Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/df9c2f4d-68cb-4a29-97e2-4e6191b3c12a.roa
File:                     df9c2f4d-68cb-4a29-97e2-4e6191b3c12a.roa (raw, json)
Hash identifier:          h5J6/OmPW/lRZHJLihuu9mzNANeVqKysvGkc1jCzbXo=
Subject key identifier:   9A:0D:A4:B7:C6:C5:0D:C5:AF:AB:0D:A9:FD:2B:74:5B:5E:A1:20:BB
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       672396AF92C6C1D34A87921F5689F0FE548F90D7
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/df9c2f4d-68cb-4a29-97e2-4e6191b3c12a.roa
Signing time:             Sun 26 Mar 2023 00:00:00 +0000
ROA not before:           Sun 26 Mar 2023 00:00:00 +0000
ROA not after:            Wed 29 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:23:96:af:92:c6:c1:d3:4a:87:92:1f:56:89:f0:fe:54:8f:90:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 26 00:00:00 2023 GMT
            Not After : Mar 29 23:59:59 2023 GMT
        Subject: serialNumber=f9192a634b793b27b229700654db8f73acb9c9956196e83f49d641bdf06dcf63, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:86:44:ac:5a:98:3d:f4:34:58:49:f0:7e:95:
                    08:ac:75:c2:33:08:80:87:66:ee:86:6a:92:a3:45:
                    21:e5:68:38:df:26:54:b0:02:18:4f:ec:7b:8c:74:
                    09:58:73:ca:14:7c:b5:4b:db:6f:ad:7c:b2:dd:81:
                    d4:d4:cb:6f:76:a4:74:73:07:2a:bd:ee:4d:61:d4:
                    e8:41:8a:e6:f4:ba:05:62:72:f4:2c:83:d4:97:0b:
                    2e:95:00:a6:7b:d8:a8:9a:7a:26:79:97:a9:f4:27:
                    8c:11:70:45:ba:ba:64:28:86:e7:dc:33:48:e0:b8:
                    4f:19:55:c9:e4:b8:67:b1:e7:92:80:7c:bc:56:8a:
                    08:f2:e2:a0:9a:f2:50:0a:13:7a:b2:0b:cd:08:a1:
                    bf:4f:07:b9:6e:eb:f8:3c:bc:6b:1b:ee:12:0c:96:
                    a6:01:a0:61:89:ce:b3:e9:b3:54:17:6a:1a:68:c6:
                    b7:0e:77:59:c8:bc:37:c4:37:2a:cc:79:8b:c6:3c:
                    89:8c:b1:79:98:d1:30:1e:b9:58:32:86:fb:7d:56:
                    49:05:18:b4:98:52:45:ef:9f:5d:08:76:af:30:e7:
                    82:7a:f6:57:dd:9e:6f:72:ab:2b:e1:3d:e6:f7:50:
                    61:93:d4:05:63:b8:d3:be:91:41:ef:d4:59:7e:c2:
                    70:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:0D:A4:B7:C6:C5:0D:C5:AF:AB:0D:A9:FD:2B:74:5B:5E:A1:20:BB
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/df9c2f4d-68cb-4a29-97e2-4e6191b3c12a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:d8:07:d7:e0:72:ce:ec:39:80:0a:81:72:a0:bb:da:c9:44:
         ca:87:dc:7d:12:29:4b:89:57:f4:5c:81:db:38:66:bd:4c:c9:
         75:be:6f:84:80:85:08:2d:71:ce:e6:39:99:e8:84:82:1f:73:
         d7:5a:0d:65:f1:bc:5a:fe:70:96:5c:10:54:06:32:d5:6e:5c:
         6d:28:3c:bc:ab:92:2c:a0:86:b7:63:38:4b:57:44:c9:d8:84:
         11:d6:3c:8a:17:c9:ed:31:f0:a0:8b:88:d2:87:69:01:89:34:
         50:73:35:34:57:68:69:a8:1b:98:26:40:3d:64:76:bf:03:22:
         4e:a2:54:0c:6c:4e:90:88:e9:4a:09:30:7a:f5:27:a7:7b:05:
         a3:08:02:1a:09:b6:34:19:8a:4b:66:cb:88:4f:2e:68:62:9f:
         90:1f:47:cc:b0:5a:53:ed:33:43:59:bd:aa:95:a0:db:30:bf:
         fe:cd:2e:8e:c2:9a:e2:70:41:8d:81:b7:a3:1b:2b:ec:44:d6:
         22:62:ce:a9:e5:cb:36:8d:07:fc:2e:a9:be:8f:f5:eb:72:15:
         c8:85:3f:bc:f4:32:b8:8b:ed:6e:07:24:6e:9e:48:01:9f:eb:
         d3:bd:fc:25:be:0e:1f:41:f8:32:05:23:5f:1c:39:d8:01:fb:
         f7:c2:e4:69
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUZyOWr5LGwdNKh5IfVonw/lSPkNcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzI2MDAwMDAwWhcNMjMwMzI5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZjkxOTJhNjM0Yjc5M2IyN2IyMjk3MDA2NTRkYjhmNzNh
Y2I5Yzk5NTYxOTZlODNmNDlkNjQxYmRmMDZkY2Y2MzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJeGRKxamD30NFhJ8H6VCKx1wjMIgIdm7oZqkqNFIeVoON8mVLAC
GE/se4x0CVhzyhR8tUvbb618st2B1NTLb3akdHMHKr3uTWHU6EGK5vS6BWJy9CyD
1JcLLpUApnvYqJp6JnmXqfQnjBFwRbq6ZCiG59wzSOC4TxlVyeS4Z7HnkoB8vFaK
CPLioJryUAoTerILzQihv08HuW7r+Dy8axvuEgyWpgGgYYnOs+mzVBdqGmjGtw53
Wci8N8Q3Ksx5i8Y8iYyxeZjRMB65WDKG+31WSQUYtJhSRe+fXQh2rzDngnr2V92e
b3KrK+E95vdQYZPUBWO4076RQe/UWX7CcBcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSaDaS3xsUNxa+rDan9K3RbXqEguzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZGY5YzJmNGQtNjhjYi00YTI5LTk3ZTItNGU2MTkxYjNjMTJhLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAjYB9fgcs7sOYAK
gXKgu9rJRMqH3H0SKUuJV/Rcgds4Zr1MyXW+b4SAhQgtcc7mOZnohIIfc9daDWXx
vFr+cJZcEFQGMtVuXG0oPLyrkiyghrdjOEtXRMnYhBHWPIoXye0x8KCLiNKHaQGJ
NFBzNTRXaGmoG5gmQD1kdr8DIk6iVAxsTpCI6UoJMHr1J6d7BaMIAhoJtjQZiktm
y4hPLmhin5AfR8ywWlPtM0NZvaqVoNswv/7NLo7CmuJwQY2Bt6MbK+xE1iJizqnl
yzaNB/wuqb6P9etyFciFP7z0MriL7W4HJG6eSAGf69O9/CW+Dh9B+DIFI18cOdgB
+/fC5Gk=
-----END CERTIFICATE-----