Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c4bc6a6d-441e-4e72-8569-b7a60e25c682.roa
File:                     c4bc6a6d-441e-4e72-8569-b7a60e25c682.roa (raw, json)
Hash identifier:          MV2r/H9S/u55/JGYDpc+K9d7qQLA7c/DuK0yGrPNN5Y=
Subject key identifier:   0E:58:A4:B7:79:3B:35:27:A6:F3:7E:BE:C9:BB:A4:57:11:31:78:2D
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       73D6185735624CDEB34E96A42E09D3A00252EDAE
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c4bc6a6d-441e-4e72-8569-b7a60e25c682.roa
Signing time:             Tue 25 Apr 2023 00:00:00 +0000
ROA not before:           Tue 25 Apr 2023 00:00:00 +0000
ROA not after:            Fri 28 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:d6:18:57:35:62:4c:de:b3:4e:96:a4:2e:09:d3:a0:02:52:ed:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 25 00:00:00 2023 GMT
            Not After : Apr 28 23:59:59 2023 GMT
        Subject: serialNumber=0612b8828bb74fb8a8da7ce42294efac15aed0fe015269b9d689acdd0bf5dd47, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:5f:0a:1b:78:7a:b9:06:f8:cb:98:f5:21:46:
                    5b:b3:9e:ca:a4:ee:9f:03:7e:7a:d9:9e:b0:b0:0e:
                    dd:b9:17:3a:0a:a5:ae:f2:38:27:6b:63:25:64:60:
                    19:19:9f:ba:4f:d2:d5:09:3a:0f:e5:bd:71:e1:b8:
                    b6:a9:c0:f7:6a:b3:e0:80:6d:7a:53:47:41:32:b2:
                    3f:02:dc:0f:84:aa:0b:37:19:0f:91:d2:9e:d8:09:
                    a7:24:00:0b:8e:ed:5f:64:35:79:df:37:f9:00:f9:
                    70:9b:25:24:86:68:d4:1f:d6:f4:84:cb:e6:53:58:
                    63:8e:b5:79:a6:1d:b8:a3:04:5a:47:a0:57:20:50:
                    b8:70:c1:09:f2:d2:95:b2:f9:cb:16:3c:be:2e:6d:
                    bc:d7:d9:e6:d6:c0:74:09:35:e0:80:81:a4:07:23:
                    3d:76:9f:b6:df:90:64:08:2b:ab:89:da:29:f8:74:
                    b7:41:a2:1d:87:e2:a3:f2:2c:14:70:9b:c6:4e:67:
                    c5:9d:81:3c:ca:2b:46:ba:31:86:f3:34:10:35:be:
                    d6:b6:7d:bb:f4:97:1e:bf:ad:09:85:e5:e5:ed:0d:
                    07:68:8d:bd:10:61:5e:86:bf:17:66:1a:bc:b7:fb:
                    5d:35:41:7c:6c:b3:95:0e:60:5e:de:97:23:65:57:
                    4c:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:58:A4:B7:79:3B:35:27:A6:F3:7E:BE:C9:BB:A4:57:11:31:78:2D
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c4bc6a6d-441e-4e72-8569-b7a60e25c682.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ce:2e:95:51:e7:55:4b:29:f6:45:8b:cc:6b:af:4d:09:02:5b:
         6f:30:6a:c6:ab:ef:56:e7:6d:e4:0b:45:76:f6:99:58:84:08:
         55:10:8b:eb:65:44:19:c8:d6:99:ce:65:65:a9:c3:54:17:f1:
         de:e0:44:69:45:39:4b:97:ea:f8:91:51:41:54:ca:72:70:59:
         2e:35:8a:4c:fd:0e:26:69:8c:42:0a:60:d9:3a:c8:b0:25:e0:
         dd:58:b3:06:96:5d:73:9c:17:58:ec:10:f8:a6:b4:bb:6c:4c:
         0d:10:92:a7:23:ca:51:c9:39:5e:b0:a1:f9:42:2c:4c:b3:9c:
         ea:62:e8:d4:2a:3b:72:8f:51:8a:04:1b:4e:09:9a:4e:db:04:
         43:95:b3:59:01:d9:32:fc:cb:73:91:de:e7:7a:bd:af:31:76:
         b9:f1:c7:80:39:ea:3b:1f:c4:31:39:06:53:b0:59:e3:a9:6d:
         6d:c6:7d:de:9c:26:d7:8e:db:69:ac:db:46:37:37:44:f0:33:
         c7:ba:b8:63:c9:90:8e:63:11:ed:a3:c6:0e:42:60:5e:7e:c9:
         16:19:fa:d3:92:90:08:1c:1f:3f:50:1f:5e:4b:1a:b2:f2:07:
         92:5f:42:78:ea:5e:55:af:7d:3d:b6:e9:94:77:b3:78:47:86:
         c5:9e:7c:1f
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUc9YYVzViTN6zTpakLgnToAJS7a4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDI1MDAwMDAwWhcNMjMwNDI4MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMDYxMmI4ODI4YmI3NGZiOGE4ZGE3Y2U0MjI5NGVmYWMx
NWFlZDBmZTAxNTI2OWI5ZDY4OWFjZGQwYmY1ZGQ0NzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAK1fCht4erkG+MuY9SFGW7OeyqTunwN+etmesLAO3bkXOgqlrvI4
J2tjJWRgGRmfuk/S1Qk6D+W9ceG4tqnA92qz4IBtelNHQTKyPwLcD4SqCzcZD5HS
ntgJpyQAC47tX2Q1ed83+QD5cJslJIZo1B/W9ITL5lNYY461eaYduKMEWkegVyBQ
uHDBCfLSlbL5yxY8vi5tvNfZ5tbAdAk14ICBpAcjPXaftt+QZAgrq4naKfh0t0Gi
HYfio/IsFHCbxk5nxZ2BPMorRroxhvM0EDW+1rZ9u/SXHr+tCYXl5e0NB2iNvRBh
Xoa/F2YavLf7XTVBfGyzlQ5gXt6XI2VXTM0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQOWKS3eTs1J6bzfr7Ju6RXETF4LTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYzRiYzZhNmQtNDQxZS00ZTcyLTg1NjktYjdhNjBlMjVjNjgyLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAM4ulVHnVUsp9kWL
zGuvTQkCW28wasar71bnbeQLRXb2mViECFUQi+tlRBnI1pnOZWWpw1QX8d7gRGlF
OUuX6viRUUFUynJwWS41ikz9DiZpjEIKYNk6yLAl4N1YswaWXXOcF1jsEPimtLts
TA0QkqcjylHJOV6woflCLEyznOpi6NQqO3KPUYoEG04Jmk7bBEOVs1kB2TL8y3OR
3ud6va8xdrnxx4A56jsfxDE5BlOwWeOpbW3Gfd6cJteO22ms20Y3N0TwM8e6uGPJ
kI5jEe2jxg5CYF5+yRYZ+tOSkAgcHz9QH15LGrLyB5JfQnjqXlWvfT226ZR3s3hH
hsWefB8=
-----END CERTIFICATE-----