Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c9628ab6-8913-4504-96c2-85eeeaff28cb.roa
File:                     c9628ab6-8913-4504-96c2-85eeeaff28cb.roa (raw, json)
Hash identifier:          J6Flc9EpKGYDAioVJX2SPSw7yKSDWccR5xbu2cwFiws=
Subject key identifier:   8A:A6:BD:64:B0:20:D7:83:48:45:57:65:05:61:07:A7:36:5C:E3:D1
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       61982CD404BD9C1EA601A60E8C61F9D622703F20
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c9628ab6-8913-4504-96c2-85eeeaff28cb.roa
Signing time:             Sun 26 Feb 2023 00:00:00 +0000
ROA not before:           Sun 26 Feb 2023 00:00:00 +0000
ROA not after:            Wed 01 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:98:2c:d4:04:bd:9c:1e:a6:01:a6:0e:8c:61:f9:d6:22:70:3f:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 26 00:00:00 2023 GMT
            Not After : Mar  1 23:59:59 2023 GMT
        Subject: serialNumber=e4f0b3215f503538ab2b9215006547d4ac1df6439e98ebd5e2b8483fd4fa16d5, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:63:2d:21:54:bc:ab:ee:f6:4e:d3:a5:00:48:
                    02:b9:27:e4:aa:ad:b1:75:53:7e:c4:82:bc:4a:a0:
                    12:c1:45:5b:6a:92:3e:36:a0:93:b3:3c:10:76:b4:
                    54:e9:a9:08:cf:21:43:2e:6f:b0:ed:8c:72:86:a7:
                    67:d6:33:2c:08:ae:f7:dd:42:6f:78:56:88:87:d6:
                    e7:4c:d3:be:84:57:df:82:44:c0:1a:8a:a9:34:b2:
                    9e:7e:38:b0:d0:92:3a:b6:e4:ff:e4:8e:5a:9c:6d:
                    c2:1b:c9:14:06:a6:cf:71:ac:3b:67:fb:45:99:f5:
                    ae:d7:1a:b0:7a:55:3a:31:32:ad:3f:97:2e:a9:c9:
                    a1:e9:28:ad:83:1c:fd:02:d6:9a:a3:c8:56:59:f9:
                    84:cb:db:4f:23:73:e3:90:7c:cb:fc:bd:ab:9f:1e:
                    f1:b2:5a:eb:91:0d:ea:c1:e3:6e:dd:f2:70:db:a6:
                    01:39:1a:a7:37:f7:1c:21:d0:78:dc:38:40:06:1f:
                    ad:5d:63:95:f0:f7:d7:f6:02:9f:11:06:d9:5b:9a:
                    57:7b:b0:5a:5f:74:c1:e1:73:bc:22:2f:80:fd:67:
                    c4:de:1d:e3:fe:6a:cc:41:9b:9e:05:29:2e:23:3d:
                    c6:58:16:24:f4:02:87:42:cf:61:d1:be:11:c1:4d:
                    b8:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:A6:BD:64:B0:20:D7:83:48:45:57:65:05:61:07:A7:36:5C:E3:D1
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c9628ab6-8913-4504-96c2-85eeeaff28cb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:05:97:ac:36:db:80:e4:7d:3b:0c:65:8a:66:a5:cc:13:f7:
         d8:08:b2:14:a8:4d:4c:a9:2c:c9:6c:2c:ad:d2:fd:ac:c1:44:
         ae:0a:38:0d:03:c4:8a:3f:1b:78:bf:c9:50:77:fd:8b:e8:d4:
         87:a6:06:17:92:6e:38:ca:89:16:af:a1:11:e9:d4:5a:35:51:
         e7:0f:f1:4c:50:96:f7:f5:0a:8f:ef:e6:8b:c9:47:c8:b4:61:
         45:86:6f:5d:04:4c:32:7f:b5:c6:b8:e6:55:84:27:e9:68:0b:
         8f:a4:75:56:32:d5:12:24:d8:fd:d7:1d:6c:a0:9d:78:d5:60:
         78:b1:84:d3:e1:2c:4f:fb:48:b0:48:a8:f3:08:93:c4:ae:11:
         67:dd:40:a3:ab:f6:44:28:5d:8f:a2:25:0f:c4:de:e2:3a:11:
         a7:8d:75:61:28:dd:f0:18:f0:47:f0:7d:01:ba:96:21:e9:46:
         a6:f7:dc:f5:1d:ef:f5:c7:a4:05:45:1c:8e:f2:bf:1f:d4:6f:
         6e:48:df:91:03:d2:77:a7:ba:c4:34:f7:0b:98:cc:d8:99:cb:
         cb:0d:86:be:15:11:16:29:19:da:cb:1d:65:01:bc:08:1b:62:
         12:64:fd:64:b0:fc:02:69:a7:ef:8e:b0:a7:1d:c2:f7:8f:34:
         32:43:51:fc
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUYZgs1AS9nB6mAaYOjGH51iJwPyAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjI2MDAwMDAwWhcNMjMwMzAxMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZTRmMGIzMjE1ZjUwMzUzOGFiMmI5MjE1MDA2NTQ3ZDRh
YzFkZjY0MzllOThlYmQ1ZTJiODQ4M2ZkNGZhMTZkNTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAI1jLSFUvKvu9k7TpQBIArkn5KqtsXVTfsSCvEqgEsFFW2qSPjag
k7M8EHa0VOmpCM8hQy5vsO2McoanZ9YzLAiu991Cb3hWiIfW50zTvoRX34JEwBqK
qTSynn44sNCSOrbk/+SOWpxtwhvJFAamz3GsO2f7RZn1rtcasHpVOjEyrT+XLqnJ
oekorYMc/QLWmqPIVln5hMvbTyNz45B8y/y9q58e8bJa65EN6sHjbt3ycNumATka
pzf3HCHQeNw4QAYfrV1jlfD31/YCnxEG2VuaV3uwWl90weFzvCIvgP1nxN4d4/5q
zEGbngUpLiM9xlgWJPQCh0LPYdG+EcFNuMMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSKpr1ksCDXg0hFV2UFYQenNlzj0TAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYzk2MjhhYjYtODkxMy00NTA0LTk2YzItODVlZWVhZmYyOGNiLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAMFl6w224DkfTsM
ZYpmpcwT99gIshSoTUypLMlsLK3S/azBRK4KOA0DxIo/G3i/yVB3/Yvo1IemBheS
bjjKiRavoRHp1Fo1UecP8UxQlvf1Co/v5ovJR8i0YUWGb10ETDJ/tca45lWEJ+lo
C4+kdVYy1RIk2P3XHWygnXjVYHixhNPhLE/7SLBIqPMIk8SuEWfdQKOr9kQoXY+i
JQ/E3uI6EaeNdWEo3fAY8EfwfQG6liHpRqb33PUd7/XHpAVFHI7yvx/Ub25I35ED
0nenusQ09wuYzNiZy8sNhr4VERYpGdrLHWUBvAgbYhJk/WSw/AJpp++OsKcdwveP
NDJDUfw=
-----END CERTIFICATE-----