Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c57b6018-93c4-4075-b2a5-497f24bf9d6c.roa
File:                     c57b6018-93c4-4075-b2a5-497f24bf9d6c.roa (raw, json)
Hash identifier:          PNZa7rg4RcTXh4DLf5YFn6kHOh5GMmOQOLm8EnKFZeM=
Subject key identifier:   DE:93:32:E3:BD:04:B7:91:0F:32:D4:F9:DE:CC:D4:89:91:22:D6:85
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       4BF48226BD01AC07C27015DD6EA028272206F305
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c57b6018-93c4-4075-b2a5-497f24bf9d6c.roa
Signing time:             Tue 28 Mar 2023 00:00:00 +0000
ROA not before:           Tue 28 Mar 2023 00:00:00 +0000
ROA not after:            Fri 31 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:f4:82:26:bd:01:ac:07:c2:70:15:dd:6e:a0:28:27:22:06:f3:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 28 00:00:00 2023 GMT
            Not After : Mar 31 23:59:59 2023 GMT
        Subject: serialNumber=f649c5ea05ab3ab29f35c94ae3757057ee578ba48ae818aa4c7caca5a75c2305, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:ca:4e:72:f5:de:ee:4e:b7:b3:99:4a:bd:03:
                    01:d0:73:7b:bb:e4:20:16:b5:18:6b:c4:d4:f4:16:
                    0e:83:3e:58:a0:88:2b:58:9b:ab:2a:40:ed:0f:4e:
                    67:38:fa:e7:62:4d:e0:4d:be:95:7b:f7:a9:79:1f:
                    75:2e:ff:12:48:3a:38:d9:35:cf:9a:8f:6e:a9:ea:
                    58:86:e9:d4:b3:05:1d:71:d6:43:d3:76:bb:8c:59:
                    98:e0:44:8a:60:2a:08:27:45:66:30:50:b7:03:c3:
                    56:b3:1c:ca:e4:1e:12:8a:41:17:fe:11:0e:37:d9:
                    00:5b:a6:35:39:91:05:3f:e4:2d:92:f3:f9:6a:af:
                    61:18:0c:b3:ad:e7:c3:b7:9e:81:bf:e3:5b:fc:07:
                    ef:07:2f:d0:57:4c:ce:c5:60:e7:d7:90:24:1c:f2:
                    fd:49:1f:43:bf:f3:68:67:ed:45:53:f2:01:83:26:
                    5d:3f:a3:aa:2a:1a:3f:51:e4:25:da:d3:ef:0c:1c:
                    30:14:39:4c:4f:59:ec:89:17:32:be:ee:1a:e1:50:
                    1c:1f:04:78:58:30:1f:18:3f:92:49:83:0b:c5:7c:
                    f9:2d:80:1c:2d:44:6d:ee:d7:71:7c:bb:2e:cb:6d:
                    31:b1:06:92:b3:cd:a6:80:4f:6c:01:ee:28:2e:3e:
                    ac:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:93:32:E3:BD:04:B7:91:0F:32:D4:F9:DE:CC:D4:89:91:22:D6:85
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c57b6018-93c4-4075-b2a5-497f24bf9d6c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:97:42:a6:be:e4:b5:d4:1a:2d:89:86:7d:6a:6a:49:53:e0:
         08:c3:f7:e8:de:4e:91:16:46:86:b6:62:d9:53:fc:1a:d1:9e:
         af:5b:48:22:1e:2e:d1:05:0c:ec:67:a9:23:1e:59:2a:eb:ed:
         b5:8a:36:82:e4:b8:d0:07:43:3c:8f:01:82:b1:bb:d6:0c:b7:
         40:24:2b:57:92:6d:fd:6c:0d:58:e6:34:4d:da:28:ba:f4:87:
         51:ee:1a:3c:f3:69:4c:28:8c:d4:41:55:b4:0a:7f:02:39:68:
         a3:2a:3b:00:e5:d6:c7:38:33:42:7a:10:a2:1e:d4:a6:3b:62:
         c8:fe:89:f5:f3:3c:ac:3f:16:95:95:d9:1f:6b:8c:ea:a7:16:
         fd:93:18:a7:8e:a0:a5:db:c8:a4:5c:d3:5c:bd:96:06:f5:6a:
         d0:93:f3:ac:a3:1d:18:7a:8a:ba:9e:32:cf:c0:e2:10:aa:3a:
         ef:da:14:c6:80:73:24:ca:50:0d:cb:7d:12:d4:9b:9b:d0:66:
         dc:97:94:5d:21:c3:0c:63:02:42:b0:d5:28:90:c6:46:b3:52:
         f2:92:ca:3b:9a:42:92:c3:cf:08:e0:98:11:17:d1:82:4b:bd:
         80:23:c2:72:11:80:ed:94:f1:35:6f:ca:e3:f7:7b:49:e8:62:
         3a:39:52:d2
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUS/SCJr0BrAfCcBXdbqAoJyIG8wUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzI4MDAwMDAwWhcNMjMwMzMxMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZjY0OWM1ZWEwNWFiM2FiMjlmMzVjOTRhZTM3NTcwNTdl
ZTU3OGJhNDhhZTgxOGFhNGM3Y2FjYTVhNzVjMjMwNTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJrKTnL13u5Ot7OZSr0DAdBze7vkIBa1GGvE1PQWDoM+WKCIK1ib
qypA7Q9OZzj652JN4E2+lXv3qXkfdS7/Ekg6ONk1z5qPbqnqWIbp1LMFHXHWQ9N2
u4xZmOBEimAqCCdFZjBQtwPDVrMcyuQeEopBF/4RDjfZAFumNTmRBT/kLZLz+Wqv
YRgMs63nw7eegb/jW/wH7wcv0FdMzsVg59eQJBzy/UkfQ7/zaGftRVPyAYMmXT+j
qioaP1HkJdrT7wwcMBQ5TE9Z7IkXMr7uGuFQHB8EeFgwHxg/kkmDC8V8+S2AHC1E
be7XcXy7LsttMbEGkrPNpoBPbAHuKC4+rMECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTekzLjvQS3kQ8y1PnezNSJkSLWhTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYzU3YjYwMTgtOTNjNC00MDc1LWIyYTUtNDk3ZjI0YmY5ZDZjLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKGXQqa+5LXUGi2J
hn1qaklT4AjD9+jeTpEWRoa2YtlT/BrRnq9bSCIeLtEFDOxnqSMeWSrr7bWKNoLk
uNAHQzyPAYKxu9YMt0AkK1eSbf1sDVjmNE3aKLr0h1HuGjzzaUwojNRBVbQKfwI5
aKMqOwDl1sc4M0J6EKIe1KY7Ysj+ifXzPKw/FpWV2R9rjOqnFv2TGKeOoKXbyKRc
01y9lgb1atCT86yjHRh6irqeMs/A4hCqOu/aFMaAcyTKUA3LfRLUm5vQZtyXlF0h
wwxjAkKw1SiQxkazUvKSyjuaQpLDzwjgmBEX0YJLvYAjwnIRgO2U8TVvyuP3e0no
Yjo5UtI=
-----END CERTIFICATE-----