Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/091c1289-89e1-41d1-b614-15b57484d3fd.roa
File:                     091c1289-89e1-41d1-b614-15b57484d3fd.roa (raw, json)
Hash identifier:          Q0X87EV1WQtreet1vdRvT9zHCG81W1RgbvuypNSdNoU=
Subject key identifier:   7C:67:7B:2B:5F:BB:4B:37:50:EE:C8:42:B7:42:AD:4F:47:78:D5:40
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       329B71A42E7BFE0A254CD348F0DF3833C23F3DB0
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/091c1289-89e1-41d1-b614-15b57484d3fd.roa
Signing time:             Mon 20 Mar 2023 00:00:00 +0000
ROA not before:           Mon 20 Mar 2023 00:00:00 +0000
ROA not after:            Thu 23 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:9b:71:a4:2e:7b:fe:0a:25:4c:d3:48:f0:df:38:33:c2:3f:3d:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 20 00:00:00 2023 GMT
            Not After : Mar 23 23:59:59 2023 GMT
        Subject: serialNumber=110dba7c6d0c1605f570619cc8877ca7dc4ed8393df881e9c80c4879d3d51bb4, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:70:17:ca:5e:21:b3:ac:a9:a9:a1:4f:ff:9a:
                    da:e7:31:8d:d5:8e:63:16:6d:15:c6:33:c9:5e:db:
                    08:76:97:91:0c:4c:0c:81:54:a8:0f:0f:c8:8f:33:
                    9b:b2:07:05:a9:ff:2d:46:95:bc:d4:97:0a:7a:ed:
                    06:2f:46:b2:bc:71:08:4b:72:9e:6f:4a:b1:34:dc:
                    cd:fa:a7:91:0e:0d:d7:87:98:6e:b4:2b:47:db:98:
                    f2:7c:5d:3b:ae:3a:68:40:11:28:59:f2:40:2f:15:
                    07:93:4b:8d:c5:7d:ab:cc:e9:0f:fc:0a:a4:e5:bc:
                    41:14:be:f0:03:cf:02:86:0a:cf:57:7b:d8:2c:09:
                    73:80:0a:83:b2:12:f6:27:07:40:ed:09:b6:09:c2:
                    69:12:fc:e1:69:90:2c:5f:e2:8b:dc:fc:9e:06:43:
                    26:e4:06:15:4f:71:7e:8e:f8:e4:9a:25:e8:cf:e0:
                    84:b4:e5:55:c7:b3:b7:28:df:cc:c8:3d:15:cc:8d:
                    3e:82:d2:41:a8:8f:08:03:48:28:04:b6:08:ba:36:
                    5e:ec:8a:bf:8a:7d:b3:85:48:36:12:0a:69:6e:b5:
                    30:5e:f4:a6:0f:a0:6c:ac:71:96:e3:0b:67:99:b0:
                    0b:f3:2b:54:37:40:c8:34:7b:57:b9:db:4e:ce:b4:
                    dd:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:67:7B:2B:5F:BB:4B:37:50:EE:C8:42:B7:42:AD:4F:47:78:D5:40
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/091c1289-89e1-41d1-b614-15b57484d3fd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:be:9d:4e:4c:02:ad:ec:ae:42:71:03:27:88:ab:2c:81:23:
         eb:bb:70:38:a5:49:ae:66:78:76:c8:2b:b0:6d:61:42:88:47:
         c4:99:d1:8b:a9:ef:ec:2d:3c:a8:19:70:b4:2a:23:27:ea:dd:
         56:09:75:af:94:a7:db:11:d8:4f:50:7e:5b:78:c6:e9:4f:32:
         a4:17:c9:bd:79:fa:97:c9:df:ad:1f:36:e6:8b:51:c1:29:6a:
         ec:fb:96:bd:11:5d:f3:2b:25:98:c3:ce:8c:ba:e0:7a:8b:37:
         55:ce:14:82:e6:d3:98:e9:43:ba:10:72:0a:59:19:93:bf:19:
         16:0d:7c:c2:28:91:64:cd:85:3f:a3:8f:1a:23:ed:ca:0a:8a:
         b0:60:e7:60:35:2e:68:81:eb:1d:45:62:b1:f6:2d:33:6b:4a:
         06:b1:19:88:72:42:b8:f4:b8:68:6f:50:7e:43:d9:69:fd:71:
         7f:2a:7c:25:7a:7b:e0:b2:54:4e:b5:e1:ab:c7:1e:83:af:d6:
         f8:68:e6:88:e5:f4:5b:37:2d:e9:81:57:9b:5b:9c:0e:3c:10:
         1f:11:63:f9:ca:a3:26:c4:f4:bb:1e:37:20:3e:a8:aa:20:e0:
         bf:5f:44:6e:32:1e:39:28:5f:97:91:4b:9a:ba:cf:3a:89:c4:
         90:66:cd:5b
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUMptxpC57/golTNNI8N84M8I/PbAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzIwMDAwMDAwWhcNMjMwMzIzMjM1OTU5
WjCBpTFJMEcGA1UEBRNAMTEwZGJhN2M2ZDBjMTYwNWY1NzA2MTljYzg4NzdjYTdk
YzRlZDgzOTNkZjg4MWU5YzgwYzQ4NzlkM2Q1MWJiNDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALBwF8peIbOsqamhT/+a2ucxjdWOYxZtFcYzyV7bCHaXkQxMDIFU
qA8PyI8zm7IHBan/LUaVvNSXCnrtBi9GsrxxCEtynm9KsTTczfqnkQ4N14eYbrQr
R9uY8nxdO646aEARKFnyQC8VB5NLjcV9q8zpD/wKpOW8QRS+8APPAoYKz1d72CwJ
c4AKg7IS9icHQO0JtgnCaRL84WmQLF/ii9z8ngZDJuQGFU9xfo745Jol6M/ghLTl
VceztyjfzMg9FcyNPoLSQaiPCANIKAS2CLo2XuyKv4p9s4VINhIKaW61MF70pg+g
bKxxluMLZ5mwC/MrVDdAyDR7V7nbTs603W8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBR8Z3srX7tLN1DuyEK3Qq1PR3jVQDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMDkxYzEyODktODllMS00MWQxLWI2MTQtMTViNTc0ODRkM2ZkLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAF++nU5MAq3srkJx
AyeIqyyBI+u7cDilSa5meHbIK7BtYUKIR8SZ0Yup7+wtPKgZcLQqIyfq3VYJda+U
p9sR2E9Qflt4xulPMqQXyb15+pfJ360fNuaLUcEpauz7lr0RXfMrJZjDzoy64HqL
N1XOFILm05jpQ7oQcgpZGZO/GRYNfMIokWTNhT+jjxoj7coKirBg52A1LmiB6x1F
YrH2LTNrSgaxGYhyQrj0uGhvUH5D2Wn9cX8qfCV6e+CyVE614avHHoOv1vho5ojl
9Fs3LemBV5tbnA48EB8RY/nKoybE9LseNyA+qKog4L9fRG4yHjkoX5eRS5q6zzqJ
xJBmzVs=
-----END CERTIFICATE-----