Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/ef9d1c67-a968-4828-95f3-2abe1bd3f261.roa
File:                     ef9d1c67-a968-4828-95f3-2abe1bd3f261.roa (raw, json)
Hash identifier:          Q13mscHN2ywengCWC6DusZaIQiXjATVVVfE0MA9asHk=
Subject key identifier:   50:5C:7E:B0:4A:FB:49:50:8C:5C:3D:AC:BE:26:12:A9:66:3C:F6:34
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       53CC810DA8841BF9A653E090E5BFD086042E85E1
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/ef9d1c67-a968-4828-95f3-2abe1bd3f261.roa
Signing time:             Wed 08 Mar 2023 00:00:00 +0000
ROA not before:           Wed 08 Mar 2023 00:00:00 +0000
ROA not after:            Sat 11 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:cc:81:0d:a8:84:1b:f9:a6:53:e0:90:e5:bf:d0:86:04:2e:85:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar  8 00:00:00 2023 GMT
            Not After : Mar 11 23:59:59 2023 GMT
        Subject: serialNumber=05ee774f03f4adc2947fa8d123eb67427f7d8c652845bc8e6305ee99ceb43a9e, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:27:b4:2c:a0:e0:57:e1:96:5b:0c:0e:38:01:
                    53:05:54:90:f0:ee:35:28:92:2f:37:be:f0:96:4b:
                    03:d9:68:51:a6:dc:01:76:5c:8e:f6:60:1e:86:9b:
                    d1:c4:04:33:8b:e8:c7:13:fe:a5:e2:ee:02:5c:7b:
                    7b:e3:85:c1:88:13:db:30:cd:24:33:da:f8:33:74:
                    5f:15:f5:2c:21:37:b5:7f:27:cf:f9:cf:b0:b5:41:
                    e9:9b:93:c8:1f:07:e9:29:c5:f5:31:01:41:d7:d9:
                    37:f5:8d:49:84:7b:8b:09:f2:80:23:9c:43:51:2f:
                    56:ad:bb:ea:9b:fc:fe:9b:00:e6:77:75:3f:7d:3e:
                    82:df:6c:70:78:e2:8e:25:39:02:dd:d6:51:09:cf:
                    ca:3c:bc:f7:8f:c9:74:21:70:af:e6:af:c2:73:22:
                    ba:a1:b4:17:ae:4a:fe:30:3d:88:1b:93:da:6b:fa:
                    66:73:85:1c:61:dd:23:64:26:92:32:b9:98:1d:46:
                    fd:91:5e:a6:eb:80:04:ed:b7:68:c8:93:3b:89:30:
                    67:53:f4:8d:6d:21:62:5a:3c:82:0d:61:10:d5:44:
                    a1:3e:fa:1d:2a:5f:51:3f:04:1c:63:a8:5b:b0:64:
                    0b:fe:51:d5:97:fa:dc:26:cc:63:80:29:c5:24:ff:
                    b7:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:5C:7E:B0:4A:FB:49:50:8C:5C:3D:AC:BE:26:12:A9:66:3C:F6:34
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/ef9d1c67-a968-4828-95f3-2abe1bd3f261.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:c9:b6:01:f9:b9:c6:a8:a1:dc:5a:97:c6:f0:30:91:7d:a3:
         0b:92:0b:07:32:30:e8:50:79:22:29:30:58:d2:6a:db:b0:cc:
         18:ef:dc:fa:52:c1:c3:19:77:88:59:b5:aa:3a:f3:fe:60:fb:
         31:3c:93:f9:e0:2d:ee:a1:6a:9d:5d:ca:e3:06:81:da:96:56:
         e6:26:1d:fc:fd:5c:2d:0a:16:06:a4:78:a7:0c:91:d6:51:f9:
         28:98:6d:d4:16:aa:6b:5d:80:f6:45:75:c2:a9:7c:c3:20:3e:
         3f:da:66:4b:2b:35:d3:a9:80:f2:73:76:15:b1:27:1b:72:cc:
         4e:59:df:a0:cb:23:e2:d8:8c:fe:f7:5c:2e:39:1e:db:20:c8:
         f3:e9:b6:56:4a:76:28:9a:33:5c:fd:9f:e0:1e:61:7f:97:e4:
         70:db:c6:90:98:bb:cc:8a:6a:28:68:38:dd:e2:d4:68:e8:62:
         a9:e8:78:81:21:f7:69:48:b8:76:06:a8:15:a6:0d:a7:32:62:
         72:c5:59:17:89:62:98:0b:5b:de:96:a5:d0:a3:8e:0a:71:6d:
         32:61:a3:6f:2b:07:89:75:90:7c:e8:51:8a:5b:a5:90:ae:ce:
         83:d1:00:62:d9:ad:7e:84:e7:4a:84:67:db:b1:08:90:d7:93:
         0c:33:3d:e8
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUU8yBDaiEG/mmU+CQ5b/QhgQuheEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzA4MDAwMDAwWhcNMjMwMzExMjM1OTU5
WjCBpTFJMEcGA1UEBRNAMDVlZTc3NGYwM2Y0YWRjMjk0N2ZhOGQxMjNlYjY3NDI3
ZjdkOGM2NTI4NDViYzhlNjMwNWVlOTljZWI0M2E5ZTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANwntCyg4FfhllsMDjgBUwVUkPDuNSiSLze+8JZLA9loUabcAXZc
jvZgHoab0cQEM4voxxP+peLuAlx7e+OFwYgT2zDNJDPa+DN0XxX1LCE3tX8nz/nP
sLVB6ZuTyB8H6SnF9TEBQdfZN/WNSYR7iwnygCOcQ1EvVq276pv8/psA5nd1P30+
gt9scHjijiU5At3WUQnPyjy894/JdCFwr+avwnMiuqG0F65K/jA9iBuT2mv6ZnOF
HGHdI2QmkjK5mB1G/ZFepuuABO23aMiTO4kwZ1P0jW0hYlo8gg1hENVEoT76HSpf
UT8EHGOoW7BkC/5R1Zf63CbMY4ApxST/twkCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRQXH6wSvtJUIxcPay+JhKpZjz2NDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZWY5ZDFjNjctYTk2OC00ODI4LTk1ZjMtMmFiZTFiZDNmMjYxLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAD/JtgH5ucaoodxa
l8bwMJF9owuSCwcyMOhQeSIpMFjSatuwzBjv3PpSwcMZd4hZtao68/5g+zE8k/ng
Le6hap1dyuMGgdqWVuYmHfz9XC0KFgakeKcMkdZR+SiYbdQWqmtdgPZFdcKpfMMg
Pj/aZksrNdOpgPJzdhWxJxtyzE5Z36DLI+LYjP73XC45HtsgyPPptlZKdiiaM1z9
n+AeYX+X5HDbxpCYu8yKaihoON3i1GjoYqnoeIEh92lIuHYGqBWmDacyYnLFWReJ
YpgLW96WpdCjjgpxbTJho28rB4l1kHzoUYpbpZCuzoPRAGLZrX6E50qEZ9uxCJDX
kwwzPeg=
-----END CERTIFICATE-----