Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/dd57d09c-7061-4b6d-8798-9a1a58765ab9.roa
File:                     dd57d09c-7061-4b6d-8798-9a1a58765ab9.roa (raw, json)
Hash identifier:          LMm4pNh0gW8bldxWykfTyUZrNBufPzvm1w4/auVYeJo=
Subject key identifier:   6D:B6:9F:8F:60:19:7C:51:33:86:C8:ED:6B:74:6B:AD:B6:92:09:D4
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       75D71A9F2B3EB9CB13794C5B32BE6C95F73BA11A
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/dd57d09c-7061-4b6d-8798-9a1a58765ab9.roa
Signing time:             Tue 18 Apr 2023 00:00:00 +0000
ROA not before:           Tue 18 Apr 2023 00:00:00 +0000
ROA not after:            Fri 21 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:d7:1a:9f:2b:3e:b9:cb:13:79:4c:5b:32:be:6c:95:f7:3b:a1:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 18 00:00:00 2023 GMT
            Not After : Apr 21 23:59:59 2023 GMT
        Subject: serialNumber=5eb12c223603d7fc22181aed5a5598b6b7edcefb5536b28d9fef689e7f3f37f9, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:57:e2:88:92:73:39:42:39:04:af:33:5b:e8:
                    7d:0c:ba:65:8d:c6:dc:02:cc:02:b2:ef:6a:9c:a7:
                    c5:3f:49:ca:40:b1:b7:05:49:02:41:78:a1:ea:c7:
                    38:a6:e5:4e:c3:7d:21:eb:70:9f:1e:d0:2a:26:fd:
                    6a:8f:70:4e:6f:dc:a3:86:1e:69:0c:e7:b3:56:85:
                    e8:71:cb:cd:32:f6:53:07:55:07:cd:dc:14:0d:d6:
                    48:89:49:41:9a:63:af:9f:18:e0:17:2a:b2:10:56:
                    eb:7a:7a:17:a2:5f:9a:25:4e:a2:70:6f:e5:d4:ee:
                    09:17:8f:6b:60:ba:c5:bd:33:fa:ad:7e:bb:f5:14:
                    93:83:76:60:99:20:4f:b9:6d:70:b5:65:cd:50:5a:
                    44:ec:a8:82:c4:5e:dd:13:50:33:9a:04:7a:91:7c:
                    d4:2c:f0:e5:d7:7d:86:6e:62:01:1a:14:4f:92:ca:
                    e6:ea:15:a2:14:f3:a0:12:aa:b4:d6:a9:d4:48:e7:
                    95:2f:62:42:44:56:63:13:e4:ae:60:b0:27:2a:74:
                    a5:d5:83:3d:86:99:12:cb:7b:a5:fd:1f:8e:93:b0:
                    99:db:c7:11:ae:9e:ef:de:f7:ad:72:10:1d:e9:a3:
                    ee:34:10:2d:b6:d4:18:65:3e:a9:0f:6f:f9:50:ec:
                    d8:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:B6:9F:8F:60:19:7C:51:33:86:C8:ED:6B:74:6B:AD:B6:92:09:D4
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/dd57d09c-7061-4b6d-8798-9a1a58765ab9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:58:0d:ab:70:9c:aa:3f:19:00:c6:80:ee:17:fb:45:ae:0a:
         53:c6:7a:85:e6:d3:06:67:52:5e:71:c1:ef:42:13:dc:14:2d:
         5c:94:d9:e3:f8:f7:45:92:26:56:ed:45:23:e9:68:1d:33:78:
         c2:59:72:62:fe:48:98:ee:a4:84:3f:98:68:28:53:10:a1:48:
         53:72:99:57:67:61:0a:58:a4:7d:52:05:b2:2a:53:a1:75:fa:
         70:41:4f:28:f0:bf:7c:ec:81:c8:26:ea:f4:7c:ad:35:d9:e2:
         99:79:7e:e6:e5:6b:8a:7d:33:48:1f:e5:b0:05:ad:af:e7:39:
         94:8c:d9:78:f1:fc:74:c2:75:2e:42:af:2e:af:1a:09:1d:39:
         31:f1:e4:8a:47:51:d8:a3:12:36:7c:f1:a1:4d:19:76:2f:4c:
         e0:63:92:c3:cf:99:d2:68:85:5c:03:bc:6e:92:09:a6:55:1d:
         bf:a2:ba:38:65:2b:ae:73:f3:40:0c:23:30:85:24:cf:ea:96:
         97:17:8c:31:ea:96:2d:55:5c:18:e5:cf:ee:e5:f8:7f:94:56:
         d3:64:f1:98:d9:df:92:d0:70:8f:2a:ad:5b:24:ea:2c:af:f4:
         51:4f:3c:30:34:4d:9a:86:07:f7:72:09:5b:8f:e9:e5:8f:7f:
         27:85:37:98
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUddcanys+ucsTeUxbMr5slfc7oRowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDE4MDAwMDAwWhcNMjMwNDIxMjM1OTU5
WjCBpTFJMEcGA1UEBRNANWViMTJjMjIzNjAzZDdmYzIyMTgxYWVkNWE1NTk4YjZi
N2VkY2VmYjU1MzZiMjhkOWZlZjY4OWU3ZjNmMzdmOTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMZX4oiSczlCOQSvM1vofQy6ZY3G3ALMArLvapynxT9JykCxtwVJ
AkF4oerHOKblTsN9Ietwnx7QKib9ao9wTm/co4YeaQzns1aF6HHLzTL2UwdVB83c
FA3WSIlJQZpjr58Y4BcqshBW63p6F6JfmiVOonBv5dTuCRePa2C6xb0z+q1+u/UU
k4N2YJkgT7ltcLVlzVBaROyogsRe3RNQM5oEepF81Czw5dd9hm5iARoUT5LK5uoV
ohTzoBKqtNap1EjnlS9iQkRWYxPkrmCwJyp0pdWDPYaZEst7pf0fjpOwmdvHEa6e
7973rXIQHemj7jQQLbbUGGU+qQ9v+VDs2KcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRttp+PYBl8UTOGyO1rdGuttpIJ1DAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZGQ1N2QwOWMtNzA2MS00YjZkLTg3OTgtOWExYTU4NzY1YWI5LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHtYDatwnKo/GQDG
gO4X+0WuClPGeoXm0wZnUl5xwe9CE9wULVyU2eP490WSJlbtRSPpaB0zeMJZcmL+
SJjupIQ/mGgoUxChSFNymVdnYQpYpH1SBbIqU6F1+nBBTyjwv3zsgcgm6vR8rTXZ
4pl5fubla4p9M0gf5bAFra/nOZSM2Xjx/HTCdS5Cry6vGgkdOTHx5IpHUdijEjZ8
8aFNGXYvTOBjksPPmdJohVwDvG6SCaZVHb+iujhlK65z80AMIzCFJM/qlpcXjDHq
li1VXBjlz+7l+H+UVtNk8ZjZ35LQcI8qrVsk6iyv9FFPPDA0TZqGB/dyCVuP6eWP
fyeFN5g=
-----END CERTIFICATE-----