Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c926cb91-280b-4139-ac36-dd04dc8a77e3.roa
File:                     c926cb91-280b-4139-ac36-dd04dc8a77e3.roa (raw, json)
Hash identifier:          X77/CAy44TN1qpSEw9UNQ/1h5ftvNuYvMWuooHlE3gE=
Subject key identifier:   C4:2D:AD:CF:BE:6E:64:FC:EC:B3:4B:1F:C2:D8:E1:44:C0:80:A0:8C
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       271EB58509F6AF27B071938611AD9295F82A8D82
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c926cb91-280b-4139-ac36-dd04dc8a77e3.roa
Signing time:             Mon 13 Mar 2023 00:00:00 +0000
ROA not before:           Mon 13 Mar 2023 00:00:00 +0000
ROA not after:            Thu 16 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:1e:b5:85:09:f6:af:27:b0:71:93:86:11:ad:92:95:f8:2a:8d:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 13 00:00:00 2023 GMT
            Not After : Mar 16 23:59:59 2023 GMT
        Subject: serialNumber=e8b905209f07494c89cf3d447ab633ed8ced22eaab1b6335213516a934fdf94f, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:1a:94:6f:37:4d:e0:ff:74:e9:70:eb:7c:03:
                    0f:3a:7b:b4:d9:58:b3:5c:a3:93:f8:c8:74:73:11:
                    88:8c:b8:c1:fb:63:07:22:71:df:41:9c:97:1e:f2:
                    34:ab:80:3d:d0:b2:83:f8:67:3a:0d:a3:b3:e0:b8:
                    30:33:fc:d5:00:05:cc:3c:50:74:ff:71:83:28:5c:
                    44:22:7d:e8:61:b2:f2:f9:95:54:30:68:48:50:32:
                    c1:13:50:89:08:d0:5b:03:fd:01:f2:32:74:dd:ad:
                    7a:d7:01:96:46:1b:d5:14:24:a5:c2:e7:79:3e:60:
                    6e:af:86:81:76:2e:67:49:d0:79:41:35:79:b3:39:
                    1d:8b:18:48:20:c0:85:56:55:6f:98:9c:2b:7f:ac:
                    db:ca:02:d2:4f:b9:43:e0:27:6f:7e:d9:60:e0:4c:
                    28:e8:ae:ac:7f:e3:57:bd:90:86:73:84:89:47:f8:
                    f6:b4:4a:af:3f:57:7f:7e:db:f0:fd:73:8c:db:84:
                    a7:43:04:73:01:c5:f0:81:ff:61:f1:67:60:7e:2b:
                    0c:52:25:41:56:7d:45:d8:52:dd:9b:81:73:90:57:
                    18:c7:6f:35:67:ef:0c:ac:68:14:ac:e9:82:9d:fd:
                    24:d9:a7:96:76:4b:f0:c5:66:42:59:82:1e:09:90:
                    c3:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:2D:AD:CF:BE:6E:64:FC:EC:B3:4B:1F:C2:D8:E1:44:C0:80:A0:8C
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c926cb91-280b-4139-ac36-dd04dc8a77e3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:07:94:56:67:75:ed:90:b8:4d:c0:ec:47:46:12:a7:3f:c9:
         66:83:28:00:dc:d2:8e:4f:75:45:03:79:88:9d:c3:2b:c6:d5:
         c7:8b:70:41:83:dd:cd:91:73:4c:06:59:91:14:8f:56:d9:fd:
         20:56:7f:a1:42:e4:b0:c5:2d:0b:e8:96:e5:ba:ad:e7:bd:34:
         bd:5d:01:9b:82:07:2b:16:17:c7:4c:e2:5e:bb:37:ca:c6:79:
         6e:65:5e:27:64:16:86:85:ad:5d:45:ed:a0:7c:4c:2c:ed:7b:
         5e:d8:d6:ef:a1:bd:82:00:65:99:fc:0c:df:0d:dd:f6:b0:59:
         73:b8:64:f4:b1:b9:56:ba:8c:aa:27:f2:02:50:c6:77:a1:73:
         43:0f:73:14:be:09:7b:c3:5a:08:95:e5:f6:3b:db:79:53:38:
         9a:cd:b2:6c:3c:4d:e3:4d:b8:b9:fa:5b:14:d6:c4:a6:66:a7:
         ea:2b:77:db:42:a2:3d:9d:18:16:e2:43:aa:c5:64:75:61:cb:
         fa:54:28:68:10:69:14:69:e2:88:4f:49:a4:43:8c:09:b9:d8:
         29:33:09:49:4a:41:71:5b:46:a5:95:e5:2a:57:85:9a:05:8b:
         fb:71:71:79:e8:f1:9d:2e:57:19:87:39:fe:2e:cd:57:5b:c9:
         d7:2b:5a:8b
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUJx61hQn2ryewcZOGEa2SlfgqjYIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzEzMDAwMDAwWhcNMjMwMzE2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZThiOTA1MjA5ZjA3NDk0Yzg5Y2YzZDQ0N2FiNjMzZWQ4
Y2VkMjJlYWFiMWI2MzM1MjEzNTE2YTkzNGZkZjk0ZjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMAalG83TeD/dOlw63wDDzp7tNlYs1yjk/jIdHMRiIy4wftjByJx
30Gclx7yNKuAPdCyg/hnOg2js+C4MDP81QAFzDxQdP9xgyhcRCJ96GGy8vmVVDBo
SFAywRNQiQjQWwP9AfIydN2tetcBlkYb1RQkpcLneT5gbq+GgXYuZ0nQeUE1ebM5
HYsYSCDAhVZVb5icK3+s28oC0k+5Q+Anb37ZYOBMKOiurH/jV72QhnOEiUf49rRK
rz9Xf37b8P1zjNuEp0MEcwHF8IH/YfFnYH4rDFIlQVZ9RdhS3ZuBc5BXGMdvNWfv
DKxoFKzpgp39JNmnlnZL8MVmQlmCHgmQwwkCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTELa3Pvm5k/OyzSx/C2OFEwICgjDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYzkyNmNiOTEtMjgwYi00MTM5LWFjMzYtZGQwNGRjOGE3N2UzLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHsHlFZnde2QuE3A
7EdGEqc/yWaDKADc0o5PdUUDeYidwyvG1ceLcEGD3c2Rc0wGWZEUj1bZ/SBWf6FC
5LDFLQvoluW6ree9NL1dAZuCBysWF8dM4l67N8rGeW5lXidkFoaFrV1F7aB8TCzt
e17Y1u+hvYIAZZn8DN8N3fawWXO4ZPSxuVa6jKon8gJQxnehc0MPcxS+CXvDWgiV
5fY723lTOJrNsmw8TeNNuLn6WxTWxKZmp+ord9tCoj2dGBbiQ6rFZHVhy/pUKGgQ
aRRp4ohPSaRDjAm52CkzCUlKQXFbRqWV5SpXhZoFi/txcXno8Z0uVxmHOf4uzVdb
ydcrWos=
-----END CERTIFICATE-----