Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/153f2951-c746-4dca-a801-49a3d237caa2.roa
File:                     153f2951-c746-4dca-a801-49a3d237caa2.roa (raw, json)
Hash identifier:          axu1/bJaxhkMSMJzDeMSNGlCaz7oKQpMKJZrtUc1Q/M=
Subject key identifier:   89:9C:1A:94:47:F2:02:F5:1F:5A:92:03:33:AA:8B:4B:0C:B6:8A:50
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       255F2F930FAFAEB475013F5E0A918CF58F9E48F6
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/153f2951-c746-4dca-a801-49a3d237caa2.roa
Signing time:             Wed 19 Apr 2023 00:00:00 +0000
ROA not before:           Wed 19 Apr 2023 00:00:00 +0000
ROA not after:            Sat 22 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:5f:2f:93:0f:af:ae:b4:75:01:3f:5e:0a:91:8c:f5:8f:9e:48:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 19 00:00:00 2023 GMT
            Not After : Apr 22 23:59:59 2023 GMT
        Subject: serialNumber=dd6e4c278f727c7fc5aad13f308753670ade3ea4b72c93f62ef7b35c9dd13107, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:1f:1b:2c:8c:0b:ee:a0:04:30:b5:14:6e:67:
                    5f:a9:4f:e9:6b:84:2b:fd:89:72:b3:15:6d:49:9d:
                    d6:72:d9:e2:97:64:e6:79:12:d4:bd:6f:e6:c9:1d:
                    37:f3:6b:7a:ca:47:8b:e8:a8:cb:6e:9f:21:bd:4a:
                    1e:0a:77:c4:f5:5e:01:ea:3f:42:c6:a6:c7:49:09:
                    78:27:b3:80:01:75:7f:fd:a5:7a:ff:7e:ea:72:b9:
                    22:f0:7d:e0:03:47:a0:37:32:ec:39:68:3d:5b:51:
                    90:1d:9f:1f:25:60:1b:54:f7:01:0c:f5:a0:bc:88:
                    20:60:78:b2:bf:f2:98:b0:2d:c5:30:8b:29:89:40:
                    18:67:6b:15:bb:0d:74:c4:f7:35:76:3f:30:0b:0d:
                    89:26:0d:55:3e:70:ef:93:ac:a3:d1:74:c4:a8:c8:
                    5e:56:78:4b:c2:f5:6b:69:92:9d:81:20:d8:7d:92:
                    3d:48:0e:f7:36:ac:bb:02:af:d9:30:38:07:ee:43:
                    c0:1d:59:45:2c:64:0a:3e:82:40:e7:4f:9c:79:76:
                    3c:21:b4:e6:73:93:43:94:84:6a:79:a8:5f:bb:b9:
                    2d:ef:e8:7d:3d:5e:b1:b5:7c:18:5b:e4:ff:b0:0a:
                    82:5b:e3:3d:79:28:03:30:06:9b:d9:c7:da:f5:3d:
                    71:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:9C:1A:94:47:F2:02:F5:1F:5A:92:03:33:AA:8B:4B:0C:B6:8A:50
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/153f2951-c746-4dca-a801-49a3d237caa2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c6:8f:7d:c1:e0:0d:c7:21:41:6d:e5:4f:62:f8:db:0d:8f:39:
         a4:1b:37:fc:42:27:bd:39:cd:bc:01:53:9f:de:6f:de:c1:a3:
         a3:12:57:44:47:8b:42:0b:e3:8d:dc:ff:bd:8d:9a:0a:19:9a:
         a7:61:e9:cd:96:bf:aa:4b:bb:e5:f5:99:11:f8:2a:c8:39:52:
         6c:3e:4b:df:18:89:7d:2b:3a:d2:4d:d9:f8:c6:54:be:4a:9c:
         78:8b:9e:dc:71:42:2b:25:2f:43:ff:74:ff:81:ba:0b:8e:e5:
         16:ef:e5:f4:bf:4f:c8:77:99:f7:e5:9f:d7:e6:b1:ff:43:bc:
         11:95:18:d6:17:77:c7:4b:fa:ac:77:62:82:50:23:91:0d:e7:
         02:a8:6e:87:18:9e:76:af:31:e2:26:17:38:fe:ff:1f:06:84:
         0c:7e:c9:74:03:59:3b:30:61:d6:28:f8:19:4a:9d:81:37:36:
         8a:3c:0a:95:01:bb:81:6d:59:a9:1a:66:87:bb:cb:47:95:14:
         14:c2:34:34:5a:bc:ef:b3:31:df:ce:26:6b:c1:d4:09:6e:b5:
         9e:a7:62:67:d7:65:ad:14:63:c2:5e:32:8e:27:31:25:6c:35:
         cb:aa:be:a7:a6:52:69:e5:70:79:88:ec:ff:ac:12:a0:1f:2d:
         82:05:13:ed
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUJV8vkw+vrrR1AT9eCpGM9Y+eSPYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDE5MDAwMDAwWhcNMjMwNDIyMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZGQ2ZTRjMjc4ZjcyN2M3ZmM1YWFkMTNmMzA4NzUzNjcw
YWRlM2VhNGI3MmM5M2Y2MmVmN2IzNWM5ZGQxMzEwNzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJYfGyyMC+6gBDC1FG5nX6lP6WuEK/2JcrMVbUmd1nLZ4pdk5nkS
1L1v5skdN/NrespHi+ioy26fIb1KHgp3xPVeAeo/Qsamx0kJeCezgAF1f/2lev9+
6nK5IvB94ANHoDcy7DloPVtRkB2fHyVgG1T3AQz1oLyIIGB4sr/ymLAtxTCLKYlA
GGdrFbsNdMT3NXY/MAsNiSYNVT5w75Oso9F0xKjIXlZ4S8L1a2mSnYEg2H2SPUgO
9zasuwKv2TA4B+5DwB1ZRSxkCj6CQOdPnHl2PCG05nOTQ5SEanmoX7u5Le/ofT1e
sbV8GFvk/7AKglvjPXkoAzAGm9nH2vU9cdMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSJnBqUR/IC9R9akgMzqotLDLaKUDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMTUzZjI5NTEtYzc0Ni00ZGNhLWE4MDEtNDlhM2QyMzdjYWEyLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAMaPfcHgDcchQW3l
T2L42w2POaQbN/xCJ705zbwBU5/eb97Bo6MSV0RHi0IL443c/72NmgoZmqdh6c2W
v6pLu+X1mRH4Ksg5Umw+S98YiX0rOtJN2fjGVL5KnHiLntxxQislL0P/dP+BuguO
5Rbv5fS/T8h3mffln9fmsf9DvBGVGNYXd8dL+qx3YoJQI5EN5wKobocYnnavMeIm
Fzj+/x8GhAx+yXQDWTswYdYo+BlKnYE3Noo8CpUBu4FtWakaZoe7y0eVFBTCNDRa
vO+zMd/OJmvB1AlutZ6nYmfXZa0UY8JeMo4nMSVsNcuqvqemUmnlcHmI7P+sEqAf
LYIFE+0=
-----END CERTIFICATE-----