Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0728c017-b37c-410b-a0c6-8b69c90c774b.roa
File:                     0728c017-b37c-410b-a0c6-8b69c90c774b.roa (raw, json)
Hash identifier:          RTfa14wYARXK9xyz4QlvBr4oYoDPwa/ok5lPaLWOqus=
Subject key identifier:   87:90:90:47:D6:3B:C5:9E:1D:EB:A5:21:AC:B6:97:1C:0C:3B:64:20
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       7006435352D72D57F99583814FBEFFB8AE171F74
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0728c017-b37c-410b-a0c6-8b69c90c774b.roa
Signing time:             Fri 10 Mar 2023 00:00:00 +0000
ROA not before:           Fri 10 Mar 2023 00:00:00 +0000
ROA not after:            Mon 13 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:06:43:53:52:d7:2d:57:f9:95:83:81:4f:be:ff:b8:ae:17:1f:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 10 00:00:00 2023 GMT
            Not After : Mar 13 23:59:59 2023 GMT
        Subject: serialNumber=5dc68b73c5a1340930aed282b14eb7239d1791e3bc96abe98e831eae2c1cff51, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:bb:ed:31:ad:ef:48:2e:d0:ab:6a:b9:29:ca:
                    86:c0:19:f5:78:2b:d7:78:b5:1f:d9:70:e5:8a:ab:
                    dd:3e:d4:dc:2a:88:8e:e1:92:44:49:d6:8e:96:b8:
                    4b:ff:85:da:91:bc:93:2c:8f:04:f1:28:27:d2:4d:
                    b6:4b:ec:f9:28:1c:ce:04:a0:d3:63:8a:7d:97:be:
                    40:67:ad:6d:34:7f:d5:21:7b:db:7e:ac:05:40:1c:
                    17:2e:6d:2a:9c:6f:90:31:be:4a:38:2a:16:29:d8:
                    23:ee:85:92:c6:f2:8d:5e:3f:b4:93:62:84:d4:28:
                    0d:e5:54:1c:3a:7e:5a:27:54:16:66:36:91:80:72:
                    3f:57:41:05:7c:53:09:b6:2d:17:c0:f4:4c:46:17:
                    3b:c4:ec:93:69:6e:13:7a:17:33:11:1a:9b:9b:0d:
                    d9:54:4e:50:75:59:c1:34:d3:83:23:28:3c:54:4d:
                    b0:11:86:99:b8:82:f1:d2:b2:0c:f7:55:c5:6a:af:
                    f7:af:39:67:fe:96:01:7b:64:81:53:18:fb:14:b0:
                    2e:28:5f:f2:d7:70:e9:79:dc:91:4c:eb:5e:b3:92:
                    8e:58:a4:52:56:76:07:25:12:a4:cf:1c:05:4a:29:
                    f9:c0:05:be:cf:1d:df:8a:44:0c:6e:7d:c2:52:04:
                    37:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:90:90:47:D6:3B:C5:9E:1D:EB:A5:21:AC:B6:97:1C:0C:3B:64:20
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0728c017-b37c-410b-a0c6-8b69c90c774b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:a9:c7:15:dc:b0:91:09:4c:da:30:14:a4:a6:7a:7d:4d:7a:
         c3:ee:83:92:0d:24:04:8e:b5:58:4c:7f:19:67:51:03:3c:f6:
         f6:3d:53:c4:b6:9b:c0:6a:11:e5:c1:82:37:c2:10:dd:82:23:
         8c:4d:dd:97:4e:6c:d2:ce:b0:57:85:37:6b:09:6c:1a:72:3b:
         9b:75:84:06:c3:ff:cd:f4:43:80:32:da:79:7f:2d:bc:88:26:
         33:d6:00:b9:4a:33:0f:98:d3:2a:ab:0b:74:bf:a2:71:f2:80:
         9a:bb:55:4a:c3:68:03:0b:84:fc:2b:ec:ff:71:bb:58:ec:7d:
         9b:6f:79:5a:f8:db:cc:88:43:a5:6f:02:55:a6:ef:c6:ca:5e:
         d3:e2:da:d6:9d:c1:28:a4:d2:ce:a7:ca:fb:7f:ed:7e:b8:6f:
         4d:3b:6a:69:d5:e0:8e:7c:9d:6f:93:ef:36:63:2a:b8:54:12:
         ee:94:33:35:76:97:b8:0b:e1:43:43:2a:ff:a4:81:3c:06:9e:
         8e:a0:65:02:4f:e8:bc:9a:2b:b1:d9:ee:b4:ac:44:54:07:19:
         f4:8b:a8:27:6d:d9:7b:d5:fa:10:48:38:91:0c:a7:fb:7f:52:
         18:60:cc:39:3c:ed:c9:a8:c7:39:57:a7:7f:6d:79:5b:ce:5a:
         b4:ae:31:07
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUcAZDU1LXLVf5lYOBT77/uK4XH3QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzEwMDAwMDAwWhcNMjMwMzEzMjM1OTU5
WjCBpTFJMEcGA1UEBRNANWRjNjhiNzNjNWExMzQwOTMwYWVkMjgyYjE0ZWI3MjM5
ZDE3OTFlM2JjOTZhYmU5OGU4MzFlYWUyYzFjZmY1MTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMa77TGt70gu0KtquSnKhsAZ9Xgr13i1H9lw5Yqr3T7U3CqIjuGS
REnWjpa4S/+F2pG8kyyPBPEoJ9JNtkvs+SgczgSg02OKfZe+QGetbTR/1SF7236s
BUAcFy5tKpxvkDG+SjgqFinYI+6FksbyjV4/tJNihNQoDeVUHDp+WidUFmY2kYBy
P1dBBXxTCbYtF8D0TEYXO8Tsk2luE3oXMxEam5sN2VROUHVZwTTTgyMoPFRNsBGG
mbiC8dKyDPdVxWqv9685Z/6WAXtkgVMY+xSwLihf8tdw6XnckUzrXrOSjlikUlZ2
ByUSpM8cBUop+cAFvs8d34pEDG59wlIEN6kCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSHkJBH1jvFnh3rpSGstpccDDtkIDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMDcyOGMwMTctYjM3Yy00MTBiLWEwYzYtOGI2OWM5MGM3NzRiLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFGpxxXcsJEJTNow
FKSmen1NesPug5INJASOtVhMfxlnUQM89vY9U8S2m8BqEeXBgjfCEN2CI4xN3ZdO
bNLOsFeFN2sJbBpyO5t1hAbD/830Q4Ay2nl/LbyIJjPWALlKMw+Y0yqrC3S/onHy
gJq7VUrDaAMLhPwr7P9xu1jsfZtveVr428yIQ6VvAlWm78bKXtPi2tadwSik0s6n
yvt/7X64b007amnV4I58nW+T7zZjKrhUEu6UMzV2l7gL4UNDKv+kgTwGno6gZQJP
6LyaK7HZ7rSsRFQHGfSLqCdt2XvV+hBIOJEMp/t/UhhgzDk87cmoxzlXp39teVvO
WrSuMQc=
-----END CERTIFICATE-----