Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cbb879d0-cdf5-4171-a2f9-6d1eb4753619.roa
File:                     cbb879d0-cdf5-4171-a2f9-6d1eb4753619.roa (raw, json)
Hash identifier:          4bUOBMsQ10TnIVRnsCov5CoBdua2f/NDcOWNIz+532M=
Subject key identifier:   13:61:65:09:90:04:B2:04:9A:F1:A8:E8:84:92:FA:10:53:CC:5E:37
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       6F40AE8A3B6C9464978650D5056CBEB93A28D978
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cbb879d0-cdf5-4171-a2f9-6d1eb4753619.roa
Signing time:             Thu 06 Apr 2023 00:00:00 +0000
ROA not before:           Thu 06 Apr 2023 00:00:00 +0000
ROA not after:            Sun 09 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:40:ae:8a:3b:6c:94:64:97:86:50:d5:05:6c:be:b9:3a:28:d9:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr  6 00:00:00 2023 GMT
            Not After : Apr  9 23:59:59 2023 GMT
        Subject: serialNumber=4e18cb154d3db1dd38a68164e9de5e202c5830dcb389c6faad8b5e9c47e8325e, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:b3:43:20:3c:c2:94:a5:48:40:42:d9:e5:44:
                    45:13:74:b9:60:68:69:04:61:68:ce:8e:5e:a9:bd:
                    38:97:c0:89:14:e8:e0:2f:b4:16:34:a4:d7:85:d9:
                    14:49:ac:98:de:73:68:c2:a3:16:c5:a3:fe:04:74:
                    6f:f4:fa:90:69:b5:48:4a:6a:dd:70:b2:87:35:d9:
                    90:52:38:fa:de:38:89:d3:53:26:c6:f2:59:13:ff:
                    2f:99:b9:a0:ca:cd:cf:eb:72:88:84:ba:f9:82:ef:
                    f5:45:35:97:e3:31:73:da:66:9f:15:64:64:dc:b3:
                    aa:b9:90:2c:6b:d8:04:67:c3:be:fc:94:b8:ee:3a:
                    06:fe:ad:66:bb:6f:e1:a8:b1:ed:15:2a:e9:3b:12:
                    22:d5:c2:7f:af:80:29:38:b0:cb:18:6f:ab:41:78:
                    f5:75:9f:fb:ee:f5:cb:eb:75:b3:6a:a9:4c:c7:fa:
                    4f:97:01:4a:ca:06:47:90:18:71:b5:19:71:7d:0c:
                    b6:31:db:31:a1:61:f6:21:f1:c1:fd:6b:f8:f2:22:
                    8f:d5:66:05:2b:5e:7d:b7:6b:22:06:5f:22:d4:d3:
                    cb:99:84:7b:e1:c0:9e:3e:46:c1:60:00:a4:6b:72:
                    41:bf:5f:e4:18:4b:50:17:02:6c:7c:3e:90:80:56:
                    e8:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:61:65:09:90:04:B2:04:9A:F1:A8:E8:84:92:FA:10:53:CC:5E:37
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/cbb879d0-cdf5-4171-a2f9-6d1eb4753619.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:f2:e2:94:17:8f:b6:15:ff:b9:84:4c:33:06:64:04:fa:a8:
         35:85:a3:f9:17:66:4a:58:f9:49:37:fd:ac:4d:ca:72:8f:05:
         14:92:08:61:31:ab:a9:82:f0:f5:35:b9:aa:60:1b:ff:19:22:
         c6:ca:c2:24:50:69:0c:82:8c:eb:62:26:50:ea:99:e3:80:f3:
         aa:79:8f:dd:99:7e:da:15:36:e8:63:62:93:88:f0:10:b6:e6:
         1a:4d:e1:8a:af:62:69:50:f7:5e:99:54:8e:01:01:3a:6e:c1:
         8f:0f:c2:bf:4b:2d:d2:44:f2:02:d8:6a:c4:4a:5f:a5:48:6d:
         4a:8d:bd:13:90:a9:8a:ce:06:0f:66:e0:a9:6e:7b:7e:43:ed:
         57:86:d3:06:f3:4c:28:0d:1d:ae:9c:0f:86:57:d6:33:a1:49:
         4e:64:f3:4d:93:c2:30:df:17:ca:b1:00:01:18:51:32:2e:d8:
         ff:32:3d:0f:75:9b:e1:cc:d8:47:c8:b2:01:d5:3e:dd:e9:26:
         60:7a:4b:22:a5:c1:49:b9:41:17:35:70:90:c2:0d:66:00:f9:
         d7:c5:7f:4d:31:85:6d:d7:ed:35:10:e4:be:0e:99:5b:78:96:
         9e:1d:d2:de:ab:22:25:e6:ae:d7:98:46:68:22:7a:bb:49:dd:
         10:b6:09:3c
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUb0CuijtslGSXhlDVBWy+uToo2XgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDA2MDAwMDAwWhcNMjMwNDA5MjM1OTU5
WjCBpTFJMEcGA1UEBRNANGUxOGNiMTU0ZDNkYjFkZDM4YTY4MTY0ZTlkZTVlMjAy
YzU4MzBkY2IzODljNmZhYWQ4YjVlOWM0N2U4MzI1ZTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALyzQyA8wpSlSEBC2eVERRN0uWBoaQRhaM6OXqm9OJfAiRTo4C+0
FjSk14XZFEmsmN5zaMKjFsWj/gR0b/T6kGm1SEpq3XCyhzXZkFI4+t44idNTJsby
WRP/L5m5oMrNz+tyiIS6+YLv9UU1l+Mxc9pmnxVkZNyzqrmQLGvYBGfDvvyUuO46
Bv6tZrtv4aix7RUq6TsSItXCf6+AKTiwyxhvq0F49XWf++71y+t1s2qpTMf6T5cB
SsoGR5AYcbUZcX0MtjHbMaFh9iHxwf1r+PIij9VmBStefbdrIgZfItTTy5mEe+HA
nj5GwWAApGtyQb9f5BhLUBcCbHw+kIBW6AECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQTYWUJkASyBJrxqOiEkvoQU8xeNzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvY2JiODc5ZDAtY2RmNS00MTcxLWEyZjktNmQxZWI0NzUzNjE5LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALny4pQXj7YV/7mE
TDMGZAT6qDWFo/kXZkpY+Uk3/axNynKPBRSSCGExq6mC8PU1uapgG/8ZIsbKwiRQ
aQyCjOtiJlDqmeOA86p5j92ZftoVNuhjYpOI8BC25hpN4YqvYmlQ916ZVI4BATpu
wY8Pwr9LLdJE8gLYasRKX6VIbUqNvROQqYrOBg9m4Klue35D7VeG0wbzTCgNHa6c
D4ZX1jOhSU5k802TwjDfF8qxAAEYUTIu2P8yPQ91m+HM2EfIsgHVPt3pJmB6SyKl
wUm5QRc1cJDCDWYA+dfFf00xhW3X7TUQ5L4OmVt4lp4d0t6rIiXmrteYRmgiertJ
3RC2CTw=
-----END CERTIFICATE-----