Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/ce694745-acd3-45e0-b694-ff99c3c577ca.roa
File:                     ce694745-acd3-45e0-b694-ff99c3c577ca.roa (raw, json)
Hash identifier:          HmBUqfrwnGPIK19peSbf/GYlC8jT8Gn6qm7jwjD99Ic=
Subject key identifier:   66:C5:14:95:30:6D:63:23:16:B3:64:42:DC:FB:C7:A3:8F:C2:E0:8C
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       3988E64DF3D222D084654C9EEEC90E8A3A562EDE
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/ce694745-acd3-45e0-b694-ff99c3c577ca.roa
Signing time:             Sun 12 Mar 2023 00:00:00 +0000
ROA not before:           Sun 12 Mar 2023 00:00:00 +0000
ROA not after:            Wed 15 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:88:e6:4d:f3:d2:22:d0:84:65:4c:9e:ee:c9:0e:8a:3a:56:2e:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 12 00:00:00 2023 GMT
            Not After : Mar 15 23:59:59 2023 GMT
        Subject: serialNumber=f6da81e092b87ffd08836428ecc76449980bf8d7a91c81aca1b603c321c9d442, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:cf:9f:94:93:b6:59:b0:6b:6a:80:a0:3c:51:
                    36:c3:a7:12:b6:d9:02:d3:8f:29:c2:61:4c:df:41:
                    01:12:79:f2:f8:a6:f5:fc:1e:52:eb:4b:7d:39:2f:
                    f7:89:f9:00:23:88:ff:6c:4f:6f:c3:99:9f:c2:3b:
                    78:d4:91:21:d9:2a:f1:fd:16:62:06:59:e6:45:ec:
                    ab:b1:0c:b4:54:f3:9d:f0:b2:43:e4:6f:9b:29:8c:
                    44:46:b8:27:11:00:e4:4b:aa:ac:5b:58:62:f5:96:
                    ec:84:47:a7:fe:6b:65:6c:b8:84:97:ed:1a:13:16:
                    16:30:e1:8a:a0:17:16:b2:57:6c:1f:00:6f:7b:a5:
                    c3:52:78:5c:0e:3d:75:6d:79:9d:e5:a8:2e:0b:8b:
                    59:14:3f:1d:56:7b:e7:69:39:c5:d6:38:bf:8c:78:
                    10:52:94:b4:ac:e5:88:d8:b5:43:42:3d:bd:b3:b4:
                    91:b2:57:f8:fb:b7:63:d0:8c:ed:4f:f3:94:2f:9f:
                    7e:9c:d9:48:c7:79:04:c5:e8:74:11:42:5c:56:46:
                    50:e7:e9:64:98:9e:44:a6:14:bd:9b:24:fc:c1:4d:
                    7e:07:d5:b9:5d:28:75:a9:70:af:de:3f:f4:97:02:
                    8b:45:cc:8c:80:24:e5:a9:09:a3:49:b7:46:6c:92:
                    d6:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:C5:14:95:30:6D:63:23:16:B3:64:42:DC:FB:C7:A3:8F:C2:E0:8C
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/ce694745-acd3-45e0-b694-ff99c3c577ca.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:c8:b9:08:d7:dd:8e:af:d7:a1:f8:f9:62:4b:69:b4:1c:e8:
         77:70:5a:5d:47:5d:02:0d:8f:c7:cc:47:c0:b1:90:75:85:e9:
         ae:94:e0:d5:1d:62:9d:34:39:fc:19:ff:e5:70:c5:8c:5a:a9:
         1d:66:dc:d5:43:c8:3f:49:f1:43:20:ef:f8:1f:c7:41:ea:b6:
         9e:d0:b3:13:25:7c:4d:64:26:bf:5a:18:f6:90:c3:3a:d9:bc:
         70:b0:7e:8b:85:63:de:0f:53:12:e6:e8:3a:f3:a8:0a:3f:9f:
         fc:a7:1c:83:3d:cf:37:a5:fe:cf:7c:a3:70:09:0b:d9:d3:4a:
         8b:e2:7c:d4:04:82:49:2b:bc:2a:be:fa:c0:11:85:ec:6f:20:
         f0:b4:56:58:2c:7f:89:2a:d1:9c:0a:ca:d4:c7:b1:2d:53:29:
         26:de:a9:b1:2c:94:dd:a7:d9:b6:6c:1c:2a:e0:1b:81:95:40:
         1c:28:58:20:27:b6:bf:47:6e:72:9b:f5:cd:51:b2:d0:6c:23:
         a3:78:82:c4:02:e2:59:84:47:ef:af:5e:d7:03:ff:d5:00:c1:
         cd:aa:67:a2:78:86:f7:c3:3c:57:2d:35:d9:06:53:95:d0:7d:
         39:d8:0c:f5:b3:f5:71:9f:bc:a4:3e:ef:b2:f2:cc:e7:f8:4b:
         91:2c:02:63
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUOYjmTfPSItCEZUye7skOijpWLt4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzEyMDAwMDAwWhcNMjMwMzE1MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZjZkYTgxZTA5MmI4N2ZmZDA4ODM2NDI4ZWNjNzY0NDk5
ODBiZjhkN2E5MWM4MWFjYTFiNjAzYzMyMWM5ZDQ0MjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMnPn5STtlmwa2qAoDxRNsOnErbZAtOPKcJhTN9BARJ58vim9fwe
UutLfTkv94n5ACOI/2xPb8OZn8I7eNSRIdkq8f0WYgZZ5kXsq7EMtFTznfCyQ+Rv
mymMREa4JxEA5EuqrFtYYvWW7IRHp/5rZWy4hJftGhMWFjDhiqAXFrJXbB8Ab3ul
w1J4XA49dW15neWoLguLWRQ/HVZ752k5xdY4v4x4EFKUtKzliNi1Q0I9vbO0kbJX
+Pu3Y9CM7U/zlC+ffpzZSMd5BMXodBFCXFZGUOfpZJieRKYUvZsk/MFNfgfVuV0o
dalwr94/9JcCi0XMjIAk5akJo0m3RmyS1vUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRmxRSVMG1jIxazZELc+8ejj8LgjDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvY2U2OTQ3NDUtYWNkMy00NWUwLWI2OTQtZmY5OWMzYzU3N2NhLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALzIuQjX3Y6v16H4
+WJLabQc6HdwWl1HXQINj8fMR8CxkHWF6a6U4NUdYp00OfwZ/+VwxYxaqR1m3NVD
yD9J8UMg7/gfx0Hqtp7QsxMlfE1kJr9aGPaQwzrZvHCwfouFY94PUxLm6DrzqAo/
n/ynHIM9zzel/s98o3AJC9nTSovifNQEgkkrvCq++sARhexvIPC0Vlgsf4kq0ZwK
ytTHsS1TKSbeqbEslN2n2bZsHCrgG4GVQBwoWCAntr9HbnKb9c1RstBsI6N4gsQC
4lmER++vXtcD/9UAwc2qZ6J4hvfDPFctNdkGU5XQfTnYDPWz9XGfvKQ+77LyzOf4
S5EsAmM=
-----END CERTIFICATE-----