Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/da633fe0-8ae4-47e4-a5c2-edb1053766ca.roa
File:                     da633fe0-8ae4-47e4-a5c2-edb1053766ca.roa (raw, json)
Hash identifier:          Rulx8Qrr5pfx6etdUQIgn2quKbxN96GVirFIYK6wHfo=
Subject key identifier:   78:0D:84:B5:5A:3E:5E:FA:BA:B5:BC:68:E6:ED:E9:34:23:AA:F7:F7
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       4052A6DCAF15FE7CFEB02922DF5AD982F6C1EDFD
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/da633fe0-8ae4-47e4-a5c2-edb1053766ca.roa
Signing time:             Sun 12 Feb 2023 00:00:00 +0000
ROA not before:           Sun 12 Feb 2023 00:00:00 +0000
ROA not after:            Wed 15 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:52:a6:dc:af:15:fe:7c:fe:b0:29:22:df:5a:d9:82:f6:c1:ed:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 12 00:00:00 2023 GMT
            Not After : Feb 15 23:59:59 2023 GMT
        Subject: serialNumber=198adcf0ecf1d7adb977e1504f5d48725dfe744f27eec9d4a44edeee9a662f7d, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:78:76:2b:73:1c:89:cf:27:57:5d:eb:f6:f9:
                    24:7c:33:14:fb:51:d6:d1:ca:30:db:b9:10:dc:cc:
                    d9:04:5d:01:f3:b3:a7:7e:c3:33:5d:78:00:20:cd:
                    8a:05:63:cc:98:ab:98:cf:28:97:f7:4f:9f:4b:fa:
                    d3:36:0a:9e:b1:61:9e:f7:38:a3:dc:6d:a3:a4:5e:
                    03:c9:b5:b8:3b:03:3f:7e:6a:64:cb:4f:93:ec:c0:
                    42:bb:59:00:3e:37:7a:48:fa:82:c9:06:f7:9d:b7:
                    ec:38:bb:62:69:fd:72:d0:09:d9:ca:4b:85:2e:e4:
                    22:e6:79:47:9a:24:4f:42:6c:c2:d2:db:4b:68:5c:
                    71:6f:1a:5a:fe:10:f7:5a:be:a7:4a:30:e7:7b:2c:
                    c0:85:8d:1c:1b:44:e0:cf:40:35:3a:fe:5c:d6:5b:
                    d4:e5:21:9c:1d:2e:08:32:37:09:fe:2a:78:7a:a2:
                    6c:5b:ae:4a:00:53:21:b9:1d:36:65:13:0b:e5:a4:
                    4b:b4:9a:bb:75:10:42:a3:34:b1:a8:f7:87:e4:00:
                    ab:ab:16:b6:74:eb:7c:72:fd:a9:cc:ee:d6:df:73:
                    36:28:a0:5b:cc:c5:e0:fe:d8:ba:c2:db:96:86:08:
                    15:27:e8:6b:b0:33:bc:bd:1f:74:dd:fe:b4:a7:1b:
                    01:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:0D:84:B5:5A:3E:5E:FA:BA:B5:BC:68:E6:ED:E9:34:23:AA:F7:F7
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/da633fe0-8ae4-47e4-a5c2-edb1053766ca.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:f3:06:8e:1b:6a:58:00:66:a1:5e:a2:f0:7b:13:bd:7f:00:
         cc:66:48:31:4a:7d:2f:ec:ad:b7:54:11:46:c5:30:80:f6:8b:
         f2:98:62:65:92:b6:56:07:e8:50:e6:a1:4a:6b:47:f9:aa:47:
         24:4b:1b:82:6f:37:fe:f8:1b:a6:e2:0d:19:66:6e:2f:e9:57:
         eb:61:2f:7a:de:0c:cd:86:8c:ac:79:aa:cc:5d:46:ea:93:5c:
         f3:9a:99:8f:e1:ed:52:f3:05:27:6a:ec:56:6a:33:ee:26:99:
         b8:a6:40:83:c4:7a:10:f1:fc:ea:63:62:a3:04:12:20:b3:95:
         40:dd:af:d3:3e:89:5b:b4:d7:b5:bf:6a:93:95:28:5c:19:fb:
         db:66:68:3a:1f:fb:cc:76:97:08:c2:9e:57:06:cd:b7:b5:96:
         1c:c5:51:86:78:b6:6f:93:91:6d:27:3f:b5:f8:d5:ad:29:38:
         be:70:2c:b7:d5:a1:81:3d:eb:3c:55:cd:ba:db:7c:8c:ed:f1:
         92:15:d5:1b:1c:67:77:77:1c:e5:c5:1d:8c:6b:98:8a:d7:e7:
         0c:92:68:42:20:a2:00:2d:60:59:f8:e9:d0:e9:ea:b9:61:b2:
         28:20:ca:97:74:30:65:7f:93:1a:b8:9b:7e:0b:57:ba:0d:d3:
         ce:58:c6:3b
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUQFKm3K8V/nz+sCki31rZgvbB7f0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjEyMDAwMDAwWhcNMjMwMjE1MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMTk4YWRjZjBlY2YxZDdhZGI5NzdlMTUwNGY1ZDQ4NzI1
ZGZlNzQ0ZjI3ZWVjOWQ0YTQ0ZWRlZWU5YTY2MmY3ZDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAN54ditzHInPJ1dd6/b5JHwzFPtR1tHKMNu5ENzM2QRdAfOzp37D
M114ACDNigVjzJirmM8ol/dPn0v60zYKnrFhnvc4o9xto6ReA8m1uDsDP35qZMtP
k+zAQrtZAD43ekj6gskG95237Di7Ymn9ctAJ2cpLhS7kIuZ5R5okT0JswtLbS2hc
cW8aWv4Q91q+p0ow53sswIWNHBtE4M9ANTr+XNZb1OUhnB0uCDI3Cf4qeHqibFuu
SgBTIbkdNmUTC+WkS7Sau3UQQqM0saj3h+QAq6sWtnTrfHL9qczu1t9zNiigW8zF
4P7YusLbloYIFSfoa7AzvL0fdN3+tKcbAXMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBR4DYS1Wj5e+rq1vGjm7ek0I6r39zAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZGE2MzNmZTAtOGFlNC00N2U0LWE1YzItZWRiMTA1Mzc2NmNhLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJXzBo4balgAZqFe
ovB7E71/AMxmSDFKfS/srbdUEUbFMID2i/KYYmWStlYH6FDmoUprR/mqRyRLG4Jv
N/74G6biDRlmbi/pV+thL3reDM2GjKx5qsxdRuqTXPOamY/h7VLzBSdq7FZqM+4m
mbimQIPEehDx/OpjYqMEEiCzlUDdr9M+iVu017W/apOVKFwZ+9tmaDof+8x2lwjC
nlcGzbe1lhzFUYZ4tm+TkW0nP7X41a0pOL5wLLfVoYE96zxVzbrbfIzt8ZIV1Rsc
Z3d3HOXFHYxrmIrX5wySaEIgogAtYFn46dDp6rlhsiggypd0MGV/kxq4m34LV7oN
085Yxjs=
-----END CERTIFICATE-----