Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/fba83e32-536d-4cb6-b4be-ce14f870e869.roa
File:                     fba83e32-536d-4cb6-b4be-ce14f870e869.roa (raw, json)
Hash identifier:          EZ9IYcsQWiAxPKbm8RJNCbni+KDvgjpoPALtuNgj+/M=
Subject key identifier:   6B:05:51:D9:F5:88:C4:A5:EF:82:F7:42:7F:55:4C:21:7A:5D:45:F2
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       71CB00D7B8105AEA0E2FAEA3079746E40005C926
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/fba83e32-536d-4cb6-b4be-ce14f870e869.roa
Signing time:             Sat 03 Jun 2023 00:00:00 +0000
ROA not before:           Sat 03 Jun 2023 00:00:00 +0000
ROA not after:            Tue 06 Jun 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:cb:00:d7:b8:10:5a:ea:0e:2f:ae:a3:07:97:46:e4:00:05:c9:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jun  3 00:00:00 2023 GMT
            Not After : Jun  6 23:59:59 2023 GMT
        Subject: serialNumber=bc1f40712841c10ad36dde95b64c9aaf2bc47e1c9e126ede378eb3b9b1fe143e, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:02:de:d5:e5:d3:e5:68:e6:e8:cf:61:04:a7:
                    66:fe:c5:bf:bf:c8:58:8d:48:62:e6:84:ae:76:3f:
                    22:37:82:6d:a4:59:49:9e:b9:8f:03:05:ed:5d:c2:
                    35:c1:03:78:06:81:4c:22:ad:26:20:39:38:cf:17:
                    f5:0a:92:b7:a1:18:5a:62:d8:69:73:97:22:71:47:
                    4c:0f:1f:34:ba:6b:1f:89:c3:95:6e:d0:5d:77:a2:
                    2d:2d:bc:c2:4e:15:54:53:53:ea:28:40:a3:87:a5:
                    cc:f7:c1:9d:89:ef:45:33:7f:21:ef:06:bf:d2:b8:
                    d8:80:03:62:55:b9:fd:f7:2d:53:16:24:1b:a8:2e:
                    ad:36:59:21:09:95:d7:6d:07:99:04:d8:1a:cb:47:
                    f0:b8:14:2d:32:f1:42:c3:0e:2f:7b:f6:91:ae:53:
                    e6:3e:ac:29:d9:4d:20:46:93:94:ea:02:8d:d2:5c:
                    d2:de:2f:9f:1b:cd:04:3c:40:5c:a4:0b:38:dc:7b:
                    ae:fe:f9:07:25:09:0c:75:b8:9e:15:20:a4:ae:e0:
                    fb:2a:85:c2:92:c1:3f:ca:97:fd:e0:d0:a3:c8:83:
                    8b:9a:fd:98:83:41:88:6d:61:6b:c2:40:43:42:17:
                    df:a4:68:5a:12:9f:f6:ad:b0:0d:65:3e:06:12:88:
                    9b:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:05:51:D9:F5:88:C4:A5:EF:82:F7:42:7F:55:4C:21:7A:5D:45:F2
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/fba83e32-536d-4cb6-b4be-ce14f870e869.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:cf:c1:e3:87:57:4e:7f:4a:86:d9:fe:f1:08:c4:8c:d1:32:
         cc:60:9b:6a:df:20:c5:88:cb:71:18:9c:3a:92:fd:eb:43:7e:
         0c:87:b3:a2:08:f1:63:37:0b:2f:07:2a:f9:62:2c:e2:30:f5:
         c5:0f:08:7e:d7:f3:f7:85:3a:05:83:fc:72:6c:75:19:71:23:
         8d:da:e9:ff:fd:32:87:9b:e6:91:f5:86:e4:6d:30:23:8f:a2:
         4c:0d:c1:c7:81:94:a3:32:77:82:c0:de:ab:ac:5b:77:4d:0c:
         10:f9:74:a1:ec:64:76:26:dd:d9:66:c0:c3:57:5b:96:18:19:
         1c:61:8f:4d:a1:5b:03:5f:d5:22:e6:c4:9d:e3:2a:7b:c4:06:
         06:20:83:97:dd:29:dc:88:27:bc:cb:06:1e:f6:b8:47:5c:90:
         5e:16:7a:eb:8e:72:28:5b:ac:7c:a6:06:86:90:b9:15:dc:0e:
         01:83:d1:d5:38:0a:da:b3:c0:10:c9:c1:90:8a:58:e1:37:c2:
         0a:0b:27:79:7a:ce:48:9f:cc:e2:09:18:c2:c7:6c:44:e7:9b:
         29:ad:f1:b6:38:90:21:18:b5:4b:2b:aa:1e:1b:0b:41:77:ce:
         1b:74:aa:1b:24:bf:57:18:b7:96:e2:8f:b7:a5:a4:85:0f:a2:
         ee:c0:cd:bf
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUccsA17gQWuoOL66jB5dG5AAFySYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNjAzMDAwMDAwWhcNMjMwNjA2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYmMxZjQwNzEyODQxYzEwYWQzNmRkZTk1YjY0YzlhYWYy
YmM0N2UxYzllMTI2ZWRlMzc4ZWIzYjliMWZlMTQzZTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAPQC3tXl0+Vo5ujPYQSnZv7Fv7/IWI1IYuaErnY/IjeCbaRZSZ65
jwMF7V3CNcEDeAaBTCKtJiA5OM8X9QqSt6EYWmLYaXOXInFHTA8fNLprH4nDlW7Q
XXeiLS28wk4VVFNT6ihAo4elzPfBnYnvRTN/Ie8Gv9K42IADYlW5/fctUxYkG6gu
rTZZIQmV120HmQTYGstH8LgULTLxQsMOL3v2ka5T5j6sKdlNIEaTlOoCjdJc0t4v
nxvNBDxAXKQLONx7rv75ByUJDHW4nhUgpK7g+yqFwpLBP8qX/eDQo8iDi5r9mINB
iG1ha8JAQ0IX36RoWhKf9q2wDWU+BhKImxMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRrBVHZ9YjEpe+C90J/VUwhel1F8jAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvZmJhODNlMzItNTM2ZC00Y2I2LWI0YmUtY2UxNGY4NzBlODY5LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALHPweOHV05/SobZ
/vEIxIzRMsxgm2rfIMWIy3EYnDqS/etDfgyHs6II8WM3Cy8HKvliLOIw9cUPCH7X
8/eFOgWD/HJsdRlxI43a6f/9Moeb5pH1huRtMCOPokwNwceBlKMyd4LA3qusW3dN
DBD5dKHsZHYm3dlmwMNXW5YYGRxhj02hWwNf1SLmxJ3jKnvEBgYgg5fdKdyIJ7zL
Bh72uEdckF4WeuuOcihbrHymBoaQuRXcDgGD0dU4CtqzwBDJwZCKWOE3wgoLJ3l6
zkifzOIJGMLHbETnmymt8bY4kCEYtUsrqh4bC0F3zht0qhskv1cYt5bij7elpIUP
ou7Azb8=
-----END CERTIFICATE-----