Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/00d49516-64f0-41b6-b931-e15edea0ad32.roa
File:                     00d49516-64f0-41b6-b931-e15edea0ad32.roa (raw, json)
Hash identifier:          f75/v6HPUa6j34MxJxhrDWSTzFuhAVDZNTmh4Tht+Tg=
Subject key identifier:   4C:F8:65:9C:A4:38:67:76:DE:FC:38:01:50:3F:71:68:57:68:E7:84
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       13FFEE356CAE366633A185B3304DD2EAA4871DC7
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/00d49516-64f0-41b6-b931-e15edea0ad32.roa
Signing time:             Thu 06 Apr 2023 00:00:00 +0000
ROA not before:           Thu 06 Apr 2023 00:00:00 +0000
ROA not after:            Sun 09 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:ff:ee:35:6c:ae:36:66:33:a1:85:b3:30:4d:d2:ea:a4:87:1d:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr  6 00:00:00 2023 GMT
            Not After : Apr  9 23:59:59 2023 GMT
        Subject: serialNumber=080c5c4273fd852365db99b295458774f645c35c6ea4694c10b464a133ed49f1, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:9f:2d:7a:2c:84:ab:3b:79:cf:1e:a1:0f:0a:
                    0c:34:d7:7f:d2:7a:88:d6:34:ff:a9:64:7e:80:4e:
                    d6:94:37:88:25:f3:c8:9c:89:a0:cb:53:82:e8:36:
                    41:86:93:38:84:48:0d:70:80:25:74:91:e3:c6:55:
                    e3:5b:94:7a:3e:2e:1f:ed:dd:17:ab:fd:db:c3:59:
                    04:30:df:fe:9c:65:c5:4d:6c:a1:29:74:26:98:19:
                    0d:a4:69:c6:81:6f:05:88:21:b7:bc:1f:ba:11:49:
                    66:d4:b3:94:2b:33:ee:1f:d8:da:f5:a1:9a:55:6d:
                    d6:7b:7b:84:34:aa:0a:a8:a7:98:6f:fb:ca:f2:84:
                    be:4a:54:bc:ea:8b:8e:10:0e:9c:3c:bb:43:2d:21:
                    07:5a:1d:34:d6:6d:f1:5a:f5:89:6b:5d:ae:70:4b:
                    dc:aa:bb:44:28:68:6d:64:1f:b1:46:c5:0d:86:36:
                    d7:1c:d2:2d:7e:e7:a6:c6:cc:26:1e:90:b5:0e:d8:
                    4c:38:ba:2b:b4:2e:7d:fe:aa:8b:97:38:34:4e:83:
                    6a:19:e5:8b:a4:fd:bc:59:17:e9:69:ce:2b:2b:59:
                    cc:a1:12:3b:5f:9b:1b:b3:5b:2d:3c:91:e3:71:a8:
                    92:cb:f4:55:63:19:d8:36:16:35:13:06:61:fd:10:
                    15:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:F8:65:9C:A4:38:67:76:DE:FC:38:01:50:3F:71:68:57:68:E7:84
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/00d49516-64f0-41b6-b931-e15edea0ad32.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:3d:94:17:83:75:0a:77:b5:d5:8a:5f:6f:ec:b7:00:e1:a8:
         6f:4f:d7:7d:83:6d:2a:02:f4:8b:59:10:5e:f7:ac:77:99:fa:
         4c:ff:c1:a5:99:0b:ba:48:7f:ae:f4:60:94:31:61:70:60:86:
         4d:0a:2c:51:ae:22:24:46:f8:e9:53:b3:b6:cc:17:6d:42:2e:
         ab:d7:86:81:85:db:ba:4b:a8:0a:9d:7e:88:f9:10:98:c5:8c:
         97:ad:2e:89:b2:39:82:62:7a:f8:6f:5f:16:c7:2d:8d:34:a6:
         4c:a3:47:aa:cb:f1:25:6c:b8:3f:f3:35:c1:c3:d0:6a:a5:76:
         f9:08:7a:c3:d8:08:8e:13:85:cd:f5:c6:7f:8e:b5:5a:85:8c:
         1d:d0:46:20:62:1c:b6:f1:50:16:8c:62:b1:99:46:ad:5d:0a:
         07:95:e0:35:b2:63:dc:e6:6b:c7:80:d9:4b:7e:b7:81:77:eb:
         d3:6a:c0:7d:d3:44:f7:ed:cd:b9:6d:92:f4:4f:59:eb:86:61:
         1a:48:57:72:16:6e:d6:73:86:8e:7d:ad:f1:30:97:95:bc:47:
         2a:e3:9f:0c:da:be:d8:4c:56:5f:31:0e:fe:ef:d0:7d:f4:c5:
         91:61:52:ab:50:14:c2:bb:51:e4:40:4b:84:3a:3a:08:7a:79:
         f6:d5:e7:19
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUE//uNWyuNmYzoYWzME3S6qSHHccwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDA2MDAwMDAwWhcNMjMwNDA5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMDgwYzVjNDI3M2ZkODUyMzY1ZGI5OWIyOTU0NTg3NzRm
NjQ1YzM1YzZlYTQ2OTRjMTBiNDY0YTEzM2VkNDlmMTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANOfLXoshKs7ec8eoQ8KDDTXf9J6iNY0/6lkfoBO1pQ3iCXzyJyJ
oMtTgug2QYaTOIRIDXCAJXSR48ZV41uUej4uH+3dF6v928NZBDDf/pxlxU1soSl0
JpgZDaRpxoFvBYght7wfuhFJZtSzlCsz7h/Y2vWhmlVt1nt7hDSqCqinmG/7yvKE
vkpUvOqLjhAOnDy7Qy0hB1odNNZt8Vr1iWtdrnBL3Kq7RChobWQfsUbFDYY21xzS
LX7npsbMJh6QtQ7YTDi6K7Quff6qi5c4NE6Dahnli6T9vFkX6WnOKytZzKESO1+b
G7NbLTyR43Goksv0VWMZ2DYWNRMGYf0QFfkCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRM+GWcpDhndt78OAFQP3FoV2jnhDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMDBkNDk1MTYtNjRmMC00MWI2LWI5MzEtZTE1ZWRlYTBhZDMyLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAD49lBeDdQp3tdWK
X2/stwDhqG9P132DbSoC9ItZEF73rHeZ+kz/waWZC7pIf670YJQxYXBghk0KLFGu
IiRG+OlTs7bMF21CLqvXhoGF27pLqAqdfoj5EJjFjJetLomyOYJievhvXxbHLY00
pkyjR6rL8SVsuD/zNcHD0GqldvkIesPYCI4Thc31xn+OtVqFjB3QRiBiHLbxUBaM
YrGZRq1dCgeV4DWyY9zma8eA2Ut+t4F369NqwH3TRPftzbltkvRPWeuGYRpIV3IW
btZzho59rfEwl5W8RyrjnwzavthMVl8xDv7v0H30xZFhUqtQFMK7UeRAS4Q6Ogh6
efbV5xk=
-----END CERTIFICATE-----