Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0ad14d66-c811-4289-94be-04e17e6ce563.roa
File:                     0ad14d66-c811-4289-94be-04e17e6ce563.roa (raw, json)
Hash identifier:          gmYuoDs3qSAw6w4H0NVcaeWVKnZoz7GQKyp7GnZn8Fs=
Subject key identifier:   0E:B4:1B:A5:5F:E6:43:95:47:94:B7:00:21:16:B8:2F:8F:1E:4A:75
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       4C62FD08F00458C20527F798D3075A15C69CD0FB
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0ad14d66-c811-4289-94be-04e17e6ce563.roa
Signing time:             Tue 21 Feb 2023 00:00:00 +0000
ROA not before:           Tue 21 Feb 2023 00:00:00 +0000
ROA not after:            Fri 24 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:62:fd:08:f0:04:58:c2:05:27:f7:98:d3:07:5a:15:c6:9c:d0:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 21 00:00:00 2023 GMT
            Not After : Feb 24 23:59:59 2023 GMT
        Subject: serialNumber=b91e62821494459e7e9bcaeac9b1cc7bb8d926ecc967d88102e53e219d1eaf88, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:49:bb:a8:45:16:be:59:7d:51:5e:c4:79:a8:
                    86:e9:e1:83:c1:62:1c:19:f1:a5:f1:82:95:44:26:
                    67:b0:af:dc:74:b7:e6:13:88:f4:7b:f6:22:41:b3:
                    66:25:b6:72:18:3a:65:68:3a:00:e2:3c:b1:2b:32:
                    f8:73:ae:cf:5e:86:71:2c:30:88:73:93:c1:2f:42:
                    5c:97:aa:1b:06:0a:be:29:eb:2a:49:2f:37:20:19:
                    c1:d4:50:fa:b2:32:6e:a0:82:22:bf:74:02:54:48:
                    7f:69:c2:ff:be:7d:d0:96:6f:3c:3a:fe:81:e1:42:
                    cf:f1:2a:84:a6:e4:05:78:51:69:9d:a7:b8:86:e3:
                    38:da:bb:1b:a2:ab:6c:10:c6:19:1e:e3:00:ac:31:
                    75:56:c2:c9:c2:e3:fa:e7:14:f1:48:dc:12:ae:bb:
                    92:85:5f:62:b4:31:6a:b2:00:19:2f:5d:bd:30:ca:
                    48:c9:49:91:24:84:e6:e2:0a:8c:7a:1f:27:fa:d2:
                    55:ec:d5:77:51:48:d3:b1:c6:01:e3:91:7e:b5:4d:
                    55:01:e9:3e:29:98:a6:7e:0d:7f:5e:09:69:a1:f3:
                    36:9b:04:3f:a9:a4:93:54:98:c6:92:14:8c:99:77:
                    8e:20:90:71:b6:d9:90:81:ff:72:f7:a2:ff:ff:88:
                    9d:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:B4:1B:A5:5F:E6:43:95:47:94:B7:00:21:16:B8:2F:8F:1E:4A:75
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0ad14d66-c811-4289-94be-04e17e6ce563.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:ef:df:e5:ce:fa:fd:2f:15:51:ec:01:88:88:e3:ad:2a:47:
         ce:8a:64:be:04:14:dc:1a:d0:4a:54:e4:2f:d6:e0:24:06:86:
         a4:17:91:a6:19:d1:13:f9:e5:77:6b:28:92:5a:75:49:78:18:
         9c:b8:02:59:ed:23:fe:30:5e:1f:ea:e7:99:4b:55:7a:d8:9c:
         c4:89:cb:36:e5:93:62:cb:73:8a:c5:ea:bf:85:b4:cf:5a:5c:
         04:eb:ee:59:9a:f1:75:f6:70:ee:c5:41:58:e0:a4:46:06:31:
         cc:f4:88:5c:7c:89:a6:bb:e4:ed:e0:60:6b:7b:0a:15:73:78:
         d0:1e:e7:8f:28:ed:e9:06:90:73:6b:6b:27:5d:d9:55:cb:79:
         1c:64:ab:f7:9d:b4:b4:95:b6:9a:e4:0e:c7:46:f8:23:b2:48:
         49:7e:01:c8:bd:80:ff:3a:e3:0a:65:9c:86:f7:95:e5:f2:6d:
         1e:69:04:9c:71:20:d0:d6:65:70:06:10:fa:d2:81:13:39:94:
         65:ac:35:67:a1:26:66:3c:fc:3a:d3:20:af:9c:bf:10:c8:a2:
         9e:72:e0:8e:12:37:94:65:eb:6d:38:c0:05:69:ea:7d:c5:c1:
         cd:9d:80:dc:bc:85:07:a6:39:1f:d5:27:92:c7:b1:06:e5:33:
         2e:c5:ff:a4
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUTGL9CPAEWMIFJ/eY0wdaFcac0PswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjIxMDAwMDAwWhcNMjMwMjI0MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYjkxZTYyODIxNDk0NDU5ZTdlOWJjYWVhYzliMWNjN2Ji
OGQ5MjZlY2M5NjdkODgxMDJlNTNlMjE5ZDFlYWY4ODEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAO9Ju6hFFr5ZfVFexHmohunhg8FiHBnxpfGClUQmZ7Cv3HS35hOI
9Hv2IkGzZiW2chg6ZWg6AOI8sSsy+HOuz16GcSwwiHOTwS9CXJeqGwYKvinrKkkv
NyAZwdRQ+rIybqCCIr90AlRIf2nC/7590JZvPDr+geFCz/EqhKbkBXhRaZ2nuIbj
ONq7G6KrbBDGGR7jAKwxdVbCycLj+ucU8UjcEq67koVfYrQxarIAGS9dvTDKSMlJ
kSSE5uIKjHofJ/rSVezVd1FI07HGAeORfrVNVQHpPimYpn4Nf14JaaHzNpsEP6mk
k1SYxpIUjJl3jiCQcbbZkIH/cvei//+InYcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQOtBulX+ZDlUeUtwAhFrgvjx5KdTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMGFkMTRkNjYtYzgxMS00Mjg5LTk0YmUtMDRlMTdlNmNlNTYzLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAG7v3+XO+v0vFVHs
AYiI460qR86KZL4EFNwa0EpU5C/W4CQGhqQXkaYZ0RP55XdrKJJadUl4GJy4Alnt
I/4wXh/q55lLVXrYnMSJyzblk2LLc4rF6r+FtM9aXATr7lma8XX2cO7FQVjgpEYG
Mcz0iFx8iaa75O3gYGt7ChVzeNAe548o7ekGkHNraydd2VXLeRxkq/edtLSVtprk
DsdG+COySEl+Aci9gP864wplnIb3leXybR5pBJxxINDWZXAGEPrSgRM5lGWsNWeh
JmY8/DrTIK+cvxDIop5y4I4SN5Rl6204wAVp6n3Fwc2dgNy8hQemOR/VJ5LHsQbl
My7F/6Q=
-----END CERTIFICATE-----