Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/fa5494a2-546e-42d8-817e-5a2aeba077d2.roa
File:                     fa5494a2-546e-42d8-817e-5a2aeba077d2.roa (raw, json)
Hash identifier:          Ugv7jA+77zbmyzDq5SavE2xRzv43JrrRb8iEwNtYcTY=
Subject key identifier:   5C:A6:2B:08:5A:25:3E:84:55:93:5C:7D:09:CD:4C:9A:AB:21:A8:01
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       575CD7CDA2FD38B60073730C125FEF2E2CC3B7F2
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/fa5494a2-546e-42d8-817e-5a2aeba077d2.roa
Signing time:             Sat 11 Feb 2023 00:00:00 +0000
ROA not before:           Sat 11 Feb 2023 00:00:00 +0000
ROA not after:            Tue 14 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:5c:d7:cd:a2:fd:38:b6:00:73:73:0c:12:5f:ef:2e:2c:c3:b7:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 11 00:00:00 2023 GMT
            Not After : Feb 14 23:59:59 2023 GMT
        Subject: serialNumber=740aa2fae2cb3bc9f0831f41a440e7320db19685c6c7134843f503ebde81fe63, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:a2:f9:9e:36:96:0f:76:a2:3b:49:6e:37:9c:
                    92:ca:04:bb:c5:95:25:1a:ba:cb:21:1e:40:fe:30:
                    21:4b:0e:bf:c0:27:69:bd:50:d7:94:d7:f5:82:78:
                    68:a0:13:58:83:c2:69:56:d8:88:76:9a:8b:60:f5:
                    2c:07:15:a8:ec:d1:62:8e:71:12:4a:9a:ad:92:bd:
                    87:ef:62:98:df:b7:32:6e:36:c0:8f:0d:b9:a0:67:
                    21:87:ed:36:01:ab:a9:16:6b:de:15:2d:59:f2:55:
                    67:6d:d8:8f:81:ba:10:1b:5d:d5:65:65:ea:e4:d2:
                    61:de:ea:e8:de:a5:82:6d:e5:7e:d4:2a:79:4f:4e:
                    c6:0a:43:28:5d:69:cb:51:b8:09:1d:83:5d:ca:35:
                    44:4f:b6:ae:ed:ed:18:4e:c6:96:99:68:c1:74:16:
                    7f:5a:81:41:70:ca:cc:50:0f:87:9c:93:a8:67:ef:
                    e3:12:8b:06:e6:7b:f9:87:c5:43:c1:c6:38:62:19:
                    d6:9f:c6:4e:54:3d:64:f3:e9:5f:12:11:a6:a7:23:
                    b1:8a:82:ff:37:45:50:e2:d3:47:98:e8:13:f1:f7:
                    65:9e:c4:b3:48:45:52:0d:1c:96:49:91:1d:e8:79:
                    0b:46:45:45:6d:ed:da:d7:16:1d:0a:75:90:e4:fb:
                    43:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:A6:2B:08:5A:25:3E:84:55:93:5C:7D:09:CD:4C:9A:AB:21:A8:01
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/fa5494a2-546e-42d8-817e-5a2aeba077d2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:d0:14:6a:7d:74:f5:f3:51:8a:78:7a:a5:d5:2f:69:eb:ed:
         f0:6e:87:82:65:55:90:0f:85:e5:97:a6:59:70:31:ca:84:f1:
         09:25:ad:ad:1d:ef:63:5f:10:9e:63:00:04:5b:09:03:ae:c5:
         39:25:44:1c:82:8b:11:d7:bf:41:f8:34:d4:f9:e2:19:cd:29:
         e4:a6:75:09:b7:b5:81:27:5e:92:b7:38:05:1a:cc:48:89:a9:
         ea:77:74:ca:f6:f1:0a:b3:13:d5:0c:c6:b5:15:7d:3e:d3:81:
         76:1a:0e:65:3d:c0:40:c1:a0:ae:bc:ca:b6:15:11:d2:6c:99:
         00:0f:4a:a6:3d:7e:24:46:93:b7:fb:b2:a0:4a:f9:40:0a:1e:
         1d:55:a6:f0:a1:e9:39:0b:01:68:6f:6b:b7:d2:3e:52:10:e5:
         eb:b9:cc:90:48:d8:ff:b2:29:53:c2:8e:84:8d:68:a4:c7:8b:
         71:c3:9b:a3:9d:66:8e:df:8e:a5:dc:ae:87:00:d7:66:32:1c:
         04:f7:9c:6a:91:5d:c7:ee:77:5a:23:66:dd:bf:ba:54:ca:0b:
         13:a0:d6:7b:15:b2:eb:79:2b:52:8f:dd:c4:db:7e:50:bb:20:
         f4:58:bc:21:55:bd:18:29:8a:27:f6:1c:9f:79:07:58:c6:78:
         be:d0:de:bc
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUV1zXzaL9OLYAc3MMEl/vLizDt/IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjExMDAwMDAwWhcNMjMwMjE0MjM1OTU5
WjCBpTFJMEcGA1UEBRNANzQwYWEyZmFlMmNiM2JjOWYwODMxZjQxYTQ0MGU3MzIw
ZGIxOTY4NWM2YzcxMzQ4NDNmNTAzZWJkZTgxZmU2MzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALKi+Z42lg92ojtJbjecksoEu8WVJRq6yyEeQP4wIUsOv8Anab1Q
15TX9YJ4aKATWIPCaVbYiHaai2D1LAcVqOzRYo5xEkqarZK9h+9imN+3Mm42wI8N
uaBnIYftNgGrqRZr3hUtWfJVZ23Yj4G6EBtd1WVl6uTSYd7q6N6lgm3lftQqeU9O
xgpDKF1py1G4CR2DXco1RE+2ru3tGE7GlplowXQWf1qBQXDKzFAPh5yTqGfv4xKL
BuZ7+YfFQ8HGOGIZ1p/GTlQ9ZPPpXxIRpqcjsYqC/zdFUOLTR5joE/H3ZZ7Es0hF
Ug0clkmRHeh5C0ZFRW3t2tcWHQp1kOT7Q70CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRcpisIWiU+hFWTXH0JzUyaqyGoATAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZmE1NDk0YTItNTQ2ZS00MmQ4LTgxN2UtNWEyYWViYTA3N2QyLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACzQFGp9dPXzUYp4
eqXVL2nr7fBuh4JlVZAPheWXpllwMcqE8Qklra0d72NfEJ5jAARbCQOuxTklRByC
ixHXv0H4NNT54hnNKeSmdQm3tYEnXpK3OAUazEiJqep3dMr28QqzE9UMxrUVfT7T
gXYaDmU9wEDBoK68yrYVEdJsmQAPSqY9fiRGk7f7sqBK+UAKHh1VpvCh6TkLAWhv
a7fSPlIQ5eu5zJBI2P+yKVPCjoSNaKTHi3HDm6OdZo7fjqXcrocA12YyHAT3nGqR
Xcfud1ojZt2/ulTKCxOg1nsVsut5K1KP3cTbflC7IPRYvCFVvRgpiif2HJ95B1jG
eL7Q3rw=
-----END CERTIFICATE-----