Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c8ad4102-1e97-450e-be4b-4d669271d5d3.roa
File:                     c8ad4102-1e97-450e-be4b-4d669271d5d3.roa (raw, json)
Hash identifier:          HE26jmnyWQTV+uVHTWu/Ix6SR7KhANBH275pRK6mplA=
Subject key identifier:   D8:2B:55:75:D8:DC:9C:C8:27:E5:C2:6F:79:C0:B1:A5:BF:CD:E6:DE
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       35FFF12392F679594A364F8E9EAE7A0D4F6F3694
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c8ad4102-1e97-450e-be4b-4d669271d5d3.roa
Signing time:             Tue 28 Mar 2023 00:00:00 +0000
ROA not before:           Tue 28 Mar 2023 00:00:00 +0000
ROA not after:            Fri 31 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:ff:f1:23:92:f6:79:59:4a:36:4f:8e:9e:ae:7a:0d:4f:6f:36:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 28 00:00:00 2023 GMT
            Not After : Mar 31 23:59:59 2023 GMT
        Subject: serialNumber=c461c9c2ec1ac5e52a45790dc46bf7fc2fb1ba8b99495fdb38c59cd0e7c2e734, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:91:cd:d9:28:ae:2d:08:30:98:01:22:76:5c:
                    19:2f:fb:4d:06:7e:f3:4b:42:e1:5f:71:a7:e2:8c:
                    c3:bd:83:9d:ed:1f:db:49:de:38:33:38:67:b5:70:
                    f2:a4:b1:6b:09:6e:b6:35:fc:c5:d9:be:fa:a4:7e:
                    28:19:0d:5e:0e:d2:78:33:79:a9:4d:3c:a6:f3:61:
                    5e:27:0e:da:22:ba:0d:cb:3c:c6:55:dc:75:e5:ad:
                    48:c9:13:b2:70:a3:da:93:b4:9e:cb:34:98:37:0b:
                    69:e3:ca:2f:a2:2e:95:6f:a8:10:44:8a:3f:48:98:
                    2a:38:6c:1a:e7:ef:b8:52:ca:50:1f:80:ab:3d:a2:
                    3e:35:4f:7a:da:c9:66:4d:47:1c:96:27:9f:f9:ef:
                    75:ce:10:27:70:da:8a:9c:59:d7:50:7a:14:50:9d:
                    d2:2a:ea:70:68:f0:9c:f5:ce:8d:8a:14:78:d2:79:
                    67:15:30:bc:36:ba:18:dd:03:0d:e7:48:8a:28:21:
                    a6:36:55:29:37:c2:88:34:56:e7:ad:d7:ff:89:46:
                    56:33:d1:34:80:ec:29:46:ed:f3:38:f3:15:7c:c3:
                    41:94:cb:21:99:ec:5b:78:7d:2b:2a:62:2d:fe:1c:
                    79:01:58:da:03:92:5c:de:2a:51:8b:f0:fa:2a:52:
                    0d:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:2B:55:75:D8:DC:9C:C8:27:E5:C2:6F:79:C0:B1:A5:BF:CD:E6:DE
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c8ad4102-1e97-450e-be4b-4d669271d5d3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:d1:ca:ae:77:0f:95:23:74:20:2a:b1:e1:7b:c3:86:0e:cf:
         8c:fd:66:c0:b9:29:04:c7:a6:58:09:1b:a0:8f:6a:17:53:af:
         67:1a:3a:a4:e8:72:53:da:cf:18:3f:8b:88:1f:5f:f3:72:0d:
         dd:aa:2c:3e:6b:a6:6c:ee:f3:b6:43:16:13:23:ba:4f:eb:14:
         61:fc:76:9f:41:f5:0b:4e:81:78:29:94:f1:5f:65:30:74:36:
         63:1b:76:58:56:84:00:57:57:dc:67:18:24:3e:4e:ed:ef:51:
         38:6f:df:08:b6:c5:44:89:78:26:79:7e:88:fe:ac:d4:c6:20:
         55:b8:ca:2c:a3:c7:3c:13:43:1e:7b:11:04:8b:b1:61:46:0e:
         cd:09:08:53:5b:e2:01:a6:4f:01:1f:24:19:a6:6e:68:e7:3c:
         9b:0a:b6:52:63:0c:7f:7d:6c:c8:2b:e2:aa:3c:be:c4:59:8e:
         5c:f6:f5:9f:7a:ed:20:36:6c:ca:0d:a2:51:e5:b8:6e:00:6d:
         54:19:17:d0:11:6f:95:10:59:22:d0:d8:e7:14:72:54:73:5c:
         31:34:69:b1:e7:4b:07:81:04:1e:6c:bd:ea:29:99:1a:30:2c:
         bc:2a:b1:73:f2:fb:85:be:f6:c7:fa:74:8e:02:7f:07:f0:74:
         ce:5d:d2:63
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUNf/xI5L2eVlKNk+Onq56DU9vNpQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzI4MDAwMDAwWhcNMjMwMzMxMjM1OTU5
WjCBpTFJMEcGA1UEBRNAYzQ2MWM5YzJlYzFhYzVlNTJhNDU3OTBkYzQ2YmY3ZmMy
ZmIxYmE4Yjk5NDk1ZmRiMzhjNTljZDBlN2MyZTczNDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALuRzdkori0IMJgBInZcGS/7TQZ+80tC4V9xp+KMw72Dne0f20ne
ODM4Z7Vw8qSxawlutjX8xdm++qR+KBkNXg7SeDN5qU08pvNhXicO2iK6Dcs8xlXc
deWtSMkTsnCj2pO0nss0mDcLaePKL6IulW+oEESKP0iYKjhsGufvuFLKUB+Aqz2i
PjVPetrJZk1HHJYnn/nvdc4QJ3DaipxZ11B6FFCd0irqcGjwnPXOjYoUeNJ5ZxUw
vDa6GN0DDedIiighpjZVKTfCiDRW563X/4lGVjPRNIDsKUbt8zjzFXzDQZTLIZns
W3h9KypiLf4ceQFY2gOSXN4qUYvw+ipSDYECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTYK1V12NycyCflwm95wLGlv83m3jAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYzhhZDQxMDItMWU5Ny00NTBlLWJlNGItNGQ2NjkyNzFkNWQzLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJXRyq53D5UjdCAq
seF7w4YOz4z9ZsC5KQTHplgJG6CPahdTr2caOqToclPazxg/i4gfX/NyDd2qLD5r
pmzu87ZDFhMjuk/rFGH8dp9B9QtOgXgplPFfZTB0NmMbdlhWhABXV9xnGCQ+Tu3v
UThv3wi2xUSJeCZ5foj+rNTGIFW4yiyjxzwTQx57EQSLsWFGDs0JCFNb4gGmTwEf
JBmmbmjnPJsKtlJjDH99bMgr4qo8vsRZjlz29Z967SA2bMoNolHluG4AbVQZF9AR
b5UQWSLQ2OcUclRzXDE0abHnSweBBB5sveopmRowLLwqsXPy+4W+9sf6dI4Cfwfw
dM5d0mM=
-----END CERTIFICATE-----