Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/14261a85-c1e1-48a4-99e3-ec36b2767286.roa
File:                     14261a85-c1e1-48a4-99e3-ec36b2767286.roa (raw, json)
Hash identifier:          ApAOty3XFhUUnR3gxby05ZFFksB6LOVB2cRt7tQF0Yc=
Subject key identifier:   CE:29:88:AE:01:C9:E1:16:1C:28:1B:08:8A:4A:1F:CE:9A:2F:A7:2C
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       5E7AC674B971A22812ADABB553CD3E418C1390D6
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/14261a85-c1e1-48a4-99e3-ec36b2767286.roa
Signing time:             Sun 26 Mar 2023 00:00:00 +0000
ROA not before:           Sun 26 Mar 2023 00:00:00 +0000
ROA not after:            Wed 29 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:7a:c6:74:b9:71:a2:28:12:ad:ab:b5:53:cd:3e:41:8c:13:90:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 26 00:00:00 2023 GMT
            Not After : Mar 29 23:59:59 2023 GMT
        Subject: serialNumber=a6e232169f2250324b66e162688b7f8aa2ead7651b5be0fe0b814e655cc6e04f, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:e5:cd:47:40:04:ef:16:7a:ed:84:56:c7:34:
                    c2:32:c1:0d:75:22:06:81:72:23:86:4e:ec:61:0b:
                    cd:c7:31:c6:79:41:c3:7d:28:ac:3a:a6:8d:7b:0f:
                    07:e5:5f:c2:27:3d:f7:44:51:3a:6c:1f:50:71:15:
                    e1:89:fa:27:b7:c4:4e:bd:3a:5c:4a:07:1a:54:69:
                    5c:f1:f1:f1:7f:2a:c7:09:cf:b2:20:cc:50:9c:7b:
                    7c:c6:a6:cb:dc:42:66:0c:69:9e:b1:41:c8:02:5c:
                    ea:f7:0a:72:7b:83:1e:59:d3:5f:5c:f0:8b:c7:a5:
                    49:15:b0:8f:e7:ff:8b:3c:2c:14:1b:7e:94:9a:6d:
                    54:bf:14:0d:13:0f:31:f5:63:4f:11:1d:09:50:c4:
                    94:45:c7:fb:f8:1a:7d:2f:70:70:5d:7c:f8:cf:57:
                    b6:8d:11:f1:e2:a0:5a:06:46:7b:7c:b4:13:b0:a4:
                    f6:a7:a5:d7:ce:80:7d:b1:2e:1a:c2:7d:21:50:56:
                    db:80:84:5f:df:63:e6:12:d0:f4:6f:36:20:49:3c:
                    3d:14:99:58:ad:e7:38:cc:2a:5f:d3:33:48:29:4c:
                    01:00:00:df:b0:ae:64:b2:68:9b:ea:5d:4d:d0:07:
                    b8:48:ce:7c:90:18:4c:c5:d7:c8:ca:70:88:f2:ca:
                    b7:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:29:88:AE:01:C9:E1:16:1C:28:1B:08:8A:4A:1F:CE:9A:2F:A7:2C
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/14261a85-c1e1-48a4-99e3-ec36b2767286.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:35:68:af:ed:bb:80:57:27:ab:fc:96:41:93:89:24:ee:ed:
         43:12:5c:9b:a8:a7:0a:34:82:7e:ab:65:6b:60:86:0e:3c:79:
         73:ae:a4:15:8b:50:03:84:80:9f:d0:c6:c7:ca:de:b4:3c:98:
         46:8d:c9:e8:2b:fe:f1:a6:a9:31:fb:0e:66:36:50:8a:65:ec:
         77:9b:18:2a:90:05:70:36:52:e5:f4:85:1a:7f:9c:02:d2:c3:
         a0:f9:b0:82:50:c0:08:bb:90:b4:36:cf:d3:f6:08:fa:b8:48:
         23:45:a8:5e:a8:15:f1:0f:ff:f7:94:5d:f9:41:1f:4b:13:93:
         a6:b3:1c:bd:92:2b:ea:17:4e:04:bc:47:7d:3b:70:f3:0a:72:
         e5:4e:4b:a6:72:a2:65:91:03:e9:3a:33:c5:d7:0e:82:ca:b3:
         e3:e4:95:ba:73:05:18:e5:a2:78:fd:70:74:11:55:c0:95:68:
         c3:47:c4:15:0a:05:89:d1:e9:8b:1d:b3:36:f6:cf:f2:fc:af:
         04:d5:22:39:d8:59:c0:37:3f:ab:ae:1d:b4:c1:03:5c:00:9c:
         89:dc:bd:68:0b:d9:18:74:6c:67:b6:ef:ee:2f:db:7f:57:98:
         9f:4b:2f:41:2f:02:8a:af:25:c6:69:20:d1:ca:06:a0:31:03:
         35:38:2f:f3
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUXnrGdLlxoigSrau1U80+QYwTkNYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzI2MDAwMDAwWhcNMjMwMzI5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYTZlMjMyMTY5ZjIyNTAzMjRiNjZlMTYyNjg4YjdmOGFh
MmVhZDc2NTFiNWJlMGZlMGI4MTRlNjU1Y2M2ZTA0ZjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAIrlzUdABO8Weu2EVsc0wjLBDXUiBoFyI4ZO7GELzccxxnlBw30o
rDqmjXsPB+Vfwic990RROmwfUHEV4Yn6J7fETr06XEoHGlRpXPHx8X8qxwnPsiDM
UJx7fMamy9xCZgxpnrFByAJc6vcKcnuDHlnTX1zwi8elSRWwj+f/izwsFBt+lJpt
VL8UDRMPMfVjTxEdCVDElEXH+/gafS9wcF18+M9Xto0R8eKgWgZGe3y0E7Ck9qel
186AfbEuGsJ9IVBW24CEX99j5hLQ9G82IEk8PRSZWK3nOMwqX9MzSClMAQAA37Cu
ZLJom+pdTdAHuEjOfJAYTMXXyMpwiPLKtx8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTOKYiuAcnhFhwoGwiKSh/Omi+nLDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMTQyNjFhODUtYzFlMS00OGE0LTk5ZTMtZWMzNmIyNzY3Mjg2LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAU1aK/tu4BXJ6v8
lkGTiSTu7UMSXJuopwo0gn6rZWtghg48eXOupBWLUAOEgJ/QxsfK3rQ8mEaNyegr
/vGmqTH7DmY2UIpl7HebGCqQBXA2UuX0hRp/nALSw6D5sIJQwAi7kLQ2z9P2CPq4
SCNFqF6oFfEP//eUXflBH0sTk6azHL2SK+oXTgS8R307cPMKcuVOS6ZyomWRA+k6
M8XXDoLKs+PklbpzBRjlonj9cHQRVcCVaMNHxBUKBYnR6Ysdszb2z/L8rwTVIjnY
WcA3P6uuHbTBA1wAnIncvWgL2Rh0bGe27+4v239XmJ9LL0EvAoqvJcZpINHKBqAx
AzU4L/M=
-----END CERTIFICATE-----