Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c634b3c1-5c9a-4cda-88ea-7cbdfce3c1c0.roa
File:                     c634b3c1-5c9a-4cda-88ea-7cbdfce3c1c0.roa (raw, json)
Hash identifier:          8929CYXxQlOVMk2a2HVgmd6J4P2lh/3EEjWEA/ot0KI=
Subject key identifier:   87:20:60:97:78:AB:CE:9E:02:09:BA:C5:44:B6:C9:97:5A:4E:D9:DC
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       32A6FC7F5F55A26D453B2C4C3AB582F4B2F2DDA2
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c634b3c1-5c9a-4cda-88ea-7cbdfce3c1c0.roa
Signing time:             Wed 22 Feb 2023 00:00:00 +0000
ROA not before:           Wed 22 Feb 2023 00:00:00 +0000
ROA not after:            Sat 25 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:a6:fc:7f:5f:55:a2:6d:45:3b:2c:4c:3a:b5:82:f4:b2:f2:dd:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 22 00:00:00 2023 GMT
            Not After : Feb 25 23:59:59 2023 GMT
        Subject: serialNumber=85695f9d6985a1072804f55c2471ca39247e52c983e78630a72aed9f77aff083, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:b9:cf:15:39:65:24:c1:50:6d:6b:62:36:55:
                    7e:16:02:40:59:c8:4f:f7:bc:8c:e6:03:dc:d3:0b:
                    86:98:63:ab:3a:40:81:56:7d:24:1a:f8:9f:7f:bb:
                    f7:f3:8b:a4:82:43:a4:e9:74:13:2e:2b:15:99:64:
                    98:17:15:86:95:40:ce:4b:e0:9f:18:fd:53:17:6c:
                    75:04:5f:3d:0b:e1:0e:1a:ef:02:cf:49:68:95:22:
                    88:ef:07:f9:c4:cb:7a:19:5a:a7:c8:47:f5:f5:c1:
                    6f:db:be:be:14:9c:62:91:95:f7:95:5c:f9:c7:9c:
                    55:21:32:a8:68:c8:f7:2a:d8:53:38:c2:f9:62:94:
                    72:7c:f5:66:57:47:90:66:5c:78:df:e4:9a:d7:7a:
                    1b:ef:8e:13:3e:d5:24:35:ce:23:7d:24:1d:eb:34:
                    cb:cc:24:f9:e2:c6:da:19:f2:bd:7c:1f:2d:b8:13:
                    63:29:b4:7e:82:05:81:de:70:16:0c:46:d6:c7:80:
                    70:d6:c4:0b:72:07:03:d2:3c:87:34:7b:82:e6:f9:
                    07:34:06:db:97:fd:71:b0:65:f6:ca:00:69:1c:46:
                    42:34:66:aa:69:5f:bf:1e:c3:74:1f:bf:26:ed:60:
                    bb:bd:f1:3c:67:fe:ae:1c:a1:4e:b9:e7:68:2a:63:
                    af:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:20:60:97:78:AB:CE:9E:02:09:BA:C5:44:B6:C9:97:5A:4E:D9:DC
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c634b3c1-5c9a-4cda-88ea-7cbdfce3c1c0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:6e:22:75:16:df:63:3e:2e:67:68:86:85:8e:f6:0e:1b:f6:
         6d:53:4c:44:02:b4:e8:44:15:03:bb:ac:aa:5b:1e:28:42:44:
         c5:f5:ca:4c:1b:a4:8f:a6:ce:61:b2:a6:32:ce:92:fc:3a:9c:
         32:13:f9:20:56:08:e5:b3:b4:24:cf:f5:7f:95:f3:8f:3c:be:
         26:91:03:a4:f5:20:90:d4:e2:ca:28:8c:c8:14:68:49:3b:39:
         34:3e:f2:23:e4:0f:82:e4:9a:1e:b4:e6:5b:c4:40:80:3d:b8:
         25:ed:a7:0a:1d:43:c0:9d:3b:6b:e6:a4:74:34:0a:f0:ff:74:
         d8:bd:a1:6f:91:cc:8e:0f:d3:b4:47:5d:2d:de:d6:e6:89:98:
         53:ca:59:76:4c:c4:e0:c8:95:2e:2f:35:c1:69:84:ac:71:20:
         9e:f2:ab:a1:16:be:6b:9f:34:ba:2a:47:6e:07:01:f7:f7:a5:
         45:db:c2:7d:1c:19:96:f6:b4:81:b8:e4:12:59:07:10:aa:6f:
         2e:49:e3:32:11:22:f2:4b:09:3d:35:04:90:05:38:cd:cf:ae:
         8b:70:23:75:3e:d1:65:7e:27:d2:5c:c1:7f:02:db:78:61:e1:
         66:cb:7a:bb:31:3a:48:ae:f2:69:23:ce:ff:cd:80:72:b0:35:
         4e:75:e5:a0
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUMqb8f19Vom1FOyxMOrWC9LLy3aIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjIyMDAwMDAwWhcNMjMwMjI1MjM1OTU5
WjCBpTFJMEcGA1UEBRNAODU2OTVmOWQ2OTg1YTEwNzI4MDRmNTVjMjQ3MWNhMzky
NDdlNTJjOTgzZTc4NjMwYTcyYWVkOWY3N2FmZjA4MzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANO5zxU5ZSTBUG1rYjZVfhYCQFnIT/e8jOYD3NMLhphjqzpAgVZ9
JBr4n3+79/OLpIJDpOl0Ey4rFZlkmBcVhpVAzkvgnxj9UxdsdQRfPQvhDhrvAs9J
aJUiiO8H+cTLehlap8hH9fXBb9u+vhScYpGV95Vc+cecVSEyqGjI9yrYUzjC+WKU
cnz1ZldHkGZceN/kmtd6G++OEz7VJDXOI30kHes0y8wk+eLG2hnyvXwfLbgTYym0
foIFgd5wFgxG1seAcNbEC3IHA9I8hzR7gub5BzQG25f9cbBl9soAaRxGQjRmqmlf
vx7DdB+/Ju1gu73xPGf+rhyhTrnnaCpjr0MCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSHIGCXeKvOngIJusVEtsmXWk7Z3DAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYzYzNGIzYzEtNWM5YS00Y2RhLTg4ZWEtN2NiZGZjZTNjMWMwLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAD9uInUW32M+Lmdo
hoWO9g4b9m1TTEQCtOhEFQO7rKpbHihCRMX1ykwbpI+mzmGypjLOkvw6nDIT+SBW
COWztCTP9X+V8488viaRA6T1IJDU4soojMgUaEk7OTQ+8iPkD4Lkmh605lvEQIA9
uCXtpwodQ8CdO2vmpHQ0CvD/dNi9oW+RzI4P07RHXS3e1uaJmFPKWXZMxODIlS4v
NcFphKxxIJ7yq6EWvmufNLoqR24HAff3pUXbwn0cGZb2tIG45BJZBxCqby5J4zIR
IvJLCT01BJAFOM3ProtwI3U+0WV+J9JcwX8C23hh4WbLersxOkiu8mkjzv/NgHKw
NU515aA=
-----END CERTIFICATE-----