Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c42858aa-d3a2-4cee-abe3-2bccbd3b065b.roa
File:                     c42858aa-d3a2-4cee-abe3-2bccbd3b065b.roa (raw, json)
Hash identifier:          4ezJT0DOPqP5cQDofjHLNNGv/fKOhGOq8ProsrZxzEk=
Subject key identifier:   C1:25:E0:B6:0C:04:F5:0D:FC:21:18:11:46:79:F6:D1:DC:D8:25:58
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       52238074AF436BFF4C30701B05836E164B1B1316
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c42858aa-d3a2-4cee-abe3-2bccbd3b065b.roa
Signing time:             Wed 19 Apr 2023 00:00:00 +0000
ROA not before:           Wed 19 Apr 2023 00:00:00 +0000
ROA not after:            Sat 22 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:23:80:74:af:43:6b:ff:4c:30:70:1b:05:83:6e:16:4b:1b:13:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 19 00:00:00 2023 GMT
            Not After : Apr 22 23:59:59 2023 GMT
        Subject: serialNumber=6f791856bd24dda619db6298b8c0b1ebf826a5030d839f5b26138cf806158171, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:8b:be:cf:1a:d7:28:43:79:94:c5:d8:8d:bc:
                    e6:d4:ac:d1:b6:b4:79:ff:f0:78:a6:6a:d5:ee:f8:
                    f3:2f:6a:0a:50:e7:2c:50:9c:ae:a3:af:7e:96:3a:
                    8a:a2:67:ba:9c:7f:d4:18:10:f2:13:f9:58:d1:46:
                    31:01:6d:4f:2a:cf:69:3d:2b:d5:99:a6:5b:67:be:
                    1d:72:37:73:dc:b3:df:fd:37:17:cf:02:fa:14:4c:
                    93:df:b3:25:0d:b3:71:ce:6a:6c:80:6e:ab:d5:29:
                    f1:a4:06:92:31:ec:98:91:76:9a:c1:c3:f5:d9:fe:
                    62:ef:2c:4f:86:87:06:7e:21:83:9a:76:8b:cd:bd:
                    d7:e2:c9:d0:6c:18:74:b5:b3:00:f2:53:d4:ca:c4:
                    7e:57:f3:9f:c9:03:fd:c2:ec:00:96:2b:76:c8:5b:
                    ee:c1:d7:e4:44:da:73:cd:07:c9:4f:a0:a1:8e:83:
                    21:37:6c:00:8c:7d:0d:a5:13:55:e2:da:fa:03:03:
                    df:65:ee:ab:8c:15:dd:e7:5d:45:0e:f3:32:7b:ba:
                    70:a2:44:4c:b5:45:d1:16:b7:9f:43:85:6f:f4:81:
                    82:30:22:93:5f:ac:f5:c7:29:cd:d8:97:30:53:91:
                    18:b3:f9:50:6d:be:b1:ab:9c:f9:b3:ea:e4:5e:44:
                    af:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:25:E0:B6:0C:04:F5:0D:FC:21:18:11:46:79:F6:D1:DC:D8:25:58
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c42858aa-d3a2-4cee-abe3-2bccbd3b065b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:64:20:f7:24:2a:02:e9:01:b9:5a:50:24:70:89:36:43:4a:
         bd:1c:cb:e2:67:26:9f:2d:ef:db:1f:b0:96:d8:88:85:7a:e3:
         88:4a:13:51:3e:7e:8f:3d:6a:fd:58:69:46:94:17:aa:ca:0d:
         f2:c6:64:18:54:a1:d1:a6:d1:ec:c8:63:09:21:9a:9d:bb:d1:
         61:8a:1b:cc:2d:db:0b:9e:45:a2:ff:ac:45:dc:d5:db:f3:97:
         4b:92:6a:b0:25:e9:ee:ad:e1:07:0b:53:33:62:1a:e8:50:73:
         12:6a:23:5c:f7:41:70:7a:ea:3d:f3:d1:3f:8f:7f:bf:c1:49:
         9f:c0:14:a6:7c:36:f0:d7:d3:f3:5b:57:a3:b0:2b:01:e4:d8:
         41:0c:4d:90:d5:2d:74:41:dd:41:e5:3a:5f:a2:2d:c7:d6:f0:
         c3:1e:58:b6:05:b6:33:b9:27:17:64:a2:26:c0:d3:65:fe:d2:
         6d:21:a0:dd:8c:b2:cd:5b:50:96:9b:07:92:86:b4:d7:1c:0a:
         78:e0:61:2b:27:d1:a6:56:d7:b8:50:94:10:68:38:c8:a3:5a:
         ba:e7:a8:d1:6e:23:4f:3f:d5:98:c2:f3:2d:37:80:e3:af:44:
         1d:12:f3:2f:ee:70:8c:c8:a9:7c:54:e2:54:ac:9a:bb:aa:63:
         c7:16:b0:51
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUUiOAdK9Da/9MMHAbBYNuFksbExYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDE5MDAwMDAwWhcNMjMwNDIyMjM1OTU5
WjCBpTFJMEcGA1UEBRNANmY3OTE4NTZiZDI0ZGRhNjE5ZGI2Mjk4YjhjMGIxZWJm
ODI2YTUwMzBkODM5ZjViMjYxMzhjZjgwNjE1ODE3MTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAOuLvs8a1yhDeZTF2I285tSs0ba0ef/weKZq1e748y9qClDnLFCc
rqOvfpY6iqJnupx/1BgQ8hP5WNFGMQFtTyrPaT0r1ZmmW2e+HXI3c9yz3/03F88C
+hRMk9+zJQ2zcc5qbIBuq9Up8aQGkjHsmJF2msHD9dn+Yu8sT4aHBn4hg5p2i829
1+LJ0GwYdLWzAPJT1MrEflfzn8kD/cLsAJYrdshb7sHX5ETac80HyU+goY6DITds
AIx9DaUTVeLa+gMD32Xuq4wV3eddRQ7zMnu6cKJETLVF0Ra3n0OFb/SBgjAik1+s
9ccpzdiXMFORGLP5UG2+sauc+bPq5F5Er18CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTBJeC2DAT1DfwhGBFGefbR3NglWDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYzQyODU4YWEtZDNhMi00Y2VlLWFiZTMtMmJjY2JkM2IwNjViLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADtkIPckKgLpAbla
UCRwiTZDSr0cy+JnJp8t79sfsJbYiIV644hKE1E+fo89av1YaUaUF6rKDfLGZBhU
odGm0ezIYwkhmp270WGKG8wt2wueRaL/rEXc1dvzl0uSarAl6e6t4QcLUzNiGuhQ
cxJqI1z3QXB66j3z0T+Pf7/BSZ/AFKZ8NvDX0/NbV6OwKwHk2EEMTZDVLXRB3UHl
Ol+iLcfW8MMeWLYFtjO5JxdkoibA02X+0m0hoN2Mss1bUJabB5KGtNccCnjgYSsn
0aZW17hQlBBoOMijWrrnqNFuI08/1ZjC8y03gOOvRB0S8y/ucIzIqXxU4lSsmruq
Y8cWsFE=
-----END CERTIFICATE-----