Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/19f2722b-71a4-42b9-94d4-b2dbee613d94.roa
File:                     19f2722b-71a4-42b9-94d4-b2dbee613d94.roa (raw, json)
Hash identifier:          Mw8T86WX0liyUrCAQ6LPiTdoXmP/xd9hHiZDhH9sa5k=
Subject key identifier:   D5:08:72:12:F7:87:B6:9F:32:BE:5A:01:E7:1D:35:16:9B:A3:FE:C4
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       714221BBBECC6A4242C180F3918B8D08F7F54D3C
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/19f2722b-71a4-42b9-94d4-b2dbee613d94.roa
Signing time:             Mon 13 Mar 2023 00:00:00 +0000
ROA not before:           Mon 13 Mar 2023 00:00:00 +0000
ROA not after:            Thu 16 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:42:21:bb:be:cc:6a:42:42:c1:80:f3:91:8b:8d:08:f7:f5:4d:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 13 00:00:00 2023 GMT
            Not After : Mar 16 23:59:59 2023 GMT
        Subject: serialNumber=b7fafbcf54048ce54b1ad8121164b46e30eb76fd15aa662d975f94d24bfe17bb, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:0a:e6:4b:2e:bc:fe:a0:92:40:cc:ad:6a:65:
                    f1:6e:fd:0a:57:ad:e6:05:44:1e:81:8d:d0:1b:e1:
                    3c:a1:42:bc:6a:45:2f:7a:1b:c5:75:b8:c2:1c:53:
                    8b:63:9c:9b:31:1e:f3:8e:df:d2:42:17:09:aa:93:
                    70:8e:e1:26:bd:af:3c:86:b3:40:8f:c4:92:8d:64:
                    64:39:0a:b3:36:d9:6e:31:32:06:49:8d:8c:7c:21:
                    f0:54:9f:33:94:80:93:65:73:b2:e1:bc:4f:1f:53:
                    e2:5a:17:9e:9d:67:e9:a9:54:de:14:08:e9:21:69:
                    23:25:c8:ee:cc:5a:75:86:18:38:4a:56:81:0a:63:
                    ca:08:04:57:87:b7:e6:fa:00:6b:a7:a2:67:c3:8c:
                    09:f9:e8:69:ba:2b:31:01:ce:a8:11:56:c1:81:f8:
                    60:9c:b5:01:01:b3:5a:b0:6c:53:77:ac:05:c2:4c:
                    ec:c2:ab:1d:17:0f:34:5b:d2:28:dc:6b:04:76:1e:
                    a4:52:f4:9d:0e:e1:be:78:e0:cb:f3:97:76:70:74:
                    eb:3e:68:ef:d0:4b:10:cd:4c:79:b0:2a:96:e3:83:
                    f2:4a:98:3b:b6:f9:75:cb:92:f6:23:8a:6c:88:a1:
                    61:64:0d:42:09:3f:fb:4a:11:06:5a:01:3b:60:11:
                    f7:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:08:72:12:F7:87:B6:9F:32:BE:5A:01:E7:1D:35:16:9B:A3:FE:C4
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/19f2722b-71a4-42b9-94d4-b2dbee613d94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:5e:6a:09:c0:74:03:51:4f:54:10:21:5f:f3:f6:74:35:29:
         d2:e6:73:23:86:48:a4:ab:bd:83:1b:36:16:3f:43:3b:a2:e4:
         36:2c:e3:0f:72:c5:e5:cd:9f:b3:56:5d:8d:d3:5f:f1:6c:8f:
         43:be:60:28:1f:a7:27:15:6d:ac:1b:e2:14:35:cf:08:95:f0:
         af:2a:d1:2b:5c:ab:dd:2f:9d:99:2a:8a:3a:6f:21:1b:d0:aa:
         94:40:3c:7a:1a:e7:76:18:17:6a:41:9a:23:91:39:54:26:2f:
         e6:5e:98:af:25:96:e9:d7:8c:fb:99:3c:38:9f:66:49:e5:bc:
         33:aa:56:df:b7:3a:02:b8:ce:67:89:a3:10:c3:cf:4c:a3:df:
         2b:cc:be:f3:20:a4:a5:dc:17:86:50:55:ea:57:b5:52:74:de:
         39:e1:d3:34:43:68:35:8b:64:75:0a:04:cf:a1:31:15:79:95:
         00:c4:b6:89:2c:11:8a:b3:cb:02:a5:99:cb:e9:79:6e:3a:1e:
         61:14:dd:33:94:ac:5b:42:d0:a8:c3:b7:17:ab:19:34:3c:6b:
         56:08:ce:d6:e1:07:20:96:53:64:82:2f:91:b8:bd:90:4d:fd:
         de:32:03:73:fa:9b:85:bd:a8:8c:7a:34:cd:ea:37:ab:c4:dc:
         c8:26:96:c7
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUcUIhu77MakJCwYDzkYuNCPf1TTwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzEzMDAwMDAwWhcNMjMwMzE2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYjdmYWZiY2Y1NDA0OGNlNTRiMWFkODEyMTE2NGI0NmUz
MGViNzZmZDE1YWE2NjJkOTc1Zjk0ZDI0YmZlMTdiYjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMUK5ksuvP6gkkDMrWpl8W79Clet5gVEHoGN0BvhPKFCvGpFL3ob
xXW4whxTi2OcmzEe847f0kIXCaqTcI7hJr2vPIazQI/Eko1kZDkKszbZbjEyBkmN
jHwh8FSfM5SAk2VzsuG8Tx9T4loXnp1n6alU3hQI6SFpIyXI7sxadYYYOEpWgQpj
yggEV4e35voAa6eiZ8OMCfnoaborMQHOqBFWwYH4YJy1AQGzWrBsU3esBcJM7MKr
HRcPNFvSKNxrBHYepFL0nQ7hvnjgy/OXdnB06z5o79BLEM1MebAqluOD8kqYO7b5
dcuS9iOKbIihYWQNQgk/+0oRBloBO2AR9x0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTVCHIS94e2nzK+WgHnHTUWm6P+xDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMTlmMjcyMmItNzFhNC00MmI5LTk0ZDQtYjJkYmVlNjEzZDk0LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABNeagnAdANRT1QQ
IV/z9nQ1KdLmcyOGSKSrvYMbNhY/Qzui5DYs4w9yxeXNn7NWXY3TX/Fsj0O+YCgf
pycVbawb4hQ1zwiV8K8q0Stcq90vnZkqijpvIRvQqpRAPHoa53YYF2pBmiOROVQm
L+ZemK8llunXjPuZPDifZknlvDOqVt+3OgK4zmeJoxDDz0yj3yvMvvMgpKXcF4ZQ
VepXtVJ03jnh0zRDaDWLZHUKBM+hMRV5lQDEtoksEYqzywKlmcvpeW46HmEU3TOU
rFtC0KjDtxerGTQ8a1YIztbhByCWU2SCL5G4vZBN/d4yA3P6m4W9qIx6NM3qN6vE
3Mgmlsc=
-----END CERTIFICATE-----