Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/15300ab0-6733-42c1-92d6-cc7fbe77d362.roa
File:                     15300ab0-6733-42c1-92d6-cc7fbe77d362.roa (raw, json)
Hash identifier:          EA82pWD61LD2ddOORaF8pn3dpPUHvn9q8OlfIdvNbKg=
Subject key identifier:   5A:55:20:8B:85:34:B1:5F:2C:7B:4C:E6:76:AA:81:46:12:6E:46:29
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       04AB05CBFB59D045C8A435F4260191B1EA969BB3
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/15300ab0-6733-42c1-92d6-cc7fbe77d362.roa
Signing time:             Sun 22 Jan 2023 00:00:00 +0000
ROA not before:           Sun 22 Jan 2023 00:00:00 +0000
ROA not after:            Wed 25 Jan 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:ab:05:cb:fb:59:d0:45:c8:a4:35:f4:26:01:91:b1:ea:96:9b:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jan 22 00:00:00 2023 GMT
            Not After : Jan 25 23:59:59 2023 GMT
        Subject: serialNumber=5e28c3eff76766154312cb387051148d822bd9def5fa002d66d70c64ea45b0b9, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:a8:db:da:e4:ba:00:a8:95:8b:14:b2:bf:9e:
                    6b:6a:ae:37:99:6f:34:f4:76:e5:7f:b7:6a:92:04:
                    34:dc:77:c0:e5:34:79:29:6b:d0:83:08:a5:84:56:
                    54:76:e3:18:f6:27:84:a5:4f:d9:31:b4:1f:4e:ec:
                    8b:7a:83:94:e9:0e:06:96:67:8c:03:cb:72:ac:52:
                    25:23:e2:f4:f9:f1:48:c7:47:8f:b0:03:14:fb:df:
                    66:c5:0a:56:8f:b9:e5:58:8c:63:b3:59:d6:a4:30:
                    f0:10:26:44:49:d2:b8:ac:c5:4a:01:92:b6:93:0d:
                    73:56:29:03:24:45:cb:c0:1d:42:5d:d2:0f:a3:6e:
                    02:d1:fd:a9:24:95:f4:d8:89:ed:88:95:bd:b6:ca:
                    a2:cd:08:b7:f2:4d:89:c6:66:c2:87:ae:b7:31:30:
                    a2:13:00:d5:07:b4:f6:8c:c6:ab:b8:99:47:48:78:
                    17:d5:04:ed:74:64:53:b1:a6:c2:05:91:9e:72:4f:
                    0c:16:3b:5e:f7:ed:82:82:20:b0:ac:6d:36:de:e7:
                    4a:f6:6d:26:8b:3a:85:38:8d:6a:d5:99:ef:ce:6b:
                    06:c2:4c:4c:08:41:72:bc:c1:91:07:c2:5c:50:73:
                    ec:6b:68:05:f2:00:42:10:0f:23:55:20:58:89:ad:
                    c2:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:55:20:8B:85:34:B1:5F:2C:7B:4C:E6:76:AA:81:46:12:6E:46:29
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/15300ab0-6733-42c1-92d6-cc7fbe77d362.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:81:f5:ee:56:5d:e4:41:31:43:70:42:03:f9:72:39:94:64:
         9c:d1:70:4c:ac:b9:12:5f:83:09:32:be:35:83:ef:cb:43:68:
         1a:8c:09:e4:f3:dd:4d:f2:e3:ea:2e:3e:37:9e:06:d8:8f:a1:
         1c:9d:0a:4e:3b:83:04:68:7e:f0:bd:18:fc:0a:29:4b:13:1b:
         90:f2:b8:7f:a1:5f:72:7f:df:7d:cd:31:d3:c7:ba:dc:0d:48:
         ab:4f:03:04:53:b0:bc:ea:94:20:90:d0:59:be:80:e5:37:eb:
         df:c7:29:97:6f:fd:cb:0c:62:d4:71:4d:c2:c0:19:2a:58:56:
         28:d5:f8:9e:f2:18:0d:09:31:c2:a3:d8:08:21:9b:9b:e9:3d:
         29:ba:85:b0:42:fd:c5:46:ed:d5:7e:1f:93:75:22:61:6c:ed:
         56:5f:63:15:71:a7:36:f5:f7:c3:bb:16:8b:8c:cd:37:fd:8a:
         d2:8a:71:46:d9:e3:22:a8:37:b8:09:93:31:14:fc:95:b7:1a:
         38:40:21:36:0b:08:e0:6e:06:43:7f:a1:9e:69:ed:3d:4b:27:
         dc:f3:2c:9d:0e:3c:5f:89:c4:be:b0:be:bf:37:03:0c:33:51:
         06:84:e9:dc:2b:1f:94:c4:30:2d:3f:fd:12:9c:f9:f3:4b:e8:
         25:20:86:59
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUBKsFy/tZ0EXIpDX0JgGRseqWm7MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMTIyMDAwMDAwWhcNMjMwMTI1MjM1OTU5
WjCBpTFJMEcGA1UEBRNANWUyOGMzZWZmNzY3NjYxNTQzMTJjYjM4NzA1MTE0OGQ4
MjJiZDlkZWY1ZmEwMDJkNjZkNzBjNjRlYTQ1YjBiOTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKqo29rkugColYsUsr+ea2quN5lvNPR25X+3apIENNx3wOU0eSlr
0IMIpYRWVHbjGPYnhKVP2TG0H07si3qDlOkOBpZnjAPLcqxSJSPi9PnxSMdHj7AD
FPvfZsUKVo+55ViMY7NZ1qQw8BAmREnSuKzFSgGStpMNc1YpAyRFy8AdQl3SD6Nu
AtH9qSSV9NiJ7YiVvbbKos0It/JNicZmwoeutzEwohMA1Qe09ozGq7iZR0h4F9UE
7XRkU7GmwgWRnnJPDBY7XvftgoIgsKxtNt7nSvZtJos6hTiNatWZ785rBsJMTAhB
crzBkQfCXFBz7GtoBfIAQhAPI1UgWImtwjMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRaVSCLhTSxXyx7TOZ2qoFGEm5GKTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMTUzMDBhYjAtNjczMy00MmMxLTkyZDYtY2M3ZmJlNzdkMzYyLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHOB9e5WXeRBMUNw
QgP5cjmUZJzRcEysuRJfgwkyvjWD78tDaBqMCeTz3U3y4+ouPjeeBtiPoRydCk47
gwRofvC9GPwKKUsTG5DyuH+hX3J/333NMdPHutwNSKtPAwRTsLzqlCCQ0Fm+gOU3
69/HKZdv/csMYtRxTcLAGSpYVijV+J7yGA0JMcKj2Aghm5vpPSm6hbBC/cVG7dV+
H5N1ImFs7VZfYxVxpzb198O7FouMzTf9itKKcUbZ4yKoN7gJkzEU/JW3GjhAITYL
COBuBkN/oZ5p7T1LJ9zzLJ0OPF+JxL6wvr83AwwzUQaE6dwrH5TEMC0//RKc+fNL
6CUghlk=
-----END CERTIFICATE-----