Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/061d71e2-d991-49b9-aa42-f6dcabce885c.roa
File:                     061d71e2-d991-49b9-aa42-f6dcabce885c.roa (raw, json)
Hash identifier:          nAyv5KIxiKLVvM275hf3DBh838MH868rC46J31YLdbc=
Subject key identifier:   E1:5C:0F:32:8F:CA:15:16:1F:2F:A2:54:DB:BC:FE:25:98:B3:41:4B
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       6A7B71664FD4743F10AD42ACEBCB37EA0E049E61
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/061d71e2-d991-49b9-aa42-f6dcabce885c.roa
Signing time:             Fri 24 Mar 2023 00:00:00 +0000
ROA not before:           Fri 24 Mar 2023 00:00:00 +0000
ROA not after:            Mon 27 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:7b:71:66:4f:d4:74:3f:10:ad:42:ac:eb:cb:37:ea:0e:04:9e:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 24 00:00:00 2023 GMT
            Not After : Mar 27 23:59:59 2023 GMT
        Subject: serialNumber=99d95714b7fca9dc059e073a84626e6bf8aa075e10666b5998a10f8823fa0035, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:01:af:b7:0e:7c:33:55:19:9c:43:d3:54:ff:
                    a6:d0:07:c2:b4:c2:35:f0:68:62:a9:e3:e6:f6:8e:
                    cd:27:0a:7b:a3:c0:57:94:4f:aa:f5:d3:22:54:3a:
                    18:ed:fc:53:ac:83:f5:7e:6d:f7:65:04:ef:41:87:
                    4e:ff:d7:e0:33:c4:f8:65:7b:74:92:d8:18:0c:ed:
                    9c:dc:48:7b:bd:fe:4e:08:b7:5a:57:ac:e7:7b:a6:
                    5c:d9:f6:79:95:64:09:33:6c:54:a4:ef:3a:e7:85:
                    7a:41:4e:5f:68:e0:ae:8f:0b:32:38:6d:ec:9e:8e:
                    d4:1e:62:ca:86:20:32:53:48:ec:64:fc:4a:c0:85:
                    4a:70:be:72:d6:c5:ba:8c:c2:f1:5f:aa:60:4a:e6:
                    48:d8:79:c5:d3:df:94:2e:db:6f:38:a0:a1:cd:73:
                    eb:d4:35:75:20:b5:3a:b8:f3:7a:81:22:98:85:e9:
                    be:c8:77:5a:fb:b0:96:bb:84:f9:57:f4:ce:94:16:
                    21:76:30:9f:d6:87:7a:09:60:76:33:c8:ad:f8:3b:
                    99:1a:e2:09:40:6a:fb:de:03:8b:e6:b9:4a:5f:66:
                    25:54:26:77:93:bb:50:80:d4:49:2c:05:60:53:95:
                    dc:6a:5f:6f:66:3e:b5:f9:52:ff:60:af:8b:fd:5c:
                    91:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:5C:0F:32:8F:CA:15:16:1F:2F:A2:54:DB:BC:FE:25:98:B3:41:4B
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/061d71e2-d991-49b9-aa42-f6dcabce885c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c0:b8:ba:ea:75:65:ff:e7:18:06:0e:37:e6:41:9b:29:10:bd:
         3f:03:04:fb:b2:f6:01:83:e2:5d:03:43:a9:f5:2b:16:8c:91:
         7f:5c:90:bf:71:20:d2:0f:3a:6d:a6:e5:0a:56:a3:e6:af:66:
         7c:a4:ac:d5:39:d0:db:7b:e3:94:ae:5b:dd:45:d5:e8:b3:84:
         0d:88:9d:9a:28:7e:90:0c:dc:e3:5c:71:e9:c9:88:6f:07:6c:
         32:4a:d6:fe:2e:66:79:74:a3:fb:3b:5a:99:4e:9b:ad:5e:e0:
         08:70:9e:1d:da:41:8f:34:ea:ae:29:81:06:9c:59:02:cc:ff:
         56:18:d2:4c:15:0e:c3:88:2f:20:7c:b8:66:af:45:7e:37:8a:
         c6:61:67:79:38:11:3a:c1:41:fa:9a:45:9e:40:e2:f1:41:98:
         23:f9:ec:a9:c6:e6:34:85:50:11:11:f6:ab:71:2f:47:5c:d1:
         7b:1a:7c:81:1f:6f:22:13:e5:ba:dc:d2:57:b5:5e:4c:e6:87:
         47:db:12:c6:bd:bb:a5:07:06:ad:17:e5:50:b7:de:3a:97:f1:
         33:b4:cc:c1:4f:3e:e6:de:69:04:dc:6c:7a:55:2b:3e:94:c1:
         3c:1b:38:0f:0d:16:88:2a:f8:7b:a8:27:9e:c0:cd:94:19:6c:
         69:a5:ff:8b
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUantxZk/UdD8QrUKs68s36g4EnmEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzI0MDAwMDAwWhcNMjMwMzI3MjM1OTU5
WjCBpTFJMEcGA1UEBRNAOTlkOTU3MTRiN2ZjYTlkYzA1OWUwNzNhODQ2MjZlNmJm
OGFhMDc1ZTEwNjY2YjU5OThhMTBmODgyM2ZhMDAzNTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAK8Br7cOfDNVGZxD01T/ptAHwrTCNfBoYqnj5vaOzScKe6PAV5RP
qvXTIlQ6GO38U6yD9X5t92UE70GHTv/X4DPE+GV7dJLYGAztnNxIe73+Tgi3Wles
53umXNn2eZVkCTNsVKTvOueFekFOX2jgro8LMjht7J6O1B5iyoYgMlNI7GT8SsCF
SnC+ctbFuozC8V+qYErmSNh5xdPflC7bbzigoc1z69Q1dSC1OrjzeoEimIXpvsh3
WvuwlruE+Vf0zpQWIXYwn9aHeglgdjPIrfg7mRriCUBq+94Di+a5Sl9mJVQmd5O7
UIDUSSwFYFOV3Gpfb2Y+tflS/2Cvi/1ckRECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBThXA8yj8oVFh8volTbvP4lmLNBSzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMDYxZDcxZTItZDk5MS00OWI5LWFhNDItZjZkY2FiY2U4ODVjLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAMC4uup1Zf/nGAYO
N+ZBmykQvT8DBPuy9gGD4l0DQ6n1KxaMkX9ckL9xINIPOm2m5QpWo+avZnykrNU5
0Nt745SuW91F1eizhA2InZoofpAM3ONccenJiG8HbDJK1v4uZnl0o/s7WplOm61e
4Ahwnh3aQY806q4pgQacWQLM/1YY0kwVDsOILyB8uGavRX43isZhZ3k4ETrBQfqa
RZ5A4vFBmCP57KnG5jSFUBER9qtxL0dc0XsafIEfbyIT5brc0le1Xkzmh0fbEsa9
u6UHBq0X5VC33jqX8TO0zMFPPubeaQTcbHpVKz6UwTwbOA8NFogq+HuoJ57AzZQZ
bGml/4s=
-----END CERTIFICATE-----