Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e1b02be5-a9df-4629-a2c2-6f5ab96ab762.roa
File:                     e1b02be5-a9df-4629-a2c2-6f5ab96ab762.roa (raw, json)
Hash identifier:          tdPeZCiCZxMqmQtjMivY3O3CjbxJ57AfxS+msXv767M=
Subject key identifier:   BB:AB:FD:4A:4C:FA:BC:93:8A:E3:03:73:36:BA:05:B3:0A:E0:4B:E3
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       33DB8AFEDFE0BD14D81E27B998B4F7B73331BFE2
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e1b02be5-a9df-4629-a2c2-6f5ab96ab762.roa
Signing time:             Fri 14 Apr 2023 00:00:00 +0000
ROA not before:           Fri 14 Apr 2023 00:00:00 +0000
ROA not after:            Mon 17 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:db:8a:fe:df:e0:bd:14:d8:1e:27:b9:98:b4:f7:b7:33:31:bf:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 14 00:00:00 2023 GMT
            Not After : Apr 17 23:59:59 2023 GMT
        Subject: serialNumber=af120b18b36333c5877a7170893918d9630453c88303339a038d73f6bd54e617, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:b2:73:aa:39:65:a4:46:8d:ea:70:48:d8:95:
                    f8:76:28:fb:12:e9:51:75:e5:c2:7f:88:75:c8:72:
                    ae:c0:53:d5:69:c6:18:74:2f:78:3e:c8:f8:e9:f5:
                    04:bd:b5:4b:27:e1:24:bf:b1:ce:ef:0b:1a:4e:06:
                    f5:8b:07:40:6b:0b:84:ac:6c:31:e5:05:a1:32:d6:
                    0c:bc:05:3b:4e:10:be:8e:58:c2:a0:52:24:a3:ef:
                    25:99:f4:20:27:d1:53:d4:bd:07:d7:17:f5:9e:9b:
                    94:26:f3:3c:1f:b7:e2:bb:7e:df:11:e3:44:fc:66:
                    75:a0:ad:14:d3:7c:97:c3:49:77:d1:d2:07:1f:39:
                    89:67:33:78:4e:53:fc:f8:02:c3:ed:4e:41:3b:ae:
                    0f:d2:6c:30:7f:a3:ea:b9:69:22:c6:8d:c9:e5:53:
                    da:c6:12:84:ca:0e:91:6f:0f:10:14:c9:c4:c6:e3:
                    7b:b4:5f:0a:5c:47:d6:26:6f:68:21:a6:b3:36:60:
                    39:e1:22:d7:c8:c5:00:6c:b4:9f:e3:2a:46:c9:ad:
                    74:4d:02:0e:de:16:ca:27:3e:5b:cc:42:34:4b:b7:
                    6d:e3:1c:74:ff:cf:47:d7:54:05:c8:32:e1:68:22:
                    a0:bb:14:3e:ff:a6:d7:6b:e9:d6:64:90:43:2c:f3:
                    fa:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:AB:FD:4A:4C:FA:BC:93:8A:E3:03:73:36:BA:05:B3:0A:E0:4B:E3
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e1b02be5-a9df-4629-a2c2-6f5ab96ab762.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:fd:65:95:a5:63:9f:0e:1a:86:08:1f:64:da:8d:27:9b:f4:
         e9:75:e3:63:98:2f:ec:37:4e:02:38:7f:0d:85:4a:89:6d:98:
         a8:66:36:82:f9:4d:95:b7:46:14:ba:cb:79:a5:cc:8a:44:d3:
         b1:e1:c6:d9:8e:b2:c6:01:f8:b6:28:5c:a2:61:67:05:ac:58:
         5d:52:4c:cb:e9:48:93:51:82:c6:ca:4f:14:0b:19:05:ad:e9:
         7e:d5:9d:43:33:60:45:0a:06:18:f2:e2:cf:99:40:ee:54:26:
         55:67:6d:3f:cd:aa:7c:d8:ba:b0:9d:ad:4c:e5:9b:7f:d1:4c:
         70:4d:6a:4c:b9:0a:13:62:ba:c2:88:bb:9f:16:7f:45:4b:ff:
         c3:7a:e4:e8:dd:91:80:b2:f7:a1:02:56:9f:f1:e5:61:22:8a:
         d1:64:00:e4:29:19:6d:2e:fb:4d:98:75:76:eb:9c:57:34:fc:
         96:7b:74:9e:a6:48:97:6e:05:be:4b:f3:0d:7b:72:31:42:4a:
         68:09:fb:64:fd:4b:33:bf:b8:e8:45:f9:17:b8:b6:de:de:53:
         54:40:22:1c:4a:18:0f:69:65:d4:06:76:0a:d1:cf:fe:21:91:
         a4:a7:60:15:20:b6:09:6b:5e:02:8d:72:25:d1:17:c7:5c:89:
         aa:39:10:3c
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUM9uK/t/gvRTYHie5mLT3tzMxv+IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDE0MDAwMDAwWhcNMjMwNDE3MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYWYxMjBiMThiMzYzMzNjNTg3N2E3MTcwODkzOTE4ZDk2
MzA0NTNjODgzMDMzMzlhMDM4ZDczZjZiZDU0ZTYxNzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALGyc6o5ZaRGjepwSNiV+HYo+xLpUXXlwn+IdchyrsBT1WnGGHQv
eD7I+On1BL21SyfhJL+xzu8LGk4G9YsHQGsLhKxsMeUFoTLWDLwFO04Qvo5YwqBS
JKPvJZn0ICfRU9S9B9cX9Z6blCbzPB+34rt+3xHjRPxmdaCtFNN8l8NJd9HSBx85
iWczeE5T/PgCw+1OQTuuD9JsMH+j6rlpIsaNyeVT2sYShMoOkW8PEBTJxMbje7Rf
ClxH1iZvaCGmszZgOeEi18jFAGy0n+MqRsmtdE0CDt4Wyic+W8xCNEu3beMcdP/P
R9dUBcgy4WgioLsUPv+m12vp1mSQQyzz+lUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBS7q/1KTPq8k4rjA3M2ugWzCuBL4zAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZTFiMDJiZTUtYTlkZi00NjI5LWEyYzItNmY1YWI5NmFiNzYyLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAA39ZZWlY58OGoYI
H2TajSeb9Ol142OYL+w3TgI4fw2FSoltmKhmNoL5TZW3RhS6y3mlzIpE07HhxtmO
ssYB+LYoXKJhZwWsWF1STMvpSJNRgsbKTxQLGQWt6X7VnUMzYEUKBhjy4s+ZQO5U
JlVnbT/NqnzYurCdrUzlm3/RTHBNaky5ChNiusKIu58Wf0VL/8N65OjdkYCy96EC
Vp/x5WEiitFkAOQpGW0u+02YdXbrnFc0/JZ7dJ6mSJduBb5L8w17cjFCSmgJ+2T9
SzO/uOhF+Re4tt7eU1RAIhxKGA9pZdQGdgrRz/4hkaSnYBUgtglrXgKNciXRF8dc
iao5EDw=
-----END CERTIFICATE-----