Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/dc9cb5c9-ae6e-4324-ad14-b4bd968d4742.roa
File:                     dc9cb5c9-ae6e-4324-ad14-b4bd968d4742.roa (raw, json)
Hash identifier:          sMhjj6xl6XQ0wWeIeJT2K166Jfu+brmUG18iBlgZ7+g=
Subject key identifier:   A3:39:7C:9F:E2:45:58:53:B1:9D:DD:5C:ED:F8:5C:0E:E5:A7:97:A8
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       5671A5F803DC9D7D08822A61CCAA364431CA1637
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/dc9cb5c9-ae6e-4324-ad14-b4bd968d4742.roa
Signing time:             Sat 22 Apr 2023 00:00:00 +0000
ROA not before:           Sat 22 Apr 2023 00:00:00 +0000
ROA not after:            Tue 25 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:71:a5:f8:03:dc:9d:7d:08:82:2a:61:cc:aa:36:44:31:ca:16:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 22 00:00:00 2023 GMT
            Not After : Apr 25 23:59:59 2023 GMT
        Subject: serialNumber=af59de47413502d8d2434b802bab6457cfa05c9faeffd5ec5055470a0b2ba5b3, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:29:17:96:a5:b6:9c:b3:1b:11:2d:f5:0f:91:
                    13:5e:88:27:20:e3:00:32:ef:76:c5:aa:e2:4c:1e:
                    e4:75:fc:18:9e:1c:77:36:48:9d:ed:ad:19:70:cd:
                    a2:47:c1:85:53:32:4c:76:33:a4:11:b0:ca:c1:d2:
                    73:b9:57:e3:66:69:d7:bf:e1:3a:03:e2:93:ce:b5:
                    54:6e:3b:97:73:17:5a:6e:34:80:3e:78:f9:13:d9:
                    9a:be:73:27:5d:0f:b6:83:d2:8d:ea:c4:d3:59:58:
                    bc:43:f7:8d:19:90:08:7e:88:8c:c4:bd:ad:ba:c5:
                    b3:c0:5f:45:25:b5:fd:70:8e:a8:d7:52:d6:bd:d1:
                    5b:6b:72:67:56:9a:78:b6:22:b9:95:a6:e1:c5:3e:
                    19:5b:ff:85:c9:66:b2:b2:02:21:38:a2:60:85:85:
                    47:44:71:44:d2:37:4b:50:b7:91:b5:b0:d8:60:62:
                    b5:cb:16:db:e4:f9:e1:de:14:ab:65:6e:1a:b3:48:
                    8f:18:a8:cc:cd:37:fc:cf:c6:98:96:1f:88:3b:13:
                    e0:c0:77:52:c7:dd:00:52:7a:e3:c0:8a:96:92:c5:
                    1e:66:ac:05:fa:cd:4e:fc:f4:df:99:de:a4:b3:b2:
                    bc:71:c3:d4:cb:8e:5d:ae:0c:2c:42:6d:02:0a:52:
                    aa:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:39:7C:9F:E2:45:58:53:B1:9D:DD:5C:ED:F8:5C:0E:E5:A7:97:A8
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/dc9cb5c9-ae6e-4324-ad14-b4bd968d4742.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cb:cc:fb:4e:dc:81:e6:72:9c:d9:df:be:83:cb:93:eb:0d:88:
         05:b9:58:21:54:c7:e5:5e:16:10:be:d6:4c:fd:fe:2c:fd:ba:
         5a:fd:54:58:b0:02:8b:4a:b9:52:62:c9:9f:67:a8:b6:65:7e:
         50:82:eb:3f:fe:ec:77:2e:12:01:19:15:b2:86:fa:86:f8:d5:
         4c:25:97:ca:53:38:67:2f:99:b9:8e:c0:1a:da:38:3c:c6:52:
         74:33:01:8c:c6:4c:61:47:a6:bf:2c:de:6f:c4:2d:6f:0a:b6:
         67:00:b2:27:77:22:d1:af:f1:72:61:c5:4e:5f:3a:b0:c9:8d:
         b8:77:27:39:73:ed:d9:dc:e4:65:69:d0:56:12:f7:8c:65:c3:
         c2:07:61:94:15:45:d8:75:74:f5:78:05:e5:9f:cf:34:d2:8a:
         bc:32:48:83:90:69:76:69:a5:98:9b:43:f6:82:70:95:54:9f:
         49:6d:00:f7:c0:96:2d:cd:f4:cf:f2:7f:82:48:d5:a2:14:6a:
         b7:64:da:35:ec:13:ba:d4:fa:1b:cc:93:e6:2b:6f:4d:1c:7a:
         7f:6b:b7:07:0c:fc:3b:96:b1:64:01:5f:87:9c:92:b3:bc:64:
         42:9b:3e:ae:4e:93:a2:f1:2d:9f:86:e4:72:5f:ae:b0:2f:d1:
         e9:94:5a:18
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUVnGl+APcnX0IgiphzKo2RDHKFjcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDIyMDAwMDAwWhcNMjMwNDI1MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYWY1OWRlNDc0MTM1MDJkOGQyNDM0YjgwMmJhYjY0NTdj
ZmEwNWM5ZmFlZmZkNWVjNTA1NTQ3MGEwYjJiYTViMzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKYpF5altpyzGxEt9Q+RE16IJyDjADLvdsWq4kwe5HX8GJ4cdzZI
ne2tGXDNokfBhVMyTHYzpBGwysHSc7lX42Zp17/hOgPik861VG47l3MXWm40gD54
+RPZmr5zJ10PtoPSjerE01lYvEP3jRmQCH6IjMS9rbrFs8BfRSW1/XCOqNdS1r3R
W2tyZ1aaeLYiuZWm4cU+GVv/hclmsrICITiiYIWFR0RxRNI3S1C3kbWw2GBitcsW
2+T54d4Uq2VuGrNIjxiozM03/M/GmJYfiDsT4MB3UsfdAFJ648CKlpLFHmasBfrN
Tvz035nepLOyvHHD1MuOXa4MLEJtAgpSqiUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSjOXyf4kVYU7Gd3Vzt+FwO5aeXqDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZGM5Y2I1YzktYWU2ZS00MzI0LWFkMTQtYjRiZDk2OGQ0NzQyLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAMvM+07cgeZynNnf
voPLk+sNiAW5WCFUx+VeFhC+1kz9/iz9ulr9VFiwAotKuVJiyZ9nqLZlflCC6z/+
7HcuEgEZFbKG+ob41Uwll8pTOGcvmbmOwBraODzGUnQzAYzGTGFHpr8s3m/ELW8K
tmcAsid3ItGv8XJhxU5fOrDJjbh3Jzlz7dnc5GVp0FYS94xlw8IHYZQVRdh1dPV4
BeWfzzTSirwySIOQaXZppZibQ/aCcJVUn0ltAPfAli3N9M/yf4JI1aIUardk2jXs
E7rU+hvMk+Yrb00cen9rtwcM/DuWsWQBX4eckrO8ZEKbPq5Ok6LxLZ+G5HJfrrAv
0emUWhg=
-----END CERTIFICATE-----