Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d6dd9401-4d6e-4e4f-8d27-4160a866585a.roa
File:                     d6dd9401-4d6e-4e4f-8d27-4160a866585a.roa (raw, json)
Hash identifier:          /FF09UW4otniCqJg3kUkonis+2VTJAeOQuJpKJGK7s8=
Subject key identifier:   72:F5:09:B8:98:EA:10:C6:C2:5C:36:73:DF:B7:83:82:34:2A:29:99
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       12268D8E035C6D6A3F73B8EE59DDF04C8869A57E
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d6dd9401-4d6e-4e4f-8d27-4160a866585a.roa
Signing time:             Sun 19 Feb 2023 00:00:00 +0000
ROA not before:           Sun 19 Feb 2023 00:00:00 +0000
ROA not after:            Wed 22 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:26:8d:8e:03:5c:6d:6a:3f:73:b8:ee:59:dd:f0:4c:88:69:a5:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 19 00:00:00 2023 GMT
            Not After : Feb 22 23:59:59 2023 GMT
        Subject: serialNumber=dca9d45eb8f13858f0227ce889c10c51b18ce90d051be74e5f596aca690fca6a, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:9b:4f:f7:ef:0e:74:08:60:9f:38:4f:f8:12:
                    38:5d:d6:83:22:60:e7:ab:55:0b:7d:dd:3e:b4:f3:
                    4e:55:82:b3:42:7b:39:60:6d:89:c1:23:8a:26:a9:
                    0d:1a:c9:87:84:10:6d:7f:d5:a0:79:85:6c:7b:60:
                    60:c8:b5:90:c8:13:0c:52:50:03:d7:08:54:04:fd:
                    12:f4:d4:15:de:79:67:57:01:78:1c:09:ca:08:92:
                    70:16:28:2a:6b:be:c4:6a:ba:8e:12:af:a9:2c:5f:
                    3b:85:10:01:9b:7c:a4:d8:8f:f6:19:97:64:cd:fc:
                    db:72:42:3c:ad:30:09:a6:36:4b:3d:f8:18:8a:9f:
                    1c:6b:fe:e1:25:2c:a3:34:b0:72:97:62:69:9c:d9:
                    7a:36:98:45:85:12:b4:ee:32:23:20:06:39:6a:ad:
                    c6:69:ea:47:55:a2:57:4f:4c:d9:ac:2e:29:37:40:
                    5c:6a:11:0f:24:41:5c:75:38:60:d6:c8:d4:9f:84:
                    55:81:0a:98:03:d1:9f:d0:05:a3:41:ce:8e:e7:ce:
                    65:eb:f3:93:f7:4e:db:1d:d3:35:a6:55:63:38:8e:
                    73:62:db:9c:33:98:b1:2e:d1:89:6e:76:ef:1a:86:
                    6a:be:73:60:51:56:52:e0:18:6e:8d:7f:dd:4f:ed:
                    35:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:F5:09:B8:98:EA:10:C6:C2:5C:36:73:DF:B7:83:82:34:2A:29:99
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/d6dd9401-4d6e-4e4f-8d27-4160a866585a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:80:0b:93:27:25:98:a9:b4:c9:cf:62:25:89:a0:2c:c3:7e:
         57:ec:8f:9c:fa:4e:b8:84:09:ab:d2:43:0b:6c:15:75:6a:dd:
         b8:38:86:53:31:c8:a5:bd:38:33:69:d2:8e:d0:41:d3:ea:3c:
         33:9b:47:a2:ca:86:d7:e9:34:ba:76:d0:17:68:40:69:eb:51:
         6b:20:51:bd:36:56:25:38:da:b8:8a:44:5a:18:c4:13:d7:e9:
         61:60:90:a3:56:58:6e:08:9a:d3:8d:4c:df:18:11:e9:e0:10:
         39:81:3c:ff:86:ba:df:ae:c1:dd:00:f2:2f:1f:42:54:ea:1c:
         77:13:e1:16:19:98:38:08:b6:60:37:db:60:88:c7:f8:67:4f:
         9f:0d:7c:2c:3c:38:e2:2c:aa:2f:e3:22:23:0a:4d:e2:9c:e1:
         15:b2:3b:04:27:e2:49:97:43:e4:43:db:14:ba:7b:9e:26:6e:
         a1:e0:ce:5f:97:77:6a:6a:e2:64:39:ac:29:ca:45:fb:3f:6f:
         64:4f:92:60:e5:8f:1b:b2:0c:48:53:8b:6a:70:4b:ff:74:8c:
         da:38:0a:42:b6:4e:f3:a6:22:af:7a:82:ed:f4:2a:43:da:27:
         a8:6d:80:19:cc:7e:c1:c6:37:38:1f:55:3e:fb:2c:87:27:c1:
         82:1e:3f:85
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUEiaNjgNcbWo/c7juWd3wTIhppX4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjE5MDAwMDAwWhcNMjMwMjIyMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZGNhOWQ0NWViOGYxMzg1OGYwMjI3Y2U4ODljMTBjNTFi
MThjZTkwZDA1MWJlNzRlNWY1OTZhY2E2OTBmY2E2YTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALGbT/fvDnQIYJ84T/gSOF3WgyJg56tVC33dPrTzTlWCs0J7OWBt
icEjiiapDRrJh4QQbX/VoHmFbHtgYMi1kMgTDFJQA9cIVAT9EvTUFd55Z1cBeBwJ
ygiScBYoKmu+xGq6jhKvqSxfO4UQAZt8pNiP9hmXZM3823JCPK0wCaY2Sz34GIqf
HGv+4SUsozSwcpdiaZzZejaYRYUStO4yIyAGOWqtxmnqR1WiV09M2awuKTdAXGoR
DyRBXHU4YNbI1J+EVYEKmAPRn9AFo0HOjufOZevzk/dO2x3TNaZVYziOc2LbnDOY
sS7RiW527xqGar5zYFFWUuAYbo1/3U/tNa8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRy9Qm4mOoQxsJcNnPft4OCNCopmTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZDZkZDk0MDEtNGQ2ZS00ZTRmLThkMjctNDE2MGE4NjY1ODVhLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAiAC5MnJZiptMnP
YiWJoCzDflfsj5z6TriECavSQwtsFXVq3bg4hlMxyKW9ODNp0o7QQdPqPDObR6LK
htfpNLp20BdoQGnrUWsgUb02ViU42riKRFoYxBPX6WFgkKNWWG4ImtONTN8YEeng
EDmBPP+Gut+uwd0A8i8fQlTqHHcT4RYZmDgItmA322CIx/hnT58NfCw8OOIsqi/j
IiMKTeKc4RWyOwQn4kmXQ+RD2xS6e54mbqHgzl+Xd2pq4mQ5rCnKRfs/b2RPkmDl
jxuyDEhTi2pwS/90jNo4CkK2TvOmIq96gu30KkPaJ6htgBnMfsHGNzgfVT77LIcn
wYIeP4U=
-----END CERTIFICATE-----