Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1b416e96-2e19-43d4-a350-966df1c8518f.roa
File:                     1b416e96-2e19-43d4-a350-966df1c8518f.roa (raw, json)
Hash identifier:          Bw8j4w02X2oIcQUk5Zf1zQOGLXxpKfNQadUDnazxuDE=
Subject key identifier:   CE:8C:A0:69:17:4C:65:48:55:C0:1A:C6:C0:3E:8A:8B:BA:E9:56:C5
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       4160BD09FC0602484BEE0BBE6B09EE391DB54A2D
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1b416e96-2e19-43d4-a350-966df1c8518f.roa
Signing time:             Fri 24 Feb 2023 00:00:00 +0000
ROA not before:           Fri 24 Feb 2023 00:00:00 +0000
ROA not after:            Mon 27 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:60:bd:09:fc:06:02:48:4b:ee:0b:be:6b:09:ee:39:1d:b5:4a:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 24 00:00:00 2023 GMT
            Not After : Feb 27 23:59:59 2023 GMT
        Subject: serialNumber=e3ad6dcf1e08c15ee5d9c074acd69a8c597104c1c440a9ecc82511dbe2f2b63b, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:b0:e7:b8:a9:5b:81:b8:8b:c8:61:e0:bb:af:
                    0c:94:0b:c5:bb:f1:73:71:d0:43:39:80:f3:3e:33:
                    36:b6:63:7b:06:e8:c1:02:a7:12:62:d9:5e:a8:bf:
                    66:95:f9:ca:be:1f:59:35:37:80:b5:4c:48:3f:17:
                    db:86:c9:e5:9d:3c:73:4e:2a:2b:6f:ef:84:04:ce:
                    7f:46:fe:44:43:b1:48:d5:d1:57:65:2a:89:b1:17:
                    55:00:e5:98:39:a9:1d:56:ec:01:b0:f8:33:1b:73:
                    d5:51:61:d1:a2:7d:ed:26:07:28:3f:56:f1:a2:0f:
                    40:85:44:83:7a:a1:63:fe:2a:94:4c:d6:2b:80:76:
                    5d:34:96:88:91:03:03:0e:25:aa:87:e8:06:dd:b8:
                    0d:9d:1e:6c:74:15:4a:41:e1:63:9d:4d:84:ed:5b:
                    df:7b:4e:a3:54:8c:26:e9:50:ca:28:1c:da:ca:d2:
                    8a:05:61:b6:4b:5f:52:ee:ee:04:4a:df:0c:7a:8c:
                    f1:8e:31:6c:cb:08:1c:fb:62:46:15:3a:f0:00:d8:
                    60:90:0e:b3:50:4d:bd:62:dd:f5:2a:24:40:8b:ff:
                    eb:ec:b7:ef:bc:9c:95:8e:63:a8:9d:2e:f0:b3:21:
                    0d:73:15:52:1a:e4:28:45:aa:7d:21:1d:b3:c7:6c:
                    c6:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:8C:A0:69:17:4C:65:48:55:C0:1A:C6:C0:3E:8A:8B:BA:E9:56:C5
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1b416e96-2e19-43d4-a350-966df1c8518f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:24:54:af:2e:31:69:ea:33:d9:90:45:b8:4d:6a:34:3b:bb:
         a4:e1:c5:42:81:8d:15:a0:de:aa:d6:0d:7f:b0:ea:72:61:b5:
         a8:46:68:5c:15:e4:ca:99:c5:84:09:08:ea:c7:5b:55:7a:99:
         61:f8:40:62:dc:ac:24:db:41:ce:31:0c:ac:40:db:76:43:97:
         6e:d7:cb:ab:b2:b9:5b:71:5e:3e:73:cc:cd:57:00:e1:23:72:
         c5:a8:e1:b1:94:30:df:dc:ee:24:1f:07:44:a9:00:4a:55:ef:
         e2:51:f4:f1:c9:f0:a8:1f:16:f9:42:f0:4d:73:17:db:6d:aa:
         79:fd:21:8c:69:e2:6a:78:eb:3e:29:35:c1:ec:6a:0e:b9:7a:
         c2:b0:69:98:52:56:3b:80:b8:4f:d0:53:ec:00:31:0c:40:b0:
         59:5b:24:ac:48:4b:2a:81:82:1a:7b:dc:13:d0:8a:9c:df:e7:
         7d:23:0e:8e:c5:74:66:c3:0b:d2:06:27:7e:c2:79:54:01:09:
         a3:f5:cd:a6:0d:2d:17:6f:3e:b4:8c:f4:5f:b9:47:3c:a6:52:
         16:2c:92:97:ac:c9:af:b0:30:7e:7d:61:c2:f3:03:5f:09:91:
         26:6c:2d:19:5c:04:ec:bb:55:65:e4:7e:03:cd:7c:ea:52:8d:
         51:1f:2e:22
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUQWC9CfwGAkhL7gu+awnuOR21Si0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjI0MDAwMDAwWhcNMjMwMjI3MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZTNhZDZkY2YxZTA4YzE1ZWU1ZDljMDc0YWNkNjlhOGM1
OTcxMDRjMWM0NDBhOWVjYzgyNTExZGJlMmYyYjYzYjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAPOw57ipW4G4i8hh4LuvDJQLxbvxc3HQQzmA8z4zNrZjewbowQKn
EmLZXqi/ZpX5yr4fWTU3gLVMSD8X24bJ5Z08c04qK2/vhATOf0b+REOxSNXRV2Uq
ibEXVQDlmDmpHVbsAbD4Mxtz1VFh0aJ97SYHKD9W8aIPQIVEg3qhY/4qlEzWK4B2
XTSWiJEDAw4lqofoBt24DZ0ebHQVSkHhY51NhO1b33tOo1SMJulQyigc2srSigVh
tktfUu7uBErfDHqM8Y4xbMsIHPtiRhU68ADYYJAOs1BNvWLd9SokQIv/6+y377yc
lY5jqJ0u8LMhDXMVUhrkKEWqfSEds8dsxgMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTOjKBpF0xlSFXAGsbAPoqLuulWxTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMWI0MTZlOTYtMmUxOS00M2Q0LWEzNTAtOTY2ZGYxYzg1MThmLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAF8kVK8uMWnqM9mQ
RbhNajQ7u6ThxUKBjRWg3qrWDX+w6nJhtahGaFwV5MqZxYQJCOrHW1V6mWH4QGLc
rCTbQc4xDKxA23ZDl27Xy6uyuVtxXj5zzM1XAOEjcsWo4bGUMN/c7iQfB0SpAEpV
7+JR9PHJ8KgfFvlC8E1zF9ttqnn9IYxp4mp46z4pNcHsag65esKwaZhSVjuAuE/Q
U+wAMQxAsFlbJKxISyqBghp73BPQipzf530jDo7FdGbDC9IGJ37CeVQBCaP1zaYN
LRdvPrSM9F+5RzymUhYskpesya+wMH59YcLzA18JkSZsLRlcBOy7VWXkfgPNfOpS
jVEfLiI=
-----END CERTIFICATE-----