Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c8246b3c-d7ff-410c-9b86-0ddb40954f35.roa
File:                     c8246b3c-d7ff-410c-9b86-0ddb40954f35.roa (raw, json)
Hash identifier:          1vmVIWC2gVTRltM2YXg11jtGvoirkogIt6E5Djd3g6U=
Subject key identifier:   0D:07:E8:02:50:E7:AC:41:63:B1:A7:D4:CD:74:35:69:A5:DE:7D:DA
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       466AB3D01A80BEBA368074061CF14061844B278C
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c8246b3c-d7ff-410c-9b86-0ddb40954f35.roa
Signing time:             Thu 23 Mar 2023 00:00:00 +0000
ROA not before:           Thu 23 Mar 2023 00:00:00 +0000
ROA not after:            Sun 26 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:6a:b3:d0:1a:80:be:ba:36:80:74:06:1c:f1:40:61:84:4b:27:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 23 00:00:00 2023 GMT
            Not After : Mar 26 23:59:59 2023 GMT
        Subject: serialNumber=5d2202e4a15a3d871e55ec1eff527dd9d56f5d8d9535ad9dd3571c3d95f5ed3e, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:20:2a:6b:4f:5f:48:40:68:96:3c:00:5f:44:
                    ce:3b:e8:85:de:01:bd:c5:63:e1:73:bb:68:7f:20:
                    23:94:61:67:25:3b:d8:f1:19:0e:33:56:dc:f7:a4:
                    88:9b:0a:97:24:f9:27:a4:6b:8e:f1:86:71:36:0c:
                    26:23:1d:88:10:06:11:bd:f1:98:47:4e:38:06:10:
                    c7:40:d9:5a:ec:2a:37:33:f7:7c:78:aa:6e:05:e2:
                    66:2b:13:c6:a7:57:5b:01:a8:27:65:61:ea:e4:0e:
                    9b:53:90:83:ab:50:e8:d4:ad:bd:e5:d4:30:35:0e:
                    fd:9a:ae:f1:05:49:ec:92:9d:3c:6f:5d:63:2c:65:
                    b3:f4:24:37:b1:26:80:6d:71:38:b4:75:0b:07:21:
                    c3:01:78:b0:90:38:62:ff:81:19:7b:80:04:6c:44:
                    21:58:58:5f:fa:ca:f3:93:f1:ba:e0:0a:26:9c:4f:
                    d2:ef:44:9d:24:a9:79:ff:5c:10:35:58:b7:b5:57:
                    41:d9:97:4a:24:fd:6d:52:23:8c:52:08:17:a7:f3:
                    33:d0:6f:82:9d:f0:ad:cf:79:29:5f:ec:2a:f8:98:
                    26:d6:b7:fd:1d:4b:3a:ba:2c:c8:f5:f2:3c:5d:ec:
                    0e:07:26:4b:f7:09:c3:7c:c1:a2:1b:ef:dc:e3:f7:
                    7a:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:07:E8:02:50:E7:AC:41:63:B1:A7:D4:CD:74:35:69:A5:DE:7D:DA
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c8246b3c-d7ff-410c-9b86-0ddb40954f35.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:4e:8a:6f:57:15:70:e9:69:50:fd:8b:06:d9:86:e5:71:a1:
         a3:40:de:02:e1:6d:66:5a:b6:c9:ff:b0:b8:64:30:92:f8:aa:
         03:c8:05:49:3d:67:89:1d:8a:a7:2f:df:44:34:d6:90:c7:12:
         2f:22:ee:1a:88:7a:2a:0c:7d:9c:55:50:2b:bb:dd:9b:88:ac:
         56:7f:68:d4:9d:74:23:d8:a2:d6:ea:85:5c:57:27:a1:96:09:
         91:b5:fe:93:20:5f:7b:09:29:ac:42:b7:4a:e8:cf:d8:0b:8a:
         18:33:a4:43:75:07:88:17:ba:6b:c9:52:a3:36:d9:0f:b2:67:
         e8:60:6e:fd:bc:d1:82:aa:39:a5:71:5e:0a:b4:50:9b:2e:6b:
         a1:23:41:66:5b:e6:60:4c:c6:fa:cd:98:5c:25:be:6d:21:fc:
         4b:74:61:49:9e:19:b7:37:4d:8b:b2:1b:8c:50:98:5a:22:04:
         c6:a6:f8:84:a8:36:bb:b9:24:24:c9:e7:24:8d:e7:c5:aa:93:
         b7:17:d6:ef:db:d8:8f:3c:61:59:ef:14:4d:c4:f7:4e:d2:14:
         69:be:f2:d5:6a:58:b5:07:22:11:d9:03:2d:bd:7f:e4:c7:13:
         74:0a:2d:2d:df:cd:c1:eb:68:2a:66:51:98:77:c2:ff:b8:83:
         75:4b:9d:6a
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIURmqz0BqAvro2gHQGHPFAYYRLJ4wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzIzMDAwMDAwWhcNMjMwMzI2MjM1OTU5
WjCBpTFJMEcGA1UEBRNANWQyMjAyZTRhMTVhM2Q4NzFlNTVlYzFlZmY1MjdkZDlk
NTZmNWQ4ZDk1MzVhZDlkZDM1NzFjM2Q5NWY1ZWQzZTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAL0gKmtPX0hAaJY8AF9Ezjvohd4BvcVj4XO7aH8gI5RhZyU72PEZ
DjNW3PekiJsKlyT5J6RrjvGGcTYMJiMdiBAGEb3xmEdOOAYQx0DZWuwqNzP3fHiq
bgXiZisTxqdXWwGoJ2Vh6uQOm1OQg6tQ6NStveXUMDUO/Zqu8QVJ7JKdPG9dYyxl
s/QkN7EmgG1xOLR1CwchwwF4sJA4Yv+BGXuABGxEIVhYX/rK85PxuuAKJpxP0u9E
nSSpef9cEDVYt7VXQdmXSiT9bVIjjFIIF6fzM9Bvgp3wrc95KV/sKviYJta3/R1L
OrosyPXyPF3sDgcmS/cJw3zBohvv3OP3eiMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQNB+gCUOesQWOxp9TNdDVppd592jAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYzgyNDZiM2MtZDdmZi00MTBjLTliODYtMGRkYjQwOTU0ZjM1LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADZOim9XFXDpaVD9
iwbZhuVxoaNA3gLhbWZatsn/sLhkMJL4qgPIBUk9Z4kdiqcv30Q01pDHEi8i7hqI
eioMfZxVUCu73ZuIrFZ/aNSddCPYotbqhVxXJ6GWCZG1/pMgX3sJKaxCt0roz9gL
ihgzpEN1B4gXumvJUqM22Q+yZ+hgbv280YKqOaVxXgq0UJsua6EjQWZb5mBMxvrN
mFwlvm0h/Et0YUmeGbc3TYuyG4xQmFoiBMam+ISoNru5JCTJ5ySN58Wqk7cX1u/b
2I88YVnvFE3E907SFGm+8tVqWLUHIhHZAy29f+THE3QKLS3fzcHraCpmUZh3wv+4
g3VLnWo=
-----END CERTIFICATE-----