Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f458da60-384f-4a83-9f17-b32ebd32d7e2.roa
File:                     f458da60-384f-4a83-9f17-b32ebd32d7e2.roa (raw, json)
Hash identifier:          i1v3wPKIV7LRLeAKV8kIE1TtjE0JgDzVU7IYkS3ZhBU=
Subject key identifier:   5B:2B:E5:E1:49:0E:C1:95:D9:1A:DE:07:DD:2F:41:20:55:40:BB:11
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       7DBCC0AA15A7974DAE7D4DB8A263444A81B831DC
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f458da60-384f-4a83-9f17-b32ebd32d7e2.roa
Signing time:             Mon 10 Apr 2023 00:00:00 +0000
ROA not before:           Mon 10 Apr 2023 00:00:00 +0000
ROA not after:            Thu 13 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:bc:c0:aa:15:a7:97:4d:ae:7d:4d:b8:a2:63:44:4a:81:b8:31:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 10 00:00:00 2023 GMT
            Not After : Apr 13 23:59:59 2023 GMT
        Subject: serialNumber=e7f3acbffdbb36cb4dba806b88943fb04f9161ded0625e9eda1480bcd7474700, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:40:9e:ac:1e:d6:ec:0a:8a:d1:ef:0e:ca:04:
                    2d:76:54:0c:b6:b2:75:04:76:f6:b3:92:70:0e:ff:
                    4e:79:93:9a:4d:07:2f:a6:69:4d:db:67:28:67:88:
                    a0:0c:1e:19:32:b8:93:f8:95:2e:95:13:4c:42:b9:
                    bd:28:da:c1:f5:93:41:3c:77:93:4f:75:d5:2f:95:
                    27:df:29:a2:99:79:ac:ec:fa:2f:b4:da:d5:5d:da:
                    af:cf:b0:1e:fa:0b:5b:64:c7:c3:1f:c7:62:a7:72:
                    49:e1:bd:6a:d6:5f:8a:2b:bf:38:0b:76:a1:f9:c1:
                    34:69:84:34:af:cc:74:a7:7d:98:a2:ac:8d:82:c2:
                    6d:6a:88:78:29:22:79:1b:44:d9:85:63:80:b8:d3:
                    fe:95:7d:60:92:3b:c7:16:26:0f:1a:f0:d1:dd:fb:
                    f6:b8:2b:25:b8:11:0f:b8:99:99:bb:44:25:4e:d1:
                    57:3e:13:3e:26:79:de:31:95:0f:13:dc:8b:f8:3e:
                    e9:1d:ae:b0:26:7a:07:41:95:6d:bc:f4:7f:34:3a:
                    11:93:d5:97:55:00:00:92:04:e8:ce:ed:e2:c3:a3:
                    f6:06:10:d5:d8:7e:74:55:fa:d7:4b:cc:ba:39:eb:
                    41:ff:45:d3:74:4e:da:b9:f6:54:98:ff:0b:90:48:
                    75:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:2B:E5:E1:49:0E:C1:95:D9:1A:DE:07:DD:2F:41:20:55:40:BB:11
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/f458da60-384f-4a83-9f17-b32ebd32d7e2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:a8:bf:e8:5f:e6:c0:29:67:93:18:4b:3e:c7:05:47:fa:63:
         70:48:58:1d:38:b2:fa:8c:a5:21:df:31:5f:8d:1c:00:ea:83:
         8a:e6:34:88:6c:31:bc:92:4e:df:5a:ea:65:d7:7e:e1:2e:61:
         f6:99:3f:72:95:75:97:2b:3a:29:64:ac:6b:e3:f3:d7:4c:5b:
         db:ba:64:d1:81:60:34:a8:09:15:2d:6f:ea:52:51:5f:1d:5c:
         55:d8:9f:a8:13:30:7c:7c:5d:88:ba:e4:e3:53:af:ad:2d:7c:
         72:0e:d7:b6:0f:e5:92:3b:07:30:c2:7e:ee:9d:d9:5d:61:84:
         d5:aa:93:e4:18:47:a5:18:44:75:1a:cd:5a:6e:58:09:a8:be:
         33:e7:5f:7c:de:1a:57:a3:96:74:18:af:d6:2f:6c:7b:14:98:
         1e:06:29:af:de:a7:a2:d3:41:54:e6:fa:1a:bd:63:8d:37:d9:
         c8:f9:b5:97:34:3a:03:45:6f:19:cd:88:b7:58:3c:a7:11:91:
         9a:17:82:f8:14:71:03:0e:dd:51:9e:ed:e8:01:2e:81:11:3a:
         b1:14:3c:67:28:8f:e1:27:f6:e5:68:c7:f7:5d:7a:76:e8:c9:
         51:a5:96:86:1b:90:e7:1e:21:37:11:ff:24:51:4a:1c:3e:f5:
         58:ef:e1:7b
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUfbzAqhWnl02ufU24omNESoG4MdwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDEwMDAwMDAwWhcNMjMwNDEzMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZTdmM2FjYmZmZGJiMzZjYjRkYmE4MDZiODg5NDNmYjA0
ZjkxNjFkZWQwNjI1ZTllZGExNDgwYmNkNzQ3NDcwMDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMZAnqwe1uwKitHvDsoELXZUDLaydQR29rOScA7/TnmTmk0HL6Zp
TdtnKGeIoAweGTK4k/iVLpUTTEK5vSjawfWTQTx3k0911S+VJ98popl5rOz6L7Ta
1V3ar8+wHvoLW2THwx/HYqdySeG9atZfiiu/OAt2ofnBNGmENK/MdKd9mKKsjYLC
bWqIeCkieRtE2YVjgLjT/pV9YJI7xxYmDxrw0d379rgrJbgRD7iZmbtEJU7RVz4T
PiZ53jGVDxPci/g+6R2usCZ6B0GVbbz0fzQ6EZPVl1UAAJIE6M7t4sOj9gYQ1dh+
dFX610vMujnrQf9F03RO2rn2VJj/C5BIda0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRbK+XhSQ7Bldka3gfdL0EgVUC7ETAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZjQ1OGRhNjAtMzg0Zi00YTgzLTlmMTctYjMyZWJkMzJkN2UyLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAK2ov+hf5sApZ5MY
Sz7HBUf6Y3BIWB04svqMpSHfMV+NHADqg4rmNIhsMbySTt9a6mXXfuEuYfaZP3KV
dZcrOilkrGvj89dMW9u6ZNGBYDSoCRUtb+pSUV8dXFXYn6gTMHx8XYi65ONTr60t
fHIO17YP5ZI7BzDCfu6d2V1hhNWqk+QYR6UYRHUazVpuWAmovjPnX3zeGlejlnQY
r9YvbHsUmB4GKa/ep6LTQVTm+hq9Y4032cj5tZc0OgNFbxnNiLdYPKcRkZoXgvgU
cQMO3VGe7egBLoEROrEUPGcoj+En9uVox/ddenboyVGlloYbkOceITcR/yRRShw+
9Vjv4Xs=
-----END CERTIFICATE-----