Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f2ccfd0c-49eb-486e-a1e2-782cb2266f7b.roa
File:                     f2ccfd0c-49eb-486e-a1e2-782cb2266f7b.roa (raw, json)
Hash identifier:          pBiGdbPtwVcc/jaNQGbra+7Wd0hThcARRIvfZ9kv/c0=
Subject key identifier:   FB:7B:28:7A:A4:4B:AB:29:A6:5A:B9:4A:52:C6:52:94:A7:6F:FB:AA
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       29E514DADE546ECF5AB2CFD7128129CF79010127
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f2ccfd0c-49eb-486e-a1e2-782cb2266f7b.roa
Signing time:             Sun 12 Feb 2023 00:00:00 +0000
ROA not before:           Sun 12 Feb 2023 00:00:00 +0000
ROA not after:            Wed 15 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:e5:14:da:de:54:6e:cf:5a:b2:cf:d7:12:81:29:cf:79:01:01:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 12 00:00:00 2023 GMT
            Not After : Feb 15 23:59:59 2023 GMT
        Subject: serialNumber=d89e104c9548b053400e555a6e197ee72b4f403f99bf66a41078751f37fc0d4f, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:af:b2:07:1a:5d:52:b8:00:d5:ed:45:f4:c4:
                    10:e0:18:9d:da:02:e0:50:ce:f2:f9:f1:31:c8:f1:
                    72:d0:5f:81:17:40:4b:b3:cd:7b:bc:95:98:50:7b:
                    13:e0:75:ef:6a:75:b7:38:fd:db:7d:37:e1:dd:49:
                    25:8c:b4:08:9a:f5:f3:f4:0e:de:64:6b:54:f8:35:
                    95:42:cd:4b:c0:a6:be:4d:02:23:c0:67:60:62:5e:
                    2b:a3:ec:31:c3:18:5a:1c:6c:47:43:7c:7f:50:c4:
                    c8:29:cb:17:ba:7f:69:43:08:c9:5a:c3:bb:a2:e0:
                    2f:62:33:af:53:ec:0b:46:f8:3b:13:2d:e5:a4:c9:
                    ff:57:9e:e4:da:20:62:52:31:fa:0e:0f:36:1f:a3:
                    cb:e7:04:e8:84:07:66:15:22:d4:68:9f:a0:00:e1:
                    8a:37:b0:86:93:71:af:0d:a2:49:6c:6e:a0:d1:d1:
                    d4:37:1f:a4:57:18:85:2c:64:b7:c7:f5:79:69:9f:
                    32:d2:14:15:27:48:e5:db:d4:f9:cf:57:a3:e0:70:
                    76:09:b9:9f:92:ea:3b:99:14:b9:dc:e2:b4:90:34:
                    cf:64:b1:af:bc:49:5c:89:5a:63:a9:c3:65:47:ae:
                    3a:a1:e9:0e:31:62:6b:34:c0:31:d9:62:f4:25:06:
                    98:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:7B:28:7A:A4:4B:AB:29:A6:5A:B9:4A:52:C6:52:94:A7:6F:FB:AA
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f2ccfd0c-49eb-486e-a1e2-782cb2266f7b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c5:ef:6c:96:42:dd:3c:aa:e1:27:4e:36:14:06:a3:53:58:aa:
         38:4d:2f:d9:18:14:b9:d6:7e:46:ed:0b:14:d3:cc:21:49:00:
         ee:81:d5:92:ba:1d:a1:29:ce:8b:d0:37:5d:b1:7e:db:34:0c:
         8b:f1:b1:6c:50:a1:f4:4c:c2:34:9d:10:bc:d8:e2:92:18:74:
         ec:dc:68:63:ba:85:b6:fb:c3:ed:50:b2:bb:9d:1b:48:2c:ab:
         e5:67:0f:ca:95:33:c1:09:f3:8c:d3:88:bd:c6:51:03:36:b5:
         86:39:44:e0:58:ef:de:c5:f1:e7:21:0a:90:d4:a4:9b:a1:9d:
         1a:f7:8b:a6:ee:f2:0b:b7:c1:6c:ee:12:29:71:93:54:f9:18:
         c7:a9:0d:ea:55:56:e5:e3:4e:a5:8f:93:ec:6b:38:38:4b:f8:
         47:e6:9c:13:da:38:c5:37:2a:d6:4a:2c:69:45:dd:9a:ca:53:
         ea:a1:fa:d6:16:ab:d6:fb:e7:fa:75:6a:24:fd:3e:27:93:df:
         20:e1:8f:3f:51:f1:ce:62:0f:bd:56:75:d4:a1:da:15:06:b1:
         d3:e8:7e:9f:92:67:5e:74:9c:da:85:d8:e7:24:18:db:cc:38:
         6d:4c:4f:9e:e1:30:e0:9e:c6:27:c5:ec:8a:66:b7:fb:4a:f7:
         1a:70:d3:1f
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUKeUU2t5Ubs9ass/XEoEpz3kBAScwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjEyMDAwMDAwWhcNMjMwMjE1MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZDg5ZTEwNGM5NTQ4YjA1MzQwMGU1NTVhNmUxOTdlZTcy
YjRmNDAzZjk5YmY2NmE0MTA3ODc1MWYzN2ZjMGQ0ZjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKWvsgcaXVK4ANXtRfTEEOAYndoC4FDO8vnxMcjxctBfgRdAS7PN
e7yVmFB7E+B172p1tzj923034d1JJYy0CJr18/QO3mRrVPg1lULNS8Cmvk0CI8Bn
YGJeK6PsMcMYWhxsR0N8f1DEyCnLF7p/aUMIyVrDu6LgL2Izr1PsC0b4OxMt5aTJ
/1ee5NogYlIx+g4PNh+jy+cE6IQHZhUi1GifoADhijewhpNxrw2iSWxuoNHR1Dcf
pFcYhSxkt8f1eWmfMtIUFSdI5dvU+c9Xo+Bwdgm5n5LqO5kUudzitJA0z2Sxr7xJ
XIlaY6nDZUeuOqHpDjFiazTAMdli9CUGmNECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBT7eyh6pEurKaZauUpSxlKUp2/7qjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZjJjY2ZkMGMtNDllYi00ODZlLWExZTItNzgyY2IyMjY2ZjdiLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAMXvbJZC3Tyq4SdO
NhQGo1NYqjhNL9kYFLnWfkbtCxTTzCFJAO6B1ZK6HaEpzovQN12xfts0DIvxsWxQ
ofRMwjSdELzY4pIYdOzcaGO6hbb7w+1QsrudG0gsq+VnD8qVM8EJ84zTiL3GUQM2
tYY5ROBY797F8echCpDUpJuhnRr3i6bu8gu3wWzuEilxk1T5GMepDepVVuXjTqWP
k+xrODhL+EfmnBPaOMU3KtZKLGlF3ZrKU+qh+tYWq9b75/p1aiT9PieT3yDhjz9R
8c5iD71WddSh2hUGsdPofp+SZ150nNqF2OckGNvMOG1MT57hMOCexifF7Ipmt/tK
9xpw0x8=
-----END CERTIFICATE-----