Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f18f758c-f9d3-4b26-9979-c6083b3e1e45.roa
File:                     f18f758c-f9d3-4b26-9979-c6083b3e1e45.roa (raw, json)
Hash identifier:          xt5hyTD9XwCwmFHgRV7lBzMVQVSIUW4UAS5XkNIG/QQ=
Subject key identifier:   03:76:83:F2:7F:DD:72:DD:56:5B:B2:74:A6:5C:B3:33:C8:21:85:DA
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       607DA3AD562A46F7BC49DCAD85FC2EE77C5FDE90
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f18f758c-f9d3-4b26-9979-c6083b3e1e45.roa
Signing time:             Thu 16 Feb 2023 00:00:00 +0000
ROA not before:           Thu 16 Feb 2023 00:00:00 +0000
ROA not after:            Sun 19 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:7d:a3:ad:56:2a:46:f7:bc:49:dc:ad:85:fc:2e:e7:7c:5f:de:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 16 00:00:00 2023 GMT
            Not After : Feb 19 23:59:59 2023 GMT
        Subject: serialNumber=b0347b6c87834bf5d67d6480bd0fa53c2dd8249ee55d0421d47a1ed08558ab39, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:c8:e5:ec:d4:7a:7b:5e:2d:ed:1e:19:a5:99:
                    94:b8:d7:fd:c5:e6:25:ef:85:d2:8f:1e:1c:a2:f4:
                    90:49:5d:a0:28:c1:b5:9e:8a:90:f5:54:85:af:94:
                    88:98:65:18:d5:5d:8a:aa:b6:96:e2:dc:b6:3e:a4:
                    40:19:a2:ab:08:e5:b4:c4:3e:65:3e:0e:6d:d1:c5:
                    6e:c6:3a:5c:88:29:f4:be:63:c3:49:31:16:8f:b6:
                    d1:e1:6f:1c:35:9a:8c:de:08:be:cf:b5:ac:55:a0:
                    dd:a5:3e:ad:ed:57:09:d1:51:17:ae:e0:ff:d8:24:
                    c2:cb:92:b0:ee:4f:03:0d:77:ad:dd:78:ef:97:f1:
                    f1:7c:32:12:95:c2:0f:8e:35:9f:f0:4d:44:4f:65:
                    ab:0a:9b:44:2d:88:b1:97:3e:27:77:36:59:b5:bb:
                    0e:e8:5a:80:7e:03:2b:21:f5:dc:3d:a4:cb:03:5f:
                    d1:33:d2:0a:54:e0:a9:ba:a0:cc:d0:33:ce:fa:f4:
                    6e:82:8b:5b:80:24:9e:2c:9a:8f:8e:92:03:79:b9:
                    a4:0c:3d:68:36:a9:4d:f7:94:36:4a:b7:74:ec:ca:
                    03:a4:80:1d:4b:f7:c4:81:77:c2:1c:30:75:d1:a0:
                    fc:2f:be:4a:4e:0c:b0:e9:c0:6c:a6:c5:7c:7a:35:
                    4a:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:76:83:F2:7F:DD:72:DD:56:5B:B2:74:A6:5C:B3:33:C8:21:85:DA
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f18f758c-f9d3-4b26-9979-c6083b3e1e45.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:2a:9b:ee:32:e7:b6:ef:60:91:96:e9:b6:2c:8c:4b:72:8f:
         e1:dc:e6:9b:0a:2d:fe:46:c5:b9:22:c7:15:8b:05:30:04:5d:
         67:75:05:11:df:f6:98:62:ba:c1:d7:05:5f:c3:a0:32:ed:b9:
         a9:23:47:94:59:49:72:fa:fc:69:71:6e:28:de:9e:66:4a:64:
         0b:90:83:1f:8f:99:fb:72:6d:aa:55:17:8d:e7:52:45:35:c8:
         44:99:7f:12:a6:db:3d:1c:fd:41:a1:6a:8c:d5:30:1e:8d:3c:
         9e:dc:7a:01:8e:3c:75:d9:46:3e:1a:be:7e:89:e5:0b:83:d3:
         0e:08:2d:92:b4:27:bf:11:94:0b:c8:e1:4a:ad:77:df:d2:b8:
         a8:85:b8:b8:d7:c8:d3:0a:34:83:d9:01:c1:a2:ab:93:d0:db:
         da:66:16:62:64:5a:ce:34:d3:37:af:27:3c:be:bc:61:44:68:
         a9:28:ba:35:64:2a:99:12:4c:e8:c5:aa:c3:c0:c0:3e:1a:2c:
         80:4d:b6:fc:cb:16:62:95:8d:84:0b:70:6f:7a:9a:29:a6:0a:
         28:92:5a:cb:ca:7f:24:15:54:b6:c7:0a:c2:ff:c0:75:0b:fa:
         13:d1:de:ad:f7:63:88:61:29:36:ef:e3:89:0e:1d:69:75:8c:
         d6:c4:4c:a9
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUYH2jrVYqRve8Sdythfwu53xf3pAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjE2MDAwMDAwWhcNMjMwMjE5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYjAzNDdiNmM4NzgzNGJmNWQ2N2Q2NDgwYmQwZmE1M2My
ZGQ4MjQ5ZWU1NWQwNDIxZDQ3YTFlZDA4NTU4YWIzOTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANPI5ezUenteLe0eGaWZlLjX/cXmJe+F0o8eHKL0kEldoCjBtZ6K
kPVUha+UiJhlGNVdiqq2luLctj6kQBmiqwjltMQ+ZT4ObdHFbsY6XIgp9L5jw0kx
Fo+20eFvHDWajN4Ivs+1rFWg3aU+re1XCdFRF67g/9gkwsuSsO5PAw13rd1475fx
8XwyEpXCD441n/BNRE9lqwqbRC2IsZc+J3c2WbW7DuhagH4DKyH13D2kywNf0TPS
ClTgqbqgzNAzzvr0boKLW4Akniyaj46SA3m5pAw9aDapTfeUNkq3dOzKA6SAHUv3
xIF3whwwddGg/C++Sk4MsOnAbKbFfHo1SmUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQDdoPyf91y3VZbsnSmXLMzyCGF2jAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZjE4Zjc1OGMtZjlkMy00YjI2LTk5NzktYzYwODNiM2UxZTQ1LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAIqm+4y57bvYJGW
6bYsjEtyj+Hc5psKLf5GxbkixxWLBTAEXWd1BRHf9phiusHXBV/DoDLtuakjR5RZ
SXL6/GlxbijenmZKZAuQgx+PmftybapVF43nUkU1yESZfxKm2z0c/UGhaozVMB6N
PJ7cegGOPHXZRj4avn6J5QuD0w4ILZK0J78RlAvI4Uqtd9/SuKiFuLjXyNMKNIPZ
AcGiq5PQ29pmFmJkWs400zevJzy+vGFEaKkoujVkKpkSTOjFqsPAwD4aLIBNtvzL
FmKVjYQLcG96mimmCiiSWsvKfyQVVLbHCsL/wHUL+hPR3q33Y4hhKTbv44kOHWl1
jNbETKk=
-----END CERTIFICATE-----