Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c9bfb742-c277-4c57-b346-16f85a1e4fb5.roa
File:                     c9bfb742-c277-4c57-b346-16f85a1e4fb5.roa (raw, json)
Hash identifier:          K0MPNVpdZ5yTNaQOvqaSzEuK6+taijiPgg0CONF7IHE=
Subject key identifier:   89:1A:76:EF:52:48:B0:02:08:3F:9E:61:14:1B:AC:4D:37:25:51:7F
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       2904621EFFF1F3A74C79E37513DBA9CEB5E726AF
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c9bfb742-c277-4c57-b346-16f85a1e4fb5.roa
Signing time:             Thu 06 Apr 2023 00:00:00 +0000
ROA not before:           Thu 06 Apr 2023 00:00:00 +0000
ROA not after:            Sun 09 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:04:62:1e:ff:f1:f3:a7:4c:79:e3:75:13:db:a9:ce:b5:e7:26:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr  6 00:00:00 2023 GMT
            Not After : Apr  9 23:59:59 2023 GMT
        Subject: serialNumber=1220b0cea8a159735e67ef6e9009bf1a9a824a141b9313c56fc72975c87c5b72, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:35:7d:56:dc:e9:76:4b:9d:ed:b1:64:df:b4:
                    f5:29:2d:a5:a6:90:d1:5a:27:13:cb:6b:ae:b9:10:
                    48:1c:1e:1d:f2:b3:d8:49:ac:91:01:4a:e9:f7:e9:
                    d4:64:65:72:22:19:30:f5:92:2e:e3:9f:41:77:6f:
                    95:09:99:32:9a:43:b3:96:a7:65:ff:23:22:ef:f7:
                    56:3d:47:89:39:23:05:40:c0:5c:99:7b:d8:2f:66:
                    b9:f6:20:fc:d9:36:a8:13:df:6f:71:54:b7:91:ee:
                    e6:f9:4d:0d:55:1f:b2:3d:f0:bd:4c:50:88:a6:56:
                    be:d5:0c:1f:4e:79:75:60:70:66:f8:44:d4:8c:04:
                    d7:60:e2:e5:1a:16:e5:05:f8:b5:e2:b1:d4:e1:7c:
                    29:cd:2b:29:27:d4:2e:46:ac:20:3c:db:3e:9b:85:
                    e3:df:e0:fb:e7:07:67:93:2a:ca:8a:a6:81:40:6b:
                    ac:c8:8c:5d:58:2f:7d:05:46:b9:ab:f6:2d:a4:ae:
                    73:d7:54:ef:6a:cd:ee:6f:7c:11:94:b4:9a:04:b3:
                    82:b2:85:9f:81:d1:f6:d4:bc:73:78:16:73:83:f9:
                    47:d0:55:a8:89:d8:ed:ac:48:51:aa:54:da:17:5a:
                    50:d8:88:bf:43:b6:cb:ac:47:bc:80:3e:c9:dc:9e:
                    96:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:1A:76:EF:52:48:B0:02:08:3F:9E:61:14:1B:AC:4D:37:25:51:7F
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/c9bfb742-c277-4c57-b346-16f85a1e4fb5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:bd:33:45:7e:96:0b:d6:74:2e:68:0a:9f:56:ef:b1:f1:83:
         4e:6b:1c:03:f9:44:0a:c6:e9:6c:3a:0f:00:d8:31:08:90:c9:
         43:76:65:b9:17:80:99:90:3b:37:63:60:5a:2c:fb:91:e7:b8:
         e1:d1:b1:cb:01:18:66:20:29:06:e2:64:9d:82:b6:76:65:99:
         e2:60:0c:96:dc:d0:7e:80:94:d7:73:c9:83:e5:23:b1:d8:91:
         51:29:04:d9:43:78:92:bd:56:2b:8d:b7:57:4b:b8:f9:38:26:
         ea:40:f3:95:fa:e3:b6:0b:be:41:a4:fc:3a:55:d6:cf:e4:f9:
         49:76:b8:cd:14:96:9e:5e:d2:55:fe:88:8d:d1:3c:51:bd:fb:
         e8:86:d1:c4:d5:ff:7d:10:fc:eb:71:f9:0a:b8:b0:9b:0f:66:
         63:75:d7:3a:01:3e:d2:10:06:d9:e0:a5:10:57:6a:ca:62:ea:
         2a:6b:6c:38:48:a6:0c:5d:bf:00:9f:75:15:c3:81:85:6a:0d:
         bc:1f:aa:21:85:6f:28:e8:1a:58:4d:81:2a:a2:1f:71:a5:2c:
         0e:28:8e:50:45:ad:32:b8:f6:60:30:6e:92:b1:f7:ec:d8:b7:
         18:45:af:84:95:8e:4a:4c:06:c0:4d:8e:95:3f:b4:f9:ee:cc:
         a3:12:2a:5e
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUKQRiHv/x86dMeeN1E9upzrXnJq8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDA2MDAwMDAwWhcNMjMwNDA5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMTIyMGIwY2VhOGExNTk3MzVlNjdlZjZlOTAwOWJmMWE5
YTgyNGExNDFiOTMxM2M1NmZjNzI5NzVjODdjNWI3MjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANg1fVbc6XZLne2xZN+09SktpaaQ0VonE8trrrkQSBweHfKz2Ems
kQFK6ffp1GRlciIZMPWSLuOfQXdvlQmZMppDs5anZf8jIu/3Vj1HiTkjBUDAXJl7
2C9mufYg/Nk2qBPfb3FUt5Hu5vlNDVUfsj3wvUxQiKZWvtUMH055dWBwZvhE1IwE
12Di5RoW5QX4teKx1OF8Kc0rKSfULkasIDzbPpuF49/g++cHZ5MqyoqmgUBrrMiM
XVgvfQVGuav2LaSuc9dU72rN7m98EZS0mgSzgrKFn4HR9tS8c3gWc4P5R9BVqInY
7axIUapU2hdaUNiIv0O2y6xHvIA+ydyelhECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSJGnbvUkiwAgg/nmEUG6xNNyVRfzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvYzliZmI3NDItYzI3Ny00YzU3LWIzNDYtMTZmODVhMWU0ZmI1LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAD+9M0V+lgvWdC5o
Cp9W77Hxg05rHAP5RArG6Ww6DwDYMQiQyUN2ZbkXgJmQOzdjYFos+5HnuOHRscsB
GGYgKQbiZJ2CtnZlmeJgDJbc0H6AlNdzyYPlI7HYkVEpBNlDeJK9ViuNt1dLuPk4
JupA85X647YLvkGk/DpV1s/k+Ul2uM0Ulp5e0lX+iI3RPFG9++iG0cTV/30Q/Otx
+Qq4sJsPZmN11zoBPtIQBtngpRBXaspi6iprbDhIpgxdvwCfdRXDgYVqDbwfqiGF
byjoGlhNgSqiH3GlLA4ojlBFrTK49mAwbpKx9+zYtxhFr4SVjkpMBsBNjpU/tPnu
zKMSKl4=
-----END CERTIFICATE-----