Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c7252ccb-a617-41b8-9840-76c05f032dc3.roa
File:                     c7252ccb-a617-41b8-9840-76c05f032dc3.roa (raw, json)
Hash identifier:          PkhaIVoUM2GyYpyHgeWWYG08neXrnXb5NtYZ6lBBz0E=
Subject key identifier:   AE:9A:85:EA:A4:77:FF:06:C1:35:12:25:CB:AC:AE:CA:8C:83:DB:38
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       0B0039C3F7A3D2D68D9D8478BA801C62ED93F7CE
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c7252ccb-a617-41b8-9840-76c05f032dc3.roa
Signing time:             Thu 13 Apr 2023 00:00:00 +0000
ROA not before:           Thu 13 Apr 2023 00:00:00 +0000
ROA not after:            Sun 16 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:00:39:c3:f7:a3:d2:d6:8d:9d:84:78:ba:80:1c:62:ed:93:f7:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 13 00:00:00 2023 GMT
            Not After : Apr 16 23:59:59 2023 GMT
        Subject: serialNumber=04792cadccba6960fcf47c4a9e820bc3cec495391ff39ee7627e24348ee6dade, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:57:90:a2:ed:8c:52:7a:71:5c:b9:4d:6a:fa:
                    96:2a:84:bc:2b:f6:31:63:0d:17:09:5e:7a:c0:26:
                    96:97:19:45:c2:23:8e:c6:5b:1a:8f:19:60:78:32:
                    df:28:22:99:cb:84:cf:d9:44:9f:03:70:8c:02:c4:
                    90:9c:55:b0:2c:84:ef:60:19:e8:ef:9e:0c:dc:f1:
                    28:16:b8:31:72:e8:68:be:fc:5a:42:e1:01:27:ce:
                    42:b0:0b:ac:61:ec:c6:ea:14:9e:43:cd:cc:4d:9c:
                    63:34:e1:c2:53:9f:a3:c7:4c:83:ef:48:d3:d9:82:
                    3f:3f:8c:98:16:00:88:87:64:3b:d7:51:4a:78:ac:
                    cb:3d:c6:09:a6:54:9e:0f:e1:50:60:94:ce:0d:9a:
                    b2:de:9b:89:95:bb:7c:e2:31:ca:da:35:c4:95:e1:
                    76:b6:89:4e:e9:88:17:9c:c1:ef:2e:d8:e8:2c:ee:
                    7a:47:46:86:55:aa:61:35:84:54:ca:d2:3c:06:75:
                    03:7e:41:25:b4:b8:cd:2a:97:c2:80:37:22:6e:bc:
                    53:3e:de:81:62:11:45:7d:14:76:41:1d:cf:77:bf:
                    bc:d2:b7:53:04:52:0b:87:e8:b3:f6:31:eb:05:3a:
                    29:42:43:34:79:58:f9:13:a8:24:06:f7:99:d5:5b:
                    af:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:9A:85:EA:A4:77:FF:06:C1:35:12:25:CB:AC:AE:CA:8C:83:DB:38
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c7252ccb-a617-41b8-9840-76c05f032dc3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:bf:ba:c8:26:e6:2f:f5:a7:fc:53:38:7e:f0:80:a4:7a:4c:
         08:3a:35:d8:55:4d:07:f3:c8:ce:ce:a9:40:1b:a9:2e:7c:f0:
         b4:ad:fa:1b:17:22:16:18:46:54:7a:59:09:5b:03:eb:c9:27:
         8f:f4:1f:71:59:b4:08:1a:8b:85:78:e9:1f:68:bc:ff:57:e5:
         80:7f:63:72:8c:58:da:8f:77:ee:f0:f5:81:71:70:b9:1c:3c:
         07:74:79:3f:57:75:f9:60:c7:de:20:50:0e:65:65:a8:c4:81:
         0e:d2:1b:1c:1f:38:dc:ad:c8:aa:24:99:c3:bc:20:9c:e6:6c:
         b5:9a:43:36:36:92:07:ae:1f:42:e6:71:e6:47:85:eb:6e:8e:
         2b:31:8d:29:7f:74:78:03:5b:7d:c1:ec:1a:1a:5d:e5:4e:cf:
         2b:e3:39:1a:f3:66:b4:4d:a1:e9:bc:59:b3:d0:ef:e2:4c:df:
         8a:d6:5c:e1:41:3e:bb:91:c2:6f:ac:e0:94:be:e9:90:be:1c:
         71:a4:bc:c0:c0:1d:58:1c:73:50:d0:6e:ef:0d:70:a9:34:84:
         b6:96:8f:a9:2e:8f:21:3b:24:60:21:75:25:62:f5:61:08:84:
         e2:4b:64:29:14:a2:98:ad:40:3d:85:d0:8f:09:41:c0:ee:f9:
         58:5c:57:d4
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUCwA5w/ej0taNnYR4uoAcYu2T984wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDEzMDAwMDAwWhcNMjMwNDE2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMDQ3OTJjYWRjY2JhNjk2MGZjZjQ3YzRhOWU4MjBiYzNj
ZWM0OTUzOTFmZjM5ZWU3NjI3ZTI0MzQ4ZWU2ZGFkZTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANZXkKLtjFJ6cVy5TWr6liqEvCv2MWMNFwleesAmlpcZRcIjjsZb
Go8ZYHgy3ygimcuEz9lEnwNwjALEkJxVsCyE72AZ6O+eDNzxKBa4MXLoaL78WkLh
ASfOQrALrGHsxuoUnkPNzE2cYzThwlOfo8dMg+9I09mCPz+MmBYAiIdkO9dRSnis
yz3GCaZUng/hUGCUzg2ast6biZW7fOIxyto1xJXhdraJTumIF5zB7y7Y6CzuekdG
hlWqYTWEVMrSPAZ1A35BJbS4zSqXwoA3Im68Uz7egWIRRX0UdkEdz3e/vNK3UwRS
C4fos/Yx6wU6KUJDNHlY+ROoJAb3mdVbr8UCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSumoXqpHf/BsE1EiXLrK7KjIPbODAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYzcyNTJjY2ItYTYxNy00MWI4LTk4NDAtNzZjMDVmMDMyZGMzLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHi/usgm5i/1p/xT
OH7wgKR6TAg6NdhVTQfzyM7OqUAbqS588LSt+hsXIhYYRlR6WQlbA+vJJ4/0H3FZ
tAgai4V46R9ovP9X5YB/Y3KMWNqPd+7w9YFxcLkcPAd0eT9Xdflgx94gUA5lZajE
gQ7SGxwfONytyKokmcO8IJzmbLWaQzY2kgeuH0LmceZHhetujisxjSl/dHgDW33B
7BoaXeVOzyvjORrzZrRNoem8WbPQ7+JM34rWXOFBPruRwm+s4JS+6ZC+HHGkvMDA
HVgcc1DQbu8NcKk0hLaWj6kujyE7JGAhdSVi9WEIhOJLZCkUopitQD2F0I8JQcDu
+VhcV9Q=
-----END CERTIFICATE-----