Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e45f17c9-e42a-4903-9c55-e2809096e1b7.roa
File:                     e45f17c9-e42a-4903-9c55-e2809096e1b7.roa (raw, json)
Hash identifier:          RvioDPKO5J9aYs7x52N93Go4ym0BpkM42DTHxbmjloA=
Subject key identifier:   DB:1D:4B:36:B9:23:6C:86:3C:A5:F8:8C:4B:57:F0:8A:D8:01:64:8B
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       0BB25E0CFC9CD2A0E005D2CC52A6A10A858B1264
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e45f17c9-e42a-4903-9c55-e2809096e1b7.roa
Signing time:             Mon 27 Feb 2023 00:00:00 +0000
ROA not before:           Mon 27 Feb 2023 00:00:00 +0000
ROA not after:            Thu 02 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:b2:5e:0c:fc:9c:d2:a0:e0:05:d2:cc:52:a6:a1:0a:85:8b:12:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 27 00:00:00 2023 GMT
            Not After : Mar  2 23:59:59 2023 GMT
        Subject: serialNumber=e7e9ea6559a5d7082f4654700927d16e985191754e5937608b58ec8b1d84f65d, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:1e:6e:b5:e5:5f:cd:b3:22:50:48:5a:2b:10:
                    b4:96:8a:36:fd:8c:e4:cc:f6:f1:96:3f:9f:98:3e:
                    d1:65:48:df:6f:e0:a2:7f:9f:88:ca:20:f2:c0:37:
                    18:b6:c1:8d:6d:fc:d5:14:40:e1:93:41:b1:0c:e9:
                    cd:3f:fd:f5:34:13:92:5e:85:b4:67:e9:48:bc:08:
                    70:b5:f4:ed:ef:e6:53:1e:fb:64:2b:e4:70:4d:88:
                    d5:1f:34:40:88:88:ed:d6:8e:25:93:80:ee:44:75:
                    f7:8b:a4:f6:dc:64:ba:2a:07:68:0b:b5:9e:4b:fc:
                    8c:65:b5:d4:54:0f:fa:bb:98:3c:f7:9c:c5:a8:80:
                    2e:96:d7:c0:8e:25:e1:9a:5b:44:3c:ad:54:d3:74:
                    84:72:bd:44:6c:33:ff:f9:db:c5:38:24:38:b7:3d:
                    dc:7c:fc:4f:a5:c4:e5:a9:cf:28:f6:26:48:08:26:
                    1a:13:63:b2:24:7c:fe:d9:bd:87:02:a6:04:aa:79:
                    e7:9f:62:82:82:78:e4:0e:c1:0a:c7:88:d8:07:82:
                    1f:52:3e:5c:4b:95:17:4a:59:ea:a7:0c:60:d0:e9:
                    9d:e9:4b:71:af:99:ea:1f:55:96:ec:72:dd:0d:e4:
                    32:a7:16:31:b3:88:61:81:24:29:14:6f:db:a4:40:
                    1e:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:1D:4B:36:B9:23:6C:86:3C:A5:F8:8C:4B:57:F0:8A:D8:01:64:8B
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/e45f17c9-e42a-4903-9c55-e2809096e1b7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:5a:8f:be:a7:55:93:9c:8b:62:69:2f:2f:df:49:f7:82:42:
         fa:c8:bf:08:ff:04:ca:bf:57:6d:77:48:74:6a:7e:14:23:83:
         95:64:a1:ef:32:b2:d4:c3:b7:3f:0f:c7:3f:4a:5b:e6:43:73:
         84:d5:d7:2f:31:23:4c:29:a3:ca:9d:33:f8:20:4b:d5:83:6b:
         df:90:32:ca:d9:f1:2a:b0:47:06:14:77:ce:4e:c8:bd:9e:a6:
         54:92:eb:0d:48:3a:a1:20:74:1a:77:06:08:43:44:5c:77:e4:
         2d:ef:96:8f:e1:0e:91:3b:af:c5:e4:b5:0b:5f:66:db:bd:a5:
         46:27:b7:f9:3f:0f:1d:5d:fe:ed:ce:4e:cf:46:64:fd:d9:e0:
         88:49:7b:d1:10:2e:9d:f5:e9:b7:21:a9:49:08:56:38:9c:d5:
         7d:1e:cf:39:ce:a5:5c:a6:ee:04:45:c8:9c:c4:e1:ea:18:c8:
         96:82:0a:6c:32:ad:82:52:33:2b:08:db:af:a0:2d:a4:63:53:
         18:bb:08:a2:1c:99:ca:d9:c8:67:24:b6:e8:0d:22:26:20:b6:
         47:0b:cb:8c:69:66:2c:97:49:8f:42:a2:d5:9b:ae:46:e5:1b:
         d8:83:1d:cb:f2:25:a6:9a:4a:71:b5:68:a5:42:d7:60:30:18:
         7f:65:9b:26
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUC7JeDPyc0qDgBdLMUqahCoWLEmQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjI3MDAwMDAwWhcNMjMwMzAyMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZTdlOWVhNjU1OWE1ZDcwODJmNDY1NDcwMDkyN2QxNmU5
ODUxOTE3NTRlNTkzNzYwOGI1OGVjOGIxZDg0ZjY1ZDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANwebrXlX82zIlBIWisQtJaKNv2M5Mz28ZY/n5g+0WVI32/gon+f
iMog8sA3GLbBjW381RRA4ZNBsQzpzT/99TQTkl6FtGfpSLwIcLX07e/mUx77ZCvk
cE2I1R80QIiI7daOJZOA7kR194uk9txkuioHaAu1nkv8jGW11FQP+ruYPPecxaiA
LpbXwI4l4ZpbRDytVNN0hHK9RGwz//nbxTgkOLc93Hz8T6XE5anPKPYmSAgmGhNj
siR8/tm9hwKmBKp5559igoJ45A7BCseI2AeCH1I+XEuVF0pZ6qcMYNDpnelLca+Z
6h9Vluxy3Q3kMqcWMbOIYYEkKRRv26RAHpECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTbHUs2uSNshjyl+IxLV/CK2AFkizAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZTQ1ZjE3YzktZTQyYS00OTAzLTljNTUtZTI4MDkwOTZlMWI3LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAB5aj76nVZOci2Jp
Ly/fSfeCQvrIvwj/BMq/V213SHRqfhQjg5Vkoe8ystTDtz8Pxz9KW+ZDc4TV1y8x
I0wpo8qdM/ggS9WDa9+QMsrZ8SqwRwYUd85OyL2eplSS6w1IOqEgdBp3BghDRFx3
5C3vlo/hDpE7r8XktQtfZtu9pUYnt/k/Dx1d/u3OTs9GZP3Z4IhJe9EQLp316bch
qUkIVjic1X0ezznOpVym7gRFyJzE4eoYyJaCCmwyrYJSMysI26+gLaRjUxi7CKIc
mcrZyGcktugNIiYgtkcLy4xpZiyXSY9CotWbrkblG9iDHcvyJaaaSnG1aKVC12Aw
GH9lmyY=
-----END CERTIFICATE-----