Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/11228d50-8adf-41f6-b5a7-aed38884a547.roa
File:                     11228d50-8adf-41f6-b5a7-aed38884a547.roa (raw, json)
Hash identifier:          dfdQ5XKxkoxfQ1hF5FZ8d/iFQ/QxRdhv9WrABbIP3PM=
Subject key identifier:   76:C0:32:9F:53:D8:80:5E:BD:66:73:10:5A:8A:77:65:80:FD:25:70
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       7D10CE7B26E8EA32874899F3186376D430117C3C
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/11228d50-8adf-41f6-b5a7-aed38884a547.roa
Signing time:             Wed 05 Apr 2023 00:00:00 +0000
ROA not before:           Wed 05 Apr 2023 00:00:00 +0000
ROA not after:            Sat 08 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:10:ce:7b:26:e8:ea:32:87:48:99:f3:18:63:76:d4:30:11:7c:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr  5 00:00:00 2023 GMT
            Not After : Apr  8 23:59:59 2023 GMT
        Subject: serialNumber=3e2d5804eaefec17391addd03bebff6b3fc9441c66d1e803528c563e9e6846f4, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:40:11:67:61:87:d3:40:77:c2:33:d9:fd:d5:
                    40:c5:4d:61:b0:ea:1a:2c:bd:ab:57:c3:08:5f:a8:
                    99:59:04:ec:79:c8:8c:04:3f:1e:93:6c:52:31:f6:
                    bf:80:0e:d7:3e:63:f8:a1:d5:f4:8e:ad:c2:d4:a5:
                    b5:f5:9c:1c:8e:af:27:be:0e:72:dc:03:fe:eb:c9:
                    ca:71:5c:bb:27:dd:23:d4:a3:09:e4:0c:da:be:fb:
                    90:c5:80:31:91:4d:53:2f:4e:a8:c3:8f:ec:0d:07:
                    68:b5:ed:23:9e:df:8e:11:b9:b2:c0:15:77:7f:5d:
                    da:98:8d:d5:53:f4:60:b7:88:a2:19:70:4f:95:94:
                    b4:1d:c2:0e:a7:2a:87:3e:24:20:3b:bf:8a:c4:9f:
                    36:ed:d2:21:67:cb:ec:a2:da:12:42:7a:f8:c0:21:
                    4c:3e:fc:03:68:65:ad:d8:80:7c:61:7e:ae:af:02:
                    70:a6:9c:4f:31:b3:de:28:81:6a:90:99:da:01:70:
                    5d:13:c6:ba:2f:a9:61:bb:f8:05:1b:37:a4:5d:3b:
                    65:69:bc:01:a7:0e:f8:6a:ba:84:1a:13:09:b9:cf:
                    f8:a9:79:9f:b8:26:a1:a1:55:e5:be:4b:69:f8:ea:
                    54:aa:d1:cd:f7:d5:22:a5:96:1f:ec:9e:d3:de:37:
                    81:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:C0:32:9F:53:D8:80:5E:BD:66:73:10:5A:8A:77:65:80:FD:25:70
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/11228d50-8adf-41f6-b5a7-aed38884a547.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:18:a4:13:98:7c:d9:26:b4:2c:d4:20:1c:f0:ab:b8:47:67:
         0e:41:ba:c9:32:fe:5b:70:f8:2a:fb:4b:2f:20:41:18:d0:ac:
         3d:79:7f:6d:3c:f4:ff:4f:81:63:4c:f6:6a:dd:85:eb:47:e6:
         3e:10:03:30:28:9a:c0:4c:37:66:1c:37:6f:0b:dc:56:b3:6f:
         ae:d1:74:98:4d:eb:6a:c7:66:d7:99:4f:43:95:c5:49:cf:3e:
         1c:a3:61:49:a2:5d:6c:f2:8d:63:ca:fb:c1:1f:8c:65:c3:fe:
         0d:f7:b9:47:1c:14:ba:c7:ba:c8:46:81:55:01:94:55:52:d8:
         47:d6:87:bc:5c:68:2f:66:db:23:a8:6e:5e:19:36:75:70:2c:
         77:fa:78:23:67:ad:0a:38:91:15:55:34:72:96:32:bc:a3:01:
         9e:0a:c1:90:65:2e:a8:3b:4a:c2:1a:70:98:24:29:9a:fb:9e:
         cb:96:51:7b:8e:ae:12:78:04:89:0a:38:06:f7:da:8c:f1:4e:
         21:f8:b5:c0:63:ad:35:9c:97:9d:cb:b9:cd:54:14:00:1b:65:
         bf:a0:77:69:b3:33:62:52:44:65:f9:51:a3:f5:a4:c6:9c:a8:
         20:e8:af:10:6f:9f:a5:8c:1c:cb:05:f7:38:aa:48:17:7d:9f:
         42:2e:c2:c3
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUfRDOeybo6jKHSJnzGGN21DARfDwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDA1MDAwMDAwWhcNMjMwNDA4MjM1OTU5
WjCBpTFJMEcGA1UEBRNAM2UyZDU4MDRlYWVmZWMxNzM5MWFkZGQwM2JlYmZmNmIz
ZmM5NDQxYzY2ZDFlODAzNTI4YzU2M2U5ZTY4NDZmNDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJxAEWdhh9NAd8Iz2f3VQMVNYbDqGiy9q1fDCF+omVkE7HnIjAQ/
HpNsUjH2v4AO1z5j+KHV9I6twtSltfWcHI6vJ74OctwD/uvJynFcuyfdI9SjCeQM
2r77kMWAMZFNUy9OqMOP7A0HaLXtI57fjhG5ssAVd39d2piN1VP0YLeIohlwT5WU
tB3CDqcqhz4kIDu/isSfNu3SIWfL7KLaEkJ6+MAhTD78A2hlrdiAfGF+rq8CcKac
TzGz3iiBapCZ2gFwXRPGui+pYbv4BRs3pF07ZWm8AacO+Gq6hBoTCbnP+Kl5n7gm
oaFV5b5LafjqVKrRzffVIqWWH+ye0943gVsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBR2wDKfU9iAXr1mcxBaindlgP0lcDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMTEyMjhkNTAtOGFkZi00MWY2LWI1YTctYWVkMzg4ODRhNTQ3LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEYYpBOYfNkmtCzU
IBzwq7hHZw5Busky/ltw+Cr7Sy8gQRjQrD15f2089P9PgWNM9mrdhetH5j4QAzAo
msBMN2YcN28L3Fazb67RdJhN62rHZteZT0OVxUnPPhyjYUmiXWzyjWPK+8EfjGXD
/g33uUccFLrHushGgVUBlFVS2EfWh7xcaC9m2yOobl4ZNnVwLHf6eCNnrQo4kRVV
NHKWMryjAZ4KwZBlLqg7SsIacJgkKZr7nsuWUXuOrhJ4BIkKOAb32ozxTiH4tcBj
rTWcl53Luc1UFAAbZb+gd2mzM2JSRGX5UaP1pMacqCDorxBvn6WMHMsF9ziqSBd9
n0IuwsM=
-----END CERTIFICATE-----