Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d2d8dc0a-8dd1-4af4-824b-89becf855aaf.roa
File:                     d2d8dc0a-8dd1-4af4-824b-89becf855aaf.roa (raw, json)
Hash identifier:          Kj/CtM5SVRxTddIiKj6rRi1MKyLCbSSFZvHE237jLQ8=
Subject key identifier:   3A:E8:F9:90:AA:8C:C6:AE:B0:51:6C:F2:D9:95:CC:48:60:73:A6:DD
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       1841C4EE5DC0B38D25A47983B6C2BE17A5EDC339
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d2d8dc0a-8dd1-4af4-824b-89becf855aaf.roa
Signing time:             Fri 02 Jun 2023 00:00:00 +0000
ROA not before:           Fri 02 Jun 2023 00:00:00 +0000
ROA not after:            Mon 05 Jun 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:41:c4:ee:5d:c0:b3:8d:25:a4:79:83:b6:c2:be:17:a5:ed:c3:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jun  2 00:00:00 2023 GMT
            Not After : Jun  5 23:59:59 2023 GMT
        Subject: serialNumber=e20ea89c9cfc9c4e8ff0e48e3d38abcf4f5271a8a0a5f39e8f987ffb8061e3d9, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:75:40:ff:8b:80:1b:c8:28:f3:ac:30:92:01:
                    23:ef:a2:e2:70:c3:65:25:a2:92:a3:e3:55:9c:9c:
                    4a:97:8e:52:5c:42:5a:1b:e4:30:de:d5:c4:92:11:
                    e6:c1:66:d2:52:44:4e:6b:16:27:0b:45:3a:5c:14:
                    0c:85:b8:57:af:c5:b3:70:39:0a:f4:1c:69:5f:03:
                    df:ba:96:5b:9c:3b:7b:b9:c3:32:d2:62:ed:5e:b1:
                    01:ae:5d:14:55:5c:86:09:b3:c6:05:f3:4b:93:b4:
                    f0:97:c7:81:f4:5e:db:33:4e:16:92:85:c5:d4:23:
                    9e:1f:cd:20:f9:e1:9d:3e:34:c4:cc:05:ce:9a:39:
                    af:c1:ed:f2:a9:e3:48:b4:72:e9:f1:97:a9:56:8c:
                    64:79:26:7e:f4:51:67:ed:18:4b:51:b0:b9:01:9f:
                    a6:aa:88:7c:ed:7d:8b:98:ef:7f:c0:2b:5f:08:5b:
                    14:12:e1:79:39:ab:5a:aa:7f:80:70:25:99:4f:77:
                    6f:24:09:4f:df:38:8d:8e:35:fb:05:b7:79:b9:7e:
                    5c:99:8e:f9:52:52:71:ba:2f:4e:4b:72:b7:1c:23:
                    c5:38:26:18:fe:65:4d:9e:5d:44:2a:90:29:11:16:
                    33:c6:3e:2d:c7:b4:0c:25:31:f6:79:71:d5:36:52:
                    3a:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:E8:F9:90:AA:8C:C6:AE:B0:51:6C:F2:D9:95:CC:48:60:73:A6:DD
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d2d8dc0a-8dd1-4af4-824b-89becf855aaf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:2a:5a:ac:ae:4a:6c:da:c0:e7:88:c6:d3:13:bf:dd:f0:f9:
         90:f6:cc:45:da:15:ce:15:e0:47:5b:16:1a:38:45:79:b1:7e:
         a9:04:eb:15:6e:3e:27:fa:6e:29:5d:3d:01:8a:fd:8b:72:1d:
         72:d1:ad:ad:f9:74:09:d0:fe:28:39:71:2f:3d:18:a1:44:88:
         e5:8a:55:2b:df:ef:08:9c:41:d6:0d:d9:1f:b3:f7:ca:95:d0:
         e7:e7:c1:38:ac:c6:1d:c0:28:e9:51:c0:62:ae:50:df:a8:a4:
         6c:bb:4d:1f:e8:3f:c6:68:18:08:70:38:e1:cd:97:f3:96:f6:
         bf:9a:61:5d:4e:9c:32:d2:13:fc:bc:96:f6:3d:c7:9f:ac:a9:
         9b:20:3f:7a:24:dd:34:ed:a8:82:cb:4f:9e:3d:d7:5a:43:a3:
         7c:6c:82:c9:32:28:9d:72:a6:24:49:be:12:4d:b1:dd:7c:63:
         1f:b1:3c:dd:f0:45:a7:a4:68:14:d6:61:3c:7b:83:9b:f4:ea:
         71:bd:8e:30:ab:d5:b0:cf:f4:73:73:c3:9b:57:71:40:29:97:
         11:99:29:cc:46:2e:3c:96:f4:84:e9:57:49:d5:02:26:30:f2:
         0b:79:2c:7f:0a:81:49:6c:b4:70:57:16:45:76:a4:df:0d:fc:
         4f:19:f8:ee
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUGEHE7l3As40lpHmDtsK+F6XtwzkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNjAyMDAwMDAwWhcNMjMwNjA1MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZTIwZWE4OWM5Y2ZjOWM0ZThmZjBlNDhlM2QzOGFiY2Y0
ZjUyNzFhOGEwYTVmMzllOGY5ODdmZmI4MDYxZTNkOTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAL51QP+LgBvIKPOsMJIBI++i4nDDZSWikqPjVZycSpeOUlxCWhvk
MN7VxJIR5sFm0lJETmsWJwtFOlwUDIW4V6/Fs3A5CvQcaV8D37qWW5w7e7nDMtJi
7V6xAa5dFFVchgmzxgXzS5O08JfHgfRe2zNOFpKFxdQjnh/NIPnhnT40xMwFzpo5
r8Ht8qnjSLRy6fGXqVaMZHkmfvRRZ+0YS1GwuQGfpqqIfO19i5jvf8ArXwhbFBLh
eTmrWqp/gHAlmU93byQJT984jY41+wW3ebl+XJmO+VJScbovTktytxwjxTgmGP5l
TZ5dRCqQKREWM8Y+Lce0DCUx9nlx1TZSOikCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQ66PmQqozGrrBRbPLZlcxIYHOm3TAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZDJkOGRjMGEtOGRkMS00YWY0LTgyNGItODliZWNmODU1YWFmLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEcqWqyuSmzawOeI
xtMTv93w+ZD2zEXaFc4V4EdbFho4RXmxfqkE6xVuPif6bildPQGK/YtyHXLRra35
dAnQ/ig5cS89GKFEiOWKVSvf7wicQdYN2R+z98qV0OfnwTisxh3AKOlRwGKuUN+o
pGy7TR/oP8ZoGAhwOOHNl/OW9r+aYV1OnDLSE/y8lvY9x5+sqZsgP3ok3TTtqILL
T54911pDo3xsgskyKJ1ypiRJvhJNsd18Yx+xPN3wRaekaBTWYTx7g5v06nG9jjCr
1bDP9HNzw5tXcUAplxGZKcxGLjyW9ITpV0nVAiYw8gt5LH8KgUlstHBXFkV2pN8N
/E8Z+O4=
-----END CERTIFICATE-----