Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0fbeaf59-02e5-4730-8797-57e954e34edd.roa
File:                     0fbeaf59-02e5-4730-8797-57e954e34edd.roa (raw, json)
Hash identifier:          rCeBwhKzdq+34m8UKoB92SLCnSzlYeUVxVRS58sr8fg=
Subject key identifier:   63:48:1A:45:F7:D8:DD:0C:32:65:CE:CD:85:47:36:1A:86:3A:C7:EA
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       689AB86800ADB6BB3A0545F7AA3D09414302B2C7
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0fbeaf59-02e5-4730-8797-57e954e34edd.roa
Signing time:             Wed 15 Mar 2023 00:00:00 +0000
ROA not before:           Wed 15 Mar 2023 00:00:00 +0000
ROA not after:            Sat 18 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:9a:b8:68:00:ad:b6:bb:3a:05:45:f7:aa:3d:09:41:43:02:b2:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 15 00:00:00 2023 GMT
            Not After : Mar 18 23:59:59 2023 GMT
        Subject: serialNumber=d1ff7d4c9ec7725c973f1edeb58e7192c293e1b5fb6133ae28495ba1cb831110, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:6b:23:f6:e0:37:77:d5:aa:be:85:a4:40:11:
                    de:59:55:ea:11:81:6b:65:20:5d:7c:48:56:94:80:
                    07:78:91:5c:4a:bf:3c:e0:44:60:94:7f:8a:cd:49:
                    11:3b:db:6d:ee:20:24:ac:8a:8c:cb:e9:15:17:50:
                    2d:f0:38:51:8a:7f:96:2a:f8:7b:c1:b4:74:82:b2:
                    a1:93:b1:5b:e6:93:fc:d8:25:6e:af:2e:11:81:57:
                    b4:8a:75:f5:be:5a:83:3c:4e:aa:1e:2c:3a:fc:70:
                    2f:3e:1d:2d:d6:13:d1:59:e9:0a:2f:68:09:27:f0:
                    e2:c5:97:4f:bf:b6:0a:ed:c6:43:bb:a2:5a:a5:1a:
                    05:ac:82:a5:79:d6:c1:c4:95:1f:aa:4d:9e:dd:04:
                    e6:0a:fa:2a:c0:c4:80:9a:f4:7c:d3:2b:8b:6f:34:
                    5d:7e:e2:95:d9:67:ce:c6:ba:54:3b:e9:9f:1e:38:
                    67:46:94:c7:2a:31:7a:57:ad:6c:43:e5:a8:99:81:
                    88:b7:22:da:77:e7:50:57:29:98:04:1b:6b:bd:9c:
                    b6:35:36:d2:a0:a6:a3:09:02:5d:ea:cc:c0:cc:59:
                    61:73:75:76:8e:e6:ec:b5:47:13:e2:4f:a3:73:1e:
                    53:d9:cb:09:db:c4:5f:be:9e:d1:63:86:12:82:84:
                    b0:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:48:1A:45:F7:D8:DD:0C:32:65:CE:CD:85:47:36:1A:86:3A:C7:EA
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/0fbeaf59-02e5-4730-8797-57e954e34edd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:34:59:fa:28:09:c5:de:b6:4d:b6:2c:a6:ef:65:9c:da:80:
         74:dc:7e:62:8d:cb:c3:af:31:65:7f:eb:96:c3:08:eb:91:50:
         22:89:5a:03:af:15:1b:52:4e:cf:74:65:66:bf:a2:c1:62:b2:
         5e:02:98:3d:62:65:52:ac:4a:21:06:85:70:35:d9:81:34:e4:
         99:1f:72:73:df:80:c2:ee:ae:ed:96:ee:16:df:be:f1:ab:18:
         0b:c1:4d:72:2a:3d:a1:ae:93:cd:29:b2:95:9c:5b:0f:44:bc:
         f2:c4:0f:c6:3f:ff:8d:4b:47:91:ac:c9:99:4b:69:10:c5:12:
         b6:f8:60:a5:f4:20:3c:08:10:50:79:b0:18:fa:92:1b:ec:91:
         38:f4:db:a0:ae:a9:5a:58:4f:e5:e5:d1:b0:40:12:d2:c0:6a:
         23:ed:4c:14:33:d4:cb:47:88:64:0d:67:d1:15:94:ea:62:a2:
         2a:8b:4a:cf:fc:de:16:94:96:0d:e5:97:5c:b0:b6:ac:b5:8b:
         85:fa:62:8b:e9:49:b8:71:b9:ec:fd:51:a8:28:00:93:2f:85:
         ae:c7:48:7f:d1:1d:1f:14:da:17:f5:5e:59:62:2c:22:e6:c5:
         e8:40:d5:b5:77:5a:b3:9c:72:fc:52:05:38:6f:b8:59:10:83:
         3e:3c:7d:13
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUaJq4aACttrs6BUX3qj0JQUMCsscwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzE1MDAwMDAwWhcNMjMwMzE4MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZDFmZjdkNGM5ZWM3NzI1Yzk3M2YxZWRlYjU4ZTcxOTJj
MjkzZTFiNWZiNjEzM2FlMjg0OTViYTFjYjgzMTExMDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAL9rI/bgN3fVqr6FpEAR3llV6hGBa2UgXXxIVpSAB3iRXEq/POBE
YJR/is1JETvbbe4gJKyKjMvpFRdQLfA4UYp/lir4e8G0dIKyoZOxW+aT/Nglbq8u
EYFXtIp19b5agzxOqh4sOvxwLz4dLdYT0VnpCi9oCSfw4sWXT7+2Cu3GQ7uiWqUa
BayCpXnWwcSVH6pNnt0E5gr6KsDEgJr0fNMri280XX7ildlnzsa6VDvpnx44Z0aU
xyoxeletbEPlqJmBiLci2nfnUFcpmAQba72ctjU20qCmowkCXerMwMxZYXN1do7m
7LVHE+JPo3MeU9nLCdvEX76e0WOGEoKEsKUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRjSBpF99jdDDJlzs2FRzYahjrH6jAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMGZiZWFmNTktMDJlNS00NzMwLTg3OTctNTdlOTU0ZTM0ZWRkLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGQ0WfooCcXetk22
LKbvZZzagHTcfmKNy8OvMWV/65bDCOuRUCKJWgOvFRtSTs90ZWa/osFisl4CmD1i
ZVKsSiEGhXA12YE05JkfcnPfgMLuru2W7hbfvvGrGAvBTXIqPaGuk80pspWcWw9E
vPLED8Y//41LR5GsyZlLaRDFErb4YKX0IDwIEFB5sBj6khvskTj026CuqVpYT+Xl
0bBAEtLAaiPtTBQz1MtHiGQNZ9EVlOpioiqLSs/83haUlg3ll1ywtqy1i4X6Yovp
Sbhxuez9UagoAJMvha7HSH/RHR8U2hf1XlliLCLmxehA1bV3WrOccvxSBThvuFkQ
gz48fRM=
-----END CERTIFICATE-----