Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f01af30f-a0d4-4591-855e-a2af2dc9f56a.roa
File:                     f01af30f-a0d4-4591-855e-a2af2dc9f56a.roa (raw, json)
Hash identifier:          uuC05QiR/Ac35IcKpTgH77UbMG+7LRP5DCUEBfTliDg=
Subject key identifier:   0B:7C:E5:AF:1C:96:CE:90:63:5A:A4:03:48:8B:F4:6B:2B:91:77:24
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       78313F4B5B8B80ABD526CE4F848C9B5D6FA552CB
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f01af30f-a0d4-4591-855e-a2af2dc9f56a.roa
Signing time:             Tue 07 Mar 2023 00:00:00 +0000
ROA not before:           Tue 07 Mar 2023 00:00:00 +0000
ROA not after:            Fri 10 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:31:3f:4b:5b:8b:80:ab:d5:26:ce:4f:84:8c:9b:5d:6f:a5:52:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar  7 00:00:00 2023 GMT
            Not After : Mar 10 23:59:59 2023 GMT
        Subject: serialNumber=e7b9113efd195774e0a94eb846aceb0b554466ed91783b43c3ccefd6407b0222, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:c0:9a:dc:ac:a3:e6:3e:6c:a1:b5:b9:92:a1:
                    68:44:6c:ba:5d:da:01:aa:67:d0:e1:72:94:80:f4:
                    e8:71:68:24:bc:42:d4:8c:15:dd:72:77:90:82:65:
                    36:b1:a1:27:33:ab:dd:93:cd:de:78:14:21:6a:20:
                    31:bf:cb:cf:dc:ea:8d:ac:d8:4b:c4:a5:48:79:c3:
                    83:90:60:ce:04:82:37:ee:b6:2e:1e:c3:72:03:3a:
                    68:38:71:c2:4c:28:11:15:d8:08:9a:4f:73:77:f3:
                    bd:fa:8d:82:4a:23:a3:67:03:80:93:aa:3f:dc:60:
                    6a:5e:a7:49:17:ca:97:5a:94:35:bd:5d:e8:05:b9:
                    fe:cd:2b:c0:69:e4:b2:a5:f6:b1:5d:9e:2f:18:d0:
                    07:ff:e4:bb:ae:45:4c:bb:21:0b:5f:23:d3:2f:01:
                    37:f2:ea:22:61:ff:47:7b:6c:d1:73:d9:f0:fb:71:
                    9e:e4:90:8c:c4:06:33:25:6d:d2:bc:e9:d8:bd:fc:
                    69:40:ff:bc:7b:8e:75:a5:b6:89:97:03:d6:ed:9d:
                    b9:40:dd:32:1c:ae:8d:c2:4e:5f:f1:ad:37:20:bd:
                    bd:b5:25:02:5a:60:92:1d:2c:e5:85:32:ae:73:d6:
                    35:35:e8:80:48:1d:29:f8:bb:56:7a:53:ab:c4:1b:
                    2c:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:7C:E5:AF:1C:96:CE:90:63:5A:A4:03:48:8B:F4:6B:2B:91:77:24
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f01af30f-a0d4-4591-855e-a2af2dc9f56a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:a6:8e:b4:a5:3c:e0:d7:2f:5b:a9:89:cc:6c:c1:f0:be:0e:
         ed:5f:b1:86:6e:7b:0e:5a:da:c0:5b:a3:05:49:91:61:90:64:
         0a:04:b4:5d:80:fe:fd:e0:93:d6:5e:8a:7a:cd:ae:38:85:51:
         25:5f:81:e0:1e:42:65:a7:cc:b5:92:16:28:3e:41:c0:af:3a:
         ee:cd:87:b1:ee:ab:fd:bb:cd:13:04:29:21:6b:0e:e3:30:e0:
         52:63:75:1b:a6:c8:b1:57:73:a5:05:d7:25:25:c9:ec:1e:78:
         fa:5e:56:b2:7e:37:2e:fb:b5:c0:09:65:55:17:51:76:fa:8b:
         90:92:59:74:33:fc:d5:fc:ac:70:97:ff:1e:8c:8e:7f:c7:34:
         f2:90:5e:8b:6f:41:ab:ed:6e:e6:e4:6a:13:ea:33:89:31:d5:
         26:61:6e:47:64:ec:1f:48:a3:a0:a9:a8:63:b4:21:4e:b5:50:
         78:d8:22:63:68:14:e0:37:98:03:ac:b4:f6:5e:6c:b4:ba:68:
         96:07:2d:90:5d:f8:ef:0a:cb:0b:04:34:88:7d:0b:82:f5:aa:
         42:2f:7f:b1:65:10:83:2c:23:9f:4c:99:c0:27:44:08:4f:59:
         06:fd:32:ba:3f:21:d8:d7:7d:c7:ee:a8:44:69:00:3b:b2:31:
         cb:e3:ff:95
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUeDE/S1uLgKvVJs5PhIybXW+lUsswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzA3MDAwMDAwWhcNMjMwMzEwMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZTdiOTExM2VmZDE5NTc3NGUwYTk0ZWI4NDZhY2ViMGI1
NTQ0NjZlZDkxNzgzYjQzYzNjY2VmZDY0MDdiMDIyMjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAK/Amtyso+Y+bKG1uZKhaERsul3aAapn0OFylID06HFoJLxC1IwV
3XJ3kIJlNrGhJzOr3ZPN3ngUIWogMb/Lz9zqjazYS8SlSHnDg5BgzgSCN+62Lh7D
cgM6aDhxwkwoERXYCJpPc3fzvfqNgkojo2cDgJOqP9xgal6nSRfKl1qUNb1d6AW5
/s0rwGnksqX2sV2eLxjQB//ku65FTLshC18j0y8BN/LqImH/R3ts0XPZ8PtxnuSQ
jMQGMyVt0rzp2L38aUD/vHuOdaW2iZcD1u2duUDdMhyujcJOX/GtNyC9vbUlAlpg
kh0s5YUyrnPWNTXogEgdKfi7VnpTq8QbLK0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQLfOWvHJbOkGNapANIi/RrK5F3JDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZjAxYWYzMGYtYTBkNC00NTkxLTg1NWUtYTJhZjJkYzlmNTZhLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABqmjrSlPODXL1up
icxswfC+Du1fsYZuew5a2sBbowVJkWGQZAoEtF2A/v3gk9ZeinrNrjiFUSVfgeAe
QmWnzLWSFig+QcCvOu7Nh7Huq/27zRMEKSFrDuMw4FJjdRumyLFXc6UF1yUlyewe
ePpeVrJ+Ny77tcAJZVUXUXb6i5CSWXQz/NX8rHCX/x6Mjn/HNPKQXotvQavtbubk
ahPqM4kx1SZhbkdk7B9Io6CpqGO0IU61UHjYImNoFOA3mAOstPZebLS6aJYHLZBd
+O8KywsENIh9C4L1qkIvf7FlEIMsI59MmcAnRAhPWQb9Mro/IdjXfcfuqERpADuy
Mcvj/5U=
-----END CERTIFICATE-----