Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/dcf73526-7a72-4b3f-823b-95e52752dd0c.roa
File:                     dcf73526-7a72-4b3f-823b-95e52752dd0c.roa (raw, json)
Hash identifier:          m1Ji7HBcj/GOzUY0tW3vqAKpXUliGkZSELz1L846N/s=
Subject key identifier:   BC:AD:7B:B2:AF:6A:F8:07:0A:B7:5D:2D:DF:6C:8E:C1:20:AB:90:34
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       3DE02D8ED8742D75B94070BE9C5A9993776D7046
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/dcf73526-7a72-4b3f-823b-95e52752dd0c.roa
Signing time:             Sat 18 Mar 2023 00:00:00 +0000
ROA not before:           Sat 18 Mar 2023 00:00:00 +0000
ROA not after:            Tue 21 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:e0:2d:8e:d8:74:2d:75:b9:40:70:be:9c:5a:99:93:77:6d:70:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 18 00:00:00 2023 GMT
            Not After : Mar 21 23:59:59 2023 GMT
        Subject: serialNumber=2f422ed9a9a97c0f70c5cc30c324c3ce3ec26898f49ce2cd24983a5bab1c15ed, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:39:d0:fc:bd:54:e3:78:f2:6c:5b:36:c6:47:
                    c8:df:7a:dd:ce:bb:3b:6c:3f:2f:42:c1:29:c2:74:
                    73:8c:51:a9:15:9d:67:9b:f4:88:42:a2:a4:48:fb:
                    07:9e:69:43:f3:ec:f8:86:d2:8e:4a:3f:c8:6e:36:
                    e5:34:8f:29:95:dc:30:bc:79:71:0a:ac:97:93:0e:
                    ca:e5:5b:f9:d7:6b:a7:6f:7f:50:c7:e0:6b:e1:3b:
                    18:a7:e4:4a:9b:e4:c1:0b:15:26:2b:c8:3f:70:61:
                    b9:52:80:10:75:43:e5:69:ad:b4:5e:07:ba:b6:85:
                    f1:29:2c:b2:81:a6:63:c0:87:2b:bb:10:35:e0:8c:
                    b9:8f:c5:84:8d:95:9f:b6:34:84:b6:00:4c:2e:3c:
                    db:90:d8:ba:48:1a:f9:91:ab:93:0f:c1:25:d3:af:
                    3a:d5:60:35:3d:6f:6f:c7:b0:34:2a:21:fc:8a:a2:
                    d6:36:dc:70:18:77:2d:cd:99:a6:74:89:b4:42:77:
                    f4:97:f2:d9:d5:7d:8c:a2:19:01:61:f4:7d:6f:a5:
                    94:92:93:ca:c1:bd:c7:fc:b2:01:b2:26:f4:57:26:
                    e1:b8:0f:04:52:a4:d5:14:53:b8:27:4a:5c:f7:20:
                    4d:fa:98:51:7b:98:68:95:3e:d4:5c:65:d5:85:ad:
                    f1:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:AD:7B:B2:AF:6A:F8:07:0A:B7:5D:2D:DF:6C:8E:C1:20:AB:90:34
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/dcf73526-7a72-4b3f-823b-95e52752dd0c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:03:ba:9c:6e:18:a3:27:30:18:68:57:cb:01:03:2d:3a:5a:
         59:a3:79:65:93:cd:3a:1c:5d:78:04:36:16:d1:18:b4:d2:78:
         d2:10:c6:80:98:86:05:db:b8:ae:b2:d7:b5:d5:ae:d6:13:4a:
         28:0c:55:68:0d:45:7b:8d:87:9b:8e:8d:64:93:d8:5c:6d:ac:
         7c:f2:c1:d5:96:0d:46:76:a6:d7:13:b3:6b:41:24:26:40:55:
         ac:9b:bc:01:b3:19:7b:3e:44:7f:cc:ff:fe:0d:fc:8b:47:a7:
         49:5f:e3:46:76:25:c2:2c:01:81:44:44:de:f6:16:79:84:b5:
         93:b2:a4:d2:c2:4d:40:45:ff:e3:20:4f:11:4e:1b:4e:81:99:
         8e:44:6a:1f:b0:a2:a2:10:fe:a2:5a:a7:84:ae:94:da:ab:aa:
         a0:95:bf:2f:35:23:42:96:e7:6f:91:10:92:44:fc:2b:cc:ae:
         f1:6c:34:d4:0b:ed:ae:ff:d1:1e:7e:88:ec:ec:99:38:2b:5a:
         e5:2e:19:b7:da:2f:7c:c1:66:ca:5a:c8:55:c0:51:3a:06:b6:
         e0:92:ce:2a:f8:4f:dd:e9:65:09:90:a8:85:5c:97:61:0c:1a:
         15:08:23:28:27:f9:96:fa:4e:21:c0:7a:a8:21:3b:e5:e0:8d:
         29:00:33:7d
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUPeAtjth0LXW5QHC+nFqZk3dtcEYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzE4MDAwMDAwWhcNMjMwMzIxMjM1OTU5
WjCBpTFJMEcGA1UEBRNAMmY0MjJlZDlhOWE5N2MwZjcwYzVjYzMwYzMyNGMzY2Uz
ZWMyNjg5OGY0OWNlMmNkMjQ5ODNhNWJhYjFjMTVlZDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJY50Py9VON48mxbNsZHyN963c67O2w/L0LBKcJ0c4xRqRWdZ5v0
iEKipEj7B55pQ/Ps+IbSjko/yG425TSPKZXcMLx5cQqsl5MOyuVb+ddrp29/UMfg
a+E7GKfkSpvkwQsVJivIP3BhuVKAEHVD5WmttF4HuraF8SkssoGmY8CHK7sQNeCM
uY/FhI2Vn7Y0hLYATC4825DYukga+ZGrkw/BJdOvOtVgNT1vb8ewNCoh/Iqi1jbc
cBh3Lc2ZpnSJtEJ39Jfy2dV9jKIZAWH0fW+llJKTysG9x/yyAbIm9Fcm4bgPBFKk
1RRTuCdKXPcgTfqYUXuYaJU+1Fxl1YWt8dsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBS8rXuyr2r4Bwq3XS3fbI7BIKuQNDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZGNmNzM1MjYtN2E3Mi00YjNmLTgyM2ItOTVlNTI3NTJkZDBjLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFwDupxuGKMnMBho
V8sBAy06WlmjeWWTzTocXXgENhbRGLTSeNIQxoCYhgXbuK6y17XVrtYTSigMVWgN
RXuNh5uOjWST2FxtrHzywdWWDUZ2ptcTs2tBJCZAVaybvAGzGXs+RH/M//4N/ItH
p0lf40Z2JcIsAYFERN72FnmEtZOypNLCTUBF/+MgTxFOG06BmY5Eah+woqIQ/qJa
p4SulNqrqqCVvy81I0KW52+REJJE/CvMrvFsNNQL7a7/0R5+iOzsmTgrWuUuGbfa
L3zBZspayFXAUToGtuCSzir4T93pZQmQqIVcl2EMGhUIIygn+Zb6TiHAeqghO+Xg
jSkAM30=
-----END CERTIFICATE-----