Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e11874f1-37bc-4371-bccd-4d18b27b2d0d.roa
File:                     e11874f1-37bc-4371-bccd-4d18b27b2d0d.roa (raw, json)
Hash identifier:          smtgqWuwazl4CQPYVdM64QDqeoy7tChmm+kZlI23qRA=
Subject key identifier:   A9:1B:24:66:BE:26:0B:F2:E8:1F:8D:51:1D:27:C4:4E:17:A8:28:51
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       0F76156CC0F159434A0E2E5485828E70E646FE88
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e11874f1-37bc-4371-bccd-4d18b27b2d0d.roa
Signing time:             Mon 06 Mar 2023 00:00:00 +0000
ROA not before:           Mon 06 Mar 2023 00:00:00 +0000
ROA not after:            Thu 09 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:76:15:6c:c0:f1:59:43:4a:0e:2e:54:85:82:8e:70:e6:46:fe:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar  6 00:00:00 2023 GMT
            Not After : Mar  9 23:59:59 2023 GMT
        Subject: serialNumber=b953dae1cb7fc47be33444e1a5cb956290fd9468ecf938b5e69708a19b38fb36, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:0a:b7:b4:b9:8d:d9:3a:9c:55:30:0e:92:82:
                    1c:72:d8:c2:b5:82:b4:63:62:41:fb:54:5c:10:55:
                    32:2f:07:4c:8a:de:b9:7d:ea:e0:4a:31:b5:14:81:
                    96:90:e2:cd:a6:bf:c0:bd:4c:39:0e:57:13:f7:3f:
                    86:3e:fd:ea:96:a1:f0:46:7a:87:25:c7:b0:2e:0d:
                    a5:03:d6:48:b8:9a:79:e0:f3:26:82:49:07:5c:c1:
                    d9:20:03:a4:cf:7e:7c:f9:1c:ba:47:0d:e9:a2:8d:
                    dd:57:99:7b:4c:0a:82:dc:73:07:51:8e:56:7a:44:
                    1a:69:b6:8a:97:1f:e0:ba:7b:56:38:df:7e:0f:6e:
                    54:47:ba:46:15:c8:4d:c8:bb:80:f0:0b:c6:04:aa:
                    dd:ee:3d:7b:d1:66:02:31:00:51:c0:27:0c:2e:17:
                    fb:46:68:23:ec:9d:57:1a:f6:b9:f3:91:1b:5a:2f:
                    78:21:6a:1d:67:0e:26:09:5b:d8:1d:32:4e:41:24:
                    ff:ab:77:80:9d:81:18:bb:1c:fd:69:7a:66:dc:51:
                    bd:e7:81:5a:db:c2:99:6c:6e:c5:eb:9c:38:94:48:
                    10:2f:30:8d:f7:69:95:65:81:6a:0d:f6:f2:26:a5:
                    cc:d2:a5:9a:a0:85:56:48:40:e4:47:cb:86:2f:77:
                    60:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:1B:24:66:BE:26:0B:F2:E8:1F:8D:51:1D:27:C4:4E:17:A8:28:51
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e11874f1-37bc-4371-bccd-4d18b27b2d0d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:90:89:3e:04:be:78:8c:2c:04:fc:f7:f6:f4:a3:95:23:8d:
         3d:4b:18:bb:00:fb:9b:8f:09:14:ac:da:ca:59:82:8e:94:fa:
         f8:0a:7c:c8:84:1e:09:91:ac:73:d9:1a:15:0d:c2:83:70:66:
         73:59:7e:a1:27:c1:d0:3c:e9:94:da:27:b0:01:1a:f1:d0:9f:
         7b:75:b8:02:70:b7:6a:38:0b:08:e6:63:17:a8:62:56:29:ad:
         d6:45:35:cb:3b:f5:0b:ab:4d:6c:cf:be:c0:3b:ef:0c:13:4f:
         bf:6f:29:cf:03:d9:a2:d0:2f:5f:96:ea:a4:32:86:65:78:d7:
         8c:28:89:57:6d:de:52:ed:78:34:fd:91:79:5b:ad:31:7a:c2:
         8a:9c:56:73:1d:9c:28:5a:1c:23:2c:8e:aa:56:cd:3e:e5:e1:
         3b:d1:75:7d:f2:c7:f3:05:4f:fc:38:ff:00:bf:2b:44:ad:f6:
         5e:d9:52:d4:b8:38:9e:b8:0b:9f:f1:df:22:4c:8f:79:72:37:
         fb:85:27:89:ca:55:9a:e9:f3:ba:94:e6:53:0a:3e:a3:c1:85:
         ed:ae:3f:62:ef:9a:00:59:0d:b3:cb:27:c6:ae:77:87:59:15:
         cf:b4:4b:b4:d9:a2:34:78:1b:23:a4:54:9a:f1:ce:af:2e:12:
         b7:de:d8:f2
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUD3YVbMDxWUNKDi5UhYKOcOZG/ogwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzA2MDAwMDAwWhcNMjMwMzA5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYjk1M2RhZTFjYjdmYzQ3YmUzMzQ0NGUxYTVjYjk1NjI5
MGZkOTQ2OGVjZjkzOGI1ZTY5NzA4YTE5YjM4ZmIzNjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALcKt7S5jdk6nFUwDpKCHHLYwrWCtGNiQftUXBBVMi8HTIreuX3q
4EoxtRSBlpDizaa/wL1MOQ5XE/c/hj796pah8EZ6hyXHsC4NpQPWSLiaeeDzJoJJ
B1zB2SADpM9+fPkcukcN6aKN3VeZe0wKgtxzB1GOVnpEGmm2ipcf4Lp7Vjjffg9u
VEe6RhXITci7gPALxgSq3e49e9FmAjEAUcAnDC4X+0ZoI+ydVxr2ufORG1oveCFq
HWcOJglb2B0yTkEk/6t3gJ2BGLsc/Wl6ZtxRveeBWtvCmWxuxeucOJRIEC8wjfdp
lWWBag328ialzNKlmqCFVkhA5EfLhi93YJkCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSpGyRmviYL8ugfjVEdJ8ROF6goUTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZTExODc0ZjEtMzdiYy00MzcxLWJjY2QtNGQxOGIyN2IyZDBkLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAICQiT4EvniMLAT8
9/b0o5UjjT1LGLsA+5uPCRSs2spZgo6U+vgKfMiEHgmRrHPZGhUNwoNwZnNZfqEn
wdA86ZTaJ7ABGvHQn3t1uAJwt2o4CwjmYxeoYlYprdZFNcs79QurTWzPvsA77wwT
T79vKc8D2aLQL1+W6qQyhmV414woiVdt3lLteDT9kXlbrTF6woqcVnMdnChaHCMs
jqpWzT7l4TvRdX3yx/MFT/w4/wC/K0St9l7ZUtS4OJ64C5/x3yJMj3lyN/uFJ4nK
VZrp87qU5lMKPqPBhe2uP2LvmgBZDbPLJ8aud4dZFc+0S7TZojR4GyOkVJrxzq8u
Erfe2PI=
-----END CERTIFICATE-----