Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/ce43a012-3205-4df5-a575-18a38a6e03d6.roa
File:                     ce43a012-3205-4df5-a575-18a38a6e03d6.roa (raw, json)
Hash identifier:          6OOnoUlYyfyTkmqNZSdWbzplExuzUW1ySFb1CLxn39A=
Subject key identifier:   3C:1C:F7:C3:A6:E0:57:C9:7D:5F:01:32:5A:45:11:9E:52:F7:00:B5
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       162DF84A13435F30D147BC7FA77F0F406DE1F63B
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/ce43a012-3205-4df5-a575-18a38a6e03d6.roa
Signing time:             Mon 10 Apr 2023 00:00:00 +0000
ROA not before:           Mon 10 Apr 2023 00:00:00 +0000
ROA not after:            Thu 13 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:2d:f8:4a:13:43:5f:30:d1:47:bc:7f:a7:7f:0f:40:6d:e1:f6:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 10 00:00:00 2023 GMT
            Not After : Apr 13 23:59:59 2023 GMT
        Subject: serialNumber=c15a1966ca617c4c258291dc9a2d881ce0bf15b76b2f3fe3a3c38b85c8fe9858, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:2d:33:84:76:d8:02:90:51:c8:9e:c0:37:ed:
                    14:c6:b4:17:c7:1c:16:06:e5:06:42:ff:67:e7:a6:
                    14:11:f5:e6:8a:7c:bc:2f:d6:19:27:f2:eb:3d:f2:
                    8e:ba:6a:06:26:2e:73:41:b1:08:54:3a:3e:d8:44:
                    2f:a5:14:41:17:90:e6:c8:12:16:3d:7b:c0:fb:67:
                    9b:21:e5:32:00:55:b6:58:82:b4:58:17:1b:fa:44:
                    8a:73:77:0c:99:9e:0d:b0:e2:eb:fc:60:76:3f:54:
                    5d:45:ff:04:69:85:44:2d:4c:f3:e2:48:1d:fa:97:
                    f9:02:85:da:d4:74:7f:35:92:41:d0:cd:05:6e:83:
                    b9:29:7e:cf:4a:7e:b3:86:e4:35:ee:9f:64:e2:25:
                    d7:71:12:05:0c:9a:de:2c:d3:1b:43:23:c6:bb:30:
                    ef:47:74:f7:f0:5a:ef:98:30:63:56:3d:b7:4a:33:
                    c0:a6:06:75:82:98:21:c5:20:b8:93:13:88:8d:78:
                    69:57:a9:11:d5:24:0b:4b:03:16:f8:03:e3:4b:c1:
                    b9:f6:e9:a2:f2:e1:2b:cd:c2:4a:19:5a:c7:a1:2d:
                    41:dc:11:c7:e2:88:38:4c:17:6d:8b:92:fe:06:ea:
                    d5:b2:7f:1a:9a:c1:9a:b5:7d:ce:2c:ff:14:46:43:
                    5e:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:1C:F7:C3:A6:E0:57:C9:7D:5F:01:32:5A:45:11:9E:52:F7:00:B5
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/ce43a012-3205-4df5-a575-18a38a6e03d6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:47:14:7e:89:91:74:05:78:de:7c:09:59:0a:bb:1e:8f:25:
         30:f6:aa:34:7e:54:27:93:2e:ff:c2:c4:4e:91:2c:2d:64:2d:
         f7:84:84:89:ff:a8:ed:38:42:fd:af:15:55:93:d7:50:a8:e8:
         f5:7b:0e:98:69:ed:ce:8f:5e:39:a1:b3:8a:a6:28:91:95:01:
         38:63:ac:e8:ab:ec:25:38:f5:20:34:ac:38:e9:1f:a8:06:75:
         a3:c7:2b:73:90:86:6d:d7:09:de:0a:0f:4d:b2:c7:ae:21:f1:
         18:d3:82:c8:9e:3a:e8:d0:f9:34:d6:49:fe:27:be:83:6d:8e:
         54:2c:69:e0:e1:81:99:ae:9c:de:60:98:90:2b:01:db:3c:8d:
         5b:68:eb:1e:fa:13:dd:5f:41:db:fa:95:88:02:04:23:20:86:
         64:f8:1b:69:cc:1d:5e:53:1c:18:f9:0d:25:34:c1:5d:fc:81:
         68:51:e7:88:9b:3b:bc:28:fb:ee:3f:af:62:96:13:74:02:21:
         b9:79:5e:f4:08:08:51:47:2f:9d:2f:0b:cf:e3:2b:a6:1c:4a:
         79:91:76:8d:35:9a:b9:bc:bc:4f:cf:b7:01:fe:fc:54:cc:d8:
         04:5d:be:4b:c4:d9:75:38:38:4e:9e:7c:7c:d4:f9:42:10:56:
         91:34:c6:46
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUFi34ShNDXzDRR7x/p38PQG3h9jswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDEwMDAwMDAwWhcNMjMwNDEzMjM1OTU5
WjCBpTFJMEcGA1UEBRNAYzE1YTE5NjZjYTYxN2M0YzI1ODI5MWRjOWEyZDg4MWNl
MGJmMTViNzZiMmYzZmUzYTNjMzhiODVjOGZlOTg1ODEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANQtM4R22AKQUciewDftFMa0F8ccFgblBkL/Z+emFBH15op8vC/W
GSfy6z3yjrpqBiYuc0GxCFQ6PthEL6UUQReQ5sgSFj17wPtnmyHlMgBVtliCtFgX
G/pEinN3DJmeDbDi6/xgdj9UXUX/BGmFRC1M8+JIHfqX+QKF2tR0fzWSQdDNBW6D
uSl+z0p+s4bkNe6fZOIl13ESBQya3izTG0Mjxrsw70d09/Ba75gwY1Y9t0ozwKYG
dYKYIcUguJMTiI14aVepEdUkC0sDFvgD40vBufbpovLhK83CShlax6EtQdwRx+KI
OEwXbYuS/gbq1bJ/GprBmrV9ziz/FEZDXrcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQ8HPfDpuBXyX1fATJaRRGeUvcAtTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvY2U0M2EwMTItMzIwNS00ZGY1LWE1NzUtMThhMzhhNmUwM2Q2LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALtHFH6JkXQFeN58
CVkKux6PJTD2qjR+VCeTLv/CxE6RLC1kLfeEhIn/qO04Qv2vFVWT11Co6PV7Dphp
7c6PXjmhs4qmKJGVAThjrOir7CU49SA0rDjpH6gGdaPHK3OQhm3XCd4KD02yx64h
8RjTgsieOujQ+TTWSf4nvoNtjlQsaeDhgZmunN5gmJArAds8jVto6x76E91fQdv6
lYgCBCMghmT4G2nMHV5THBj5DSU0wV38gWhR54ibO7wo++4/r2KWE3QCIbl5XvQI
CFFHL50vC8/jK6YcSnmRdo01mrm8vE/PtwH+/FTM2ARdvkvE2XU4OE6efHzU+UIQ
VpE0xkY=
-----END CERTIFICATE-----