telsX7E=
-----END CERTIFICATE-----