Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/fa0bd7bb-4d69-4d27-8a9e-5e8e503e32fb.roa
File:                     fa0bd7bb-4d69-4d27-8a9e-5e8e503e32fb.roa (raw, json)
Hash identifier:          bQkij10wM2GdyxHZ9O3BEuzajBVs1SiV7hDD2VJetGs=
Subject key identifier:   46:CD:91:6C:79:D8:B1:E8:52:6C:90:4F:23:C4:59:95:47:37:BD:5B
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       0287383F4C772383EAE1F2B75D0CD62B13729737
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/fa0bd7bb-4d69-4d27-8a9e-5e8e503e32fb.roa
Signing time:             Wed 22 Feb 2023 00:00:00 +0000
ROA not before:           Wed 22 Feb 2023 00:00:00 +0000
ROA not after:            Sat 25 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:87:38:3f:4c:77:23:83:ea:e1:f2:b7:5d:0c:d6:2b:13:72:97:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 22 00:00:00 2023 GMT
            Not After : Feb 25 23:59:59 2023 GMT
        Subject: serialNumber=4daf3efc13438a5070e9707443d7b6d27c62564b4250a66e532e5cce9ca54de6, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:c7:e1:12:b0:81:ec:5e:3b:48:04:99:98:93:
                    73:e3:a4:61:1a:b4:a5:15:39:07:de:c5:12:5b:2e:
                    bc:65:87:0e:79:b0:bf:5e:58:32:4e:88:5d:6c:b6:
                    ec:36:e3:57:ff:44:7e:86:4d:65:1b:04:b6:08:8a:
                    aa:8a:43:37:14:18:b2:8c:34:f3:7e:3e:86:ca:97:
                    9c:f4:a5:a9:e4:46:10:b4:be:a4:e3:73:43:d2:67:
                    35:c0:b6:9d:16:2a:3e:93:3b:0d:21:43:e8:2b:02:
                    69:40:73:85:1d:c0:ab:3f:d0:29:a2:ea:c4:a0:a1:
                    fe:f4:e0:50:e8:1f:4a:ab:b0:1c:75:01:fe:88:66:
                    52:c5:84:47:62:28:a0:34:5a:f0:16:5e:b3:cb:e8:
                    bf:3f:6e:45:a8:e7:a8:17:4e:8b:03:f2:14:a6:d1:
                    59:98:84:d3:e2:bd:8e:82:8f:22:94:91:53:9e:35:
                    ae:44:e9:f7:24:60:51:04:92:94:74:93:6d:a9:86:
                    67:e5:a8:33:bc:b4:4e:15:e3:93:85:32:81:52:a9:
                    7b:fe:08:4d:27:4b:a0:fc:bf:13:3a:57:92:82:d8:
                    2b:56:8a:7f:cf:6f:2c:80:da:20:6e:ff:62:8c:4a:
                    73:9d:0a:ad:41:1d:2b:18:a1:b0:8f:0f:d4:93:b1:
                    fd:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:CD:91:6C:79:D8:B1:E8:52:6C:90:4F:23:C4:59:95:47:37:BD:5B
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/fa0bd7bb-4d69-4d27-8a9e-5e8e503e32fb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:30:f3:98:fb:69:d5:3b:3b:93:f6:81:a9:e5:84:ab:a7:e0:
         05:ef:ec:fc:17:4e:e2:e6:ae:a2:68:af:1f:bc:9d:6b:3a:00:
         c5:c0:25:42:a7:de:7d:9d:62:36:5a:8d:34:dd:17:55:f7:51:
         24:61:e1:fc:b7:ee:8a:d5:69:a6:a9:72:4a:35:ea:91:8b:46:
         db:97:21:d8:24:d6:09:7a:e2:82:47:e8:b8:b4:e5:42:95:dc:
         40:db:61:1b:4c:fe:ba:c4:aa:d4:d5:0b:74:f5:1e:cf:33:ff:
         90:ed:ca:8c:89:6d:27:61:ac:d5:a0:11:2a:aa:e8:61:c2:06:
         f9:ce:b0:df:5a:43:f2:87:96:94:cb:51:59:89:e4:07:ee:49:
         f7:9e:d0:5b:e4:03:67:d3:e4:a6:70:ab:82:25:7c:f8:24:59:
         6c:17:b3:57:f5:3a:05:0a:a1:d7:08:a3:77:bb:58:f2:af:8b:
         4d:d7:20:ad:67:4e:5a:d2:5c:13:28:e2:d5:8d:49:aa:00:2a:
         16:96:36:e2:9c:02:7d:7c:17:ed:2e:48:6d:14:b4:ea:db:bc:
         44:e8:07:3d:69:ab:0b:93:6f:37:97:32:62:d9:c5:70:5f:59:
         4a:83:ce:d1:f5:5d:6c:18:9b:6c:d2:91:52:1e:5c:a8:cc:da:
         7f:b2:2a:30
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUAoc4P0x3I4Pq4fK3XQzWKxNylzcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjIyMDAwMDAwWhcNMjMwMjI1MjM1OTU5
WjCBpTFJMEcGA1UEBRNANGRhZjNlZmMxMzQzOGE1MDcwZTk3MDc0NDNkN2I2ZDI3
YzYyNTY0YjQyNTBhNjZlNTMyZTVjY2U5Y2E1NGRlNjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALjH4RKwgexeO0gEmZiTc+OkYRq0pRU5B97FElsuvGWHDnmwv15Y
Mk6IXWy27DbjV/9EfoZNZRsEtgiKqopDNxQYsow0834+hsqXnPSlqeRGELS+pONz
Q9JnNcC2nRYqPpM7DSFD6CsCaUBzhR3Aqz/QKaLqxKCh/vTgUOgfSquwHHUB/ohm
UsWER2IooDRa8BZes8vovz9uRajnqBdOiwPyFKbRWZiE0+K9joKPIpSRU541rkTp
9yRgUQSSlHSTbamGZ+WoM7y0ThXjk4UygVKpe/4ITSdLoPy/EzpXkoLYK1aKf89v
LIDaIG7/YoxKc50KrUEdKxihsI8P1JOx/QsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRGzZFsedix6FJskE8jxFmVRze9WzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZmEwYmQ3YmItNGQ2OS00ZDI3LThhOWUtNWU4ZTUwM2UzMmZiLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAA0w85j7adU7O5P2
ganlhKun4AXv7PwXTuLmrqJorx+8nWs6AMXAJUKn3n2dYjZajTTdF1X3USRh4fy3
7orVaaapcko16pGLRtuXIdgk1gl64oJH6Li05UKV3EDbYRtM/rrEqtTVC3T1Hs8z
/5DtyoyJbSdhrNWgESqq6GHCBvnOsN9aQ/KHlpTLUVmJ5AfuSfee0FvkA2fT5KZw
q4IlfPgkWWwXs1f1OgUKodcIo3e7WPKvi03XIK1nTlrSXBMo4tWNSaoAKhaWNuKc
An18F+0uSG0UtOrbvEToBz1pqwuTbzeXMmLZxXBfWUqDztH1XWwYm2zSkVIeXKjM
2n+yKjA=
-----END CERTIFICATE-----