Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d2a79b40-1bb7-4ab8-a636-d6110e7f3d71.roa
File:                     d2a79b40-1bb7-4ab8-a636-d6110e7f3d71.roa (raw, json)
Hash identifier:          9y1GmSw0uwD/NoDH2uOOJ+PuW5r2fttvO0nxOkByVQ4=
Subject key identifier:   1F:DB:C6:F9:E6:25:7A:01:D3:26:13:EE:05:F9:02:62:FB:A0:C4:C0
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       6D0668431F715385C117D45D1820F013A9CACB0D
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d2a79b40-1bb7-4ab8-a636-d6110e7f3d71.roa
Signing time:             Sun 12 Feb 2023 00:00:00 +0000
ROA not before:           Sun 12 Feb 2023 00:00:00 +0000
ROA not after:            Wed 15 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:06:68:43:1f:71:53:85:c1:17:d4:5d:18:20:f0:13:a9:ca:cb:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 12 00:00:00 2023 GMT
            Not After : Feb 15 23:59:59 2023 GMT
        Subject: serialNumber=f1758e8c85cd604fb5017fe3e035614b1a504f33f00bc2890746aca878cf9a14, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:25:2c:55:4b:9b:bf:e8:b6:f3:c9:38:f1:25:
                    e2:90:9d:f5:ab:90:64:6b:f8:68:ec:fb:cb:23:9c:
                    b0:c6:f8:ac:9a:94:c3:55:e5:a2:6d:33:c5:50:d0:
                    f6:d0:39:e2:ca:35:23:09:b7:9f:57:59:34:cc:32:
                    b3:98:74:97:04:2e:6f:0f:d1:8e:2d:b6:03:11:ff:
                    4e:1a:cf:08:fc:e7:63:67:fa:0c:b7:34:54:6d:5b:
                    38:aa:31:9c:95:1f:83:cc:6c:2b:8b:0c:af:dc:5b:
                    12:20:22:38:d4:f7:ea:9a:5f:83:a7:9b:2b:39:c8:
                    88:37:bf:46:35:d4:b1:22:c4:4b:93:f0:2a:f0:b2:
                    e4:c1:1f:ee:63:e6:b0:7c:91:00:1c:4f:e2:96:34:
                    6f:7e:5a:05:62:09:d6:77:6a:86:ea:7d:57:e9:cd:
                    1b:89:c5:f3:01:f7:5f:00:cc:08:e6:25:3f:27:c1:
                    02:40:6f:33:bd:7e:26:03:6f:6a:21:4f:09:5c:85:
                    64:4d:f5:00:10:cc:4a:1e:6b:42:2f:e6:af:5a:05:
                    b9:c1:49:fc:ed:9c:45:2b:02:89:3c:50:b6:ef:95:
                    ab:44:b1:f0:94:42:bb:8a:a4:09:95:3c:d2:01:8e:
                    ef:6e:db:23:e9:a2:36:de:52:e9:6b:93:fc:9a:e2:
                    09:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:DB:C6:F9:E6:25:7A:01:D3:26:13:EE:05:F9:02:62:FB:A0:C4:C0
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d2a79b40-1bb7-4ab8-a636-d6110e7f3d71.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:4d:bd:7d:0a:9b:83:81:dd:ff:92:cd:26:aa:a4:21:fb:0e:
         c3:bb:b1:a5:76:0e:eb:af:1a:39:82:d9:6b:f3:41:35:9f:68:
         22:e0:71:31:e4:06:0f:ef:f5:f6:1b:c9:fb:38:cb:5f:88:db:
         62:c9:40:87:9b:93:0a:41:3d:39:b7:9d:2c:83:d8:76:77:c2:
         7f:25:b3:25:29:e7:c0:fe:6a:77:73:05:6f:fb:93:1a:34:c8:
         6f:e7:e9:8d:c3:c5:b4:6e:a5:5b:59:91:6e:f9:e0:e7:bc:3f:
         86:f9:a2:1f:0f:18:e0:0f:10:79:4e:b7:be:d2:27:07:92:21:
         83:24:c2:c8:58:03:8f:01:e2:a2:a8:5b:c8:36:2b:54:2d:3c:
         62:9a:d8:0e:ea:65:0b:14:f3:ca:95:94:51:57:28:8e:7d:1c:
         05:89:48:98:15:45:48:8c:9a:44:b6:84:52:fa:8b:64:b9:67:
         e9:e2:fa:53:ff:9a:20:57:c7:25:0d:c5:0b:39:da:29:2f:ac:
         4e:bb:e8:6e:5a:92:70:0a:e4:61:05:dd:55:40:87:0d:f2:06:
         5d:b0:82:25:ef:b9:86:b3:d2:34:ec:a4:18:fe:dd:4f:b5:e4:
         5b:bb:f8:0b:67:d5:e7:1c:e9:85:16:3b:a6:8b:74:da:eb:c2:
         bb:81:b5:98
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUbQZoQx9xU4XBF9RdGCDwE6nKyw0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjEyMDAwMDAwWhcNMjMwMjE1MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZjE3NThlOGM4NWNkNjA0ZmI1MDE3ZmUzZTAzNTYxNGIx
YTUwNGYzM2YwMGJjMjg5MDc0NmFjYTg3OGNmOWExNDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAL8lLFVLm7/otvPJOPEl4pCd9auQZGv4aOz7yyOcsMb4rJqUw1Xl
om0zxVDQ9tA54so1Iwm3n1dZNMwys5h0lwQubw/Rji22AxH/ThrPCPznY2f6DLc0
VG1bOKoxnJUfg8xsK4sMr9xbEiAiONT36ppfg6ebKznIiDe/RjXUsSLES5PwKvCy
5MEf7mPmsHyRABxP4pY0b35aBWIJ1ndqhup9V+nNG4nF8wH3XwDMCOYlPyfBAkBv
M71+JgNvaiFPCVyFZE31ABDMSh5rQi/mr1oFucFJ/O2cRSsCiTxQtu+Vq0Sx8JRC
u4qkCZU80gGO727bI+miNt5S6WuT/JriCbUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQf28b55iV6AdMmE+4F+QJi+6DEwDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZDJhNzliNDAtMWJiNy00YWI4LWE2MzYtZDYxMTBlN2YzZDcxLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHRNvX0Km4OB3f+S
zSaqpCH7DsO7saV2DuuvGjmC2WvzQTWfaCLgcTHkBg/v9fYbyfs4y1+I22LJQIeb
kwpBPTm3nSyD2HZ3wn8lsyUp58D+andzBW/7kxo0yG/n6Y3DxbRupVtZkW754Oe8
P4b5oh8PGOAPEHlOt77SJweSIYMkwshYA48B4qKoW8g2K1QtPGKa2A7qZQsU88qV
lFFXKI59HAWJSJgVRUiMmkS2hFL6i2S5Z+ni+lP/miBXxyUNxQs52ikvrE676G5a
knAK5GEF3VVAhw3yBl2wgiXvuYaz0jTspBj+3U+15Fu7+Atn1ecc6YUWO6aLdNrr
wruBtZg=
-----END CERTIFICATE-----