Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c69522cf-49db-4041-a7a1-968551d4417d.roa
File:                     c69522cf-49db-4041-a7a1-968551d4417d.roa (raw, json)
Hash identifier:          xgnjUl7ASC7g1Jdval4OX+hX45AScB1Uj934tM3LoQM=
Subject key identifier:   6F:E7:BF:D5:25:B8:8E:23:2A:F8:82:63:88:C4:D6:09:8E:B7:CA:8A
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       3B6EF302BCA87F63DC61E8C0DC29443DC4E2A4C1
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c69522cf-49db-4041-a7a1-968551d4417d.roa
Signing time:             Mon 05 Jun 2023 00:00:00 +0000
ROA not before:           Mon 05 Jun 2023 00:00:00 +0000
ROA not after:            Thu 08 Jun 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:6e:f3:02:bc:a8:7f:63:dc:61:e8:c0:dc:29:44:3d:c4:e2:a4:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jun  5 00:00:00 2023 GMT
            Not After : Jun  8 23:59:59 2023 GMT
        Subject: serialNumber=1302df6a163f684f1f4542afe3e872b2b6549f2108b49d03887ad58ac3861d17, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:97:4d:c1:5c:a3:ff:34:a4:ba:49:98:d2:d4:
                    29:e3:20:24:87:48:d2:47:f3:35:1c:78:6f:db:08:
                    aa:b2:dc:04:fe:2b:38:b4:13:d9:9a:f8:d0:c7:cc:
                    a6:51:87:be:9c:2a:e5:3e:2b:ab:ea:ec:00:dd:90:
                    32:c5:1f:8e:15:c0:90:3d:9d:58:46:9a:70:7a:d9:
                    57:03:da:19:8b:ff:83:e9:01:d8:d2:6f:c3:0d:6e:
                    90:4f:29:44:e1:be:35:b5:49:a8:a9:bb:3d:4b:12:
                    d1:93:af:a1:fc:fa:b3:dc:d6:93:d3:37:5d:e5:eb:
                    4b:b3:18:36:e5:fc:1e:34:58:36:41:1f:20:3d:6e:
                    c1:56:a2:ba:28:de:5a:ba:8e:d7:4d:9b:85:21:b0:
                    2f:7d:01:f4:43:50:84:0b:73:bd:cf:61:99:55:65:
                    7c:ed:60:15:82:8e:63:0d:e4:c2:50:b8:2d:78:25:
                    68:1c:a2:e6:e5:e7:d9:ae:43:a1:b7:49:79:ed:cf:
                    50:10:69:05:1f:72:44:d4:a0:36:ab:44:9a:4f:32:
                    ce:0d:66:dd:b1:08:5c:f6:e9:9b:25:32:68:5b:0f:
                    7d:ca:67:d0:7c:9f:4b:b7:83:50:db:77:ca:2b:29:
                    bb:39:fc:cb:ed:87:1a:7a:22:d6:67:5a:1a:2a:c9:
                    20:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:E7:BF:D5:25:B8:8E:23:2A:F8:82:63:88:C4:D6:09:8E:B7:CA:8A
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c69522cf-49db-4041-a7a1-968551d4417d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:a1:9d:44:ed:34:1d:ae:4c:cd:46:b3:df:75:7d:29:57:ca:
         d8:02:12:17:d4:52:1b:7e:ed:3a:05:ef:15:09:1d:6a:45:94:
         1d:a4:d1:b4:ee:ff:2c:ac:cd:e4:04:ca:84:5e:dc:c9:fe:da:
         2b:87:bb:06:a7:25:09:f4:b1:fe:42:f0:6b:f4:12:d0:21:bf:
         9f:c3:ef:65:3f:32:4e:88:ab:a9:46:0d:5b:b0:d5:01:b8:5e:
         e9:ea:95:ba:fe:6a:7c:7f:b3:ff:b6:c3:20:c0:58:b5:b4:7e:
         86:e7:87:c3:4e:3d:d2:ff:bc:02:7a:7a:f2:e5:cb:b7:39:49:
         7b:8c:07:7e:62:03:e1:77:41:bf:95:59:7e:e4:46:2e:5b:73:
         5a:bc:66:25:90:dd:7b:50:53:7f:ce:3b:db:25:c2:f4:d2:c6:
         f5:75:9b:15:44:81:02:17:29:b4:a6:65:c2:d3:72:0b:d7:fe:
         9c:b7:8b:c9:e7:f7:56:07:e0:11:cd:3d:02:e3:74:a8:3c:11:
         7e:0a:e0:79:26:90:61:6f:d2:50:23:b4:f8:d2:4a:05:82:84:
         8b:98:8e:06:9b:ab:3a:3c:4b:12:9e:3a:17:1a:a0:03:3d:28:
         b0:d5:51:43:9d:76:93:7b:3a:5f:b4:88:90:f5:a5:ff:a5:c5:
         7f:9b:dc:64
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUO27zAryof2PcYejA3ClEPcTipMEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNjA1MDAwMDAwWhcNMjMwNjA4MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMTMwMmRmNmExNjNmNjg0ZjFmNDU0MmFmZTNlODcyYjJi
NjU0OWYyMTA4YjQ5ZDAzODg3YWQ1OGFjMzg2MWQxNzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAOWXTcFco/80pLpJmNLUKeMgJIdI0kfzNRx4b9sIqrLcBP4rOLQT
2Zr40MfMplGHvpwq5T4rq+rsAN2QMsUfjhXAkD2dWEaacHrZVwPaGYv/g+kB2NJv
ww1ukE8pROG+NbVJqKm7PUsS0ZOvofz6s9zWk9M3XeXrS7MYNuX8HjRYNkEfID1u
wVaiuijeWrqO102bhSGwL30B9ENQhAtzvc9hmVVlfO1gFYKOYw3kwlC4LXglaByi
5uXn2a5DobdJee3PUBBpBR9yRNSgNqtEmk8yzg1m3bEIXPbpmyUyaFsPfcpn0Hyf
S7eDUNt3yispuzn8y+2HGnoi1mdaGirJIIECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRv57/VJbiOIyr4gmOIxNYJjrfKijAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYzY5NTIyY2YtNDlkYi00MDQxLWE3YTEtOTY4NTUxZDQ0MTdkLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKChnUTtNB2uTM1G
s991fSlXytgCEhfUUht+7ToF7xUJHWpFlB2k0bTu/yyszeQEyoRe3Mn+2iuHuwan
JQn0sf5C8Gv0EtAhv5/D72U/Mk6Iq6lGDVuw1QG4Xunqlbr+anx/s/+2wyDAWLW0
fobnh8NOPdL/vAJ6evLly7c5SXuMB35iA+F3Qb+VWX7kRi5bc1q8ZiWQ3XtQU3/O
O9slwvTSxvV1mxVEgQIXKbSmZcLTcgvX/py3i8nn91YH4BHNPQLjdKg8EX4K4Hkm
kGFv0lAjtPjSSgWChIuYjgabqzo8SxKeOhcaoAM9KLDVUUOddpN7Ol+0iJD1pf+l
xX+b3GQ=
-----END CERTIFICATE-----