Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1df7c3c0-9a7c-47a7-808d-612773d69c31.roa
File:                     1df7c3c0-9a7c-47a7-808d-612773d69c31.roa (raw, json)
Hash identifier:          Tnl0J8LORY5uiHFGMnuAlvh+vdgaPsqOr2Bd2rdylE0=
Subject key identifier:   1F:FA:DE:75:9D:37:43:12:6F:B1:F3:C6:FB:CC:79:F4:6C:13:DE:FC
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       63DBDB9507650744B6693828E0F2AB82A52C24E5
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1df7c3c0-9a7c-47a7-808d-612773d69c31.roa
Signing time:             Mon 23 Jan 2023 00:00:00 +0000
ROA not before:           Mon 23 Jan 2023 00:00:00 +0000
ROA not after:            Thu 26 Jan 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:db:db:95:07:65:07:44:b6:69:38:28:e0:f2:ab:82:a5:2c:24:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jan 23 00:00:00 2023 GMT
            Not After : Jan 26 23:59:59 2023 GMT
        Subject: serialNumber=157327661ddb6c33ab9301d117236286ca21b8349d1d8aba813289c92cd349ce, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:63:8e:ab:90:3a:19:e8:f4:f3:5c:33:a1:ef:
                    2d:96:16:85:96:0c:cc:5d:98:62:2f:fb:0c:a2:8a:
                    05:3a:6f:5b:e4:25:0b:72:37:dc:2d:b1:29:b0:f7:
                    16:7d:72:ef:f0:8d:67:04:7b:8e:af:57:2f:b8:94:
                    8c:b4:5d:b7:66:50:57:02:87:b4:58:e4:ea:1a:55:
                    83:c8:13:00:ec:33:f9:7b:9f:f6:42:f2:b4:70:52:
                    e9:3c:b7:fd:7f:fb:ff:76:a6:4c:8b:09:1c:8f:a3:
                    ba:cf:a1:b0:88:76:b6:98:dd:88:6a:d3:f9:9a:f9:
                    94:a7:96:d5:85:44:59:aa:fb:9e:b1:8b:c5:87:05:
                    b4:9b:69:a9:36:69:77:a4:fb:37:0c:98:e5:57:3c:
                    83:56:53:dd:31:c4:a1:bf:d2:b9:4a:27:76:2f:33:
                    d9:8e:5b:76:d2:57:c4:96:46:63:27:5f:f8:87:54:
                    1e:e9:94:06:1f:82:96:77:13:46:b7:c8:eb:0d:81:
                    5b:cd:ce:a3:1f:30:a3:31:a2:91:26:94:2f:c4:1a:
                    b2:80:7e:67:2a:31:ab:17:e7:31:96:84:8a:fe:9f:
                    bd:84:4b:75:a7:d1:6d:95:ce:67:4e:25:ff:f2:d2:
                    a1:f4:2f:33:72:e4:a5:a2:03:86:5c:46:a0:65:9b:
                    4f:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:FA:DE:75:9D:37:43:12:6F:B1:F3:C6:FB:CC:79:F4:6C:13:DE:FC
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1df7c3c0-9a7c-47a7-808d-612773d69c31.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:3c:59:c3:ab:d3:c4:fd:a4:74:e4:0c:78:49:02:25:f9:ea:
         60:fe:0b:5d:29:f2:24:e8:73:47:31:36:98:aa:9f:6a:ef:45:
         67:62:7d:27:bf:9b:47:99:21:dd:1c:c4:78:44:c3:23:a1:5e:
         0e:4f:5e:c2:4a:f9:93:12:77:af:7d:c0:96:4d:31:3a:04:c4:
         0e:3f:4a:93:4c:50:6c:96:39:a8:fe:f0:ba:f0:4f:80:37:a2:
         52:58:ac:95:eb:1b:28:d7:56:cf:51:40:5a:7c:49:11:f3:58:
         45:e5:e3:31:02:ff:97:32:95:37:ac:17:2e:ff:ab:a8:a4:18:
         d7:29:9b:cf:9f:c5:3c:b3:48:87:0d:89:2b:8f:6d:f1:67:a9:
         91:e8:61:fb:f8:63:74:33:ca:33:5e:65:b3:97:f2:62:c4:4b:
         4e:ea:55:ad:4b:f7:ad:d4:f2:bf:96:6c:eb:a0:67:b0:63:bb:
         3c:e0:1c:db:5f:e3:b4:01:aa:b1:71:66:5e:09:22:6f:94:8e:
         9a:a4:32:c5:10:20:f3:01:53:ac:d2:12:e1:0b:54:69:b9:e7:
         46:fa:20:f7:0e:6a:1f:33:95:59:ee:18:6e:70:3f:8f:ed:23:
         d0:46:29:01:0a:92:a7:2f:e7:35:05:a2:b8:09:6b:14:2b:60:
         d4:88:c8:18
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUY9vblQdlB0S2aTgo4PKrgqUsJOUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMTIzMDAwMDAwWhcNMjMwMTI2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMTU3MzI3NjYxZGRiNmMzM2FiOTMwMWQxMTcyMzYyODZj
YTIxYjgzNDlkMWQ4YWJhODEzMjg5YzkyY2QzNDljZTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJ5jjquQOhno9PNcM6HvLZYWhZYMzF2YYi/7DKKKBTpvW+QlC3I3
3C2xKbD3Fn1y7/CNZwR7jq9XL7iUjLRdt2ZQVwKHtFjk6hpVg8gTAOwz+Xuf9kLy
tHBS6Ty3/X/7/3amTIsJHI+jus+hsIh2tpjdiGrT+Zr5lKeW1YVEWar7nrGLxYcF
tJtpqTZpd6T7NwyY5Vc8g1ZT3THEob/SuUondi8z2Y5bdtJXxJZGYydf+IdUHumU
Bh+ClncTRrfI6w2BW83Oox8wozGikSaUL8QasoB+ZyoxqxfnMZaEiv6fvYRLdafR
bZXOZ04l//LSofQvM3LkpaIDhlxGoGWbT1ECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQf+t51nTdDEm+x88b7zHn0bBPe/DAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMWRmN2MzYzAtOWE3Yy00N2E3LTgwOGQtNjEyNzczZDY5YzMxLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAK88WcOr08T9pHTk
DHhJAiX56mD+C10p8iToc0cxNpiqn2rvRWdifSe/m0eZId0cxHhEwyOhXg5PXsJK
+ZMSd699wJZNMToExA4/SpNMUGyWOaj+8LrwT4A3olJYrJXrGyjXVs9RQFp8SRHz
WEXl4zEC/5cylTesFy7/q6ikGNcpm8+fxTyzSIcNiSuPbfFnqZHoYfv4Y3QzyjNe
ZbOX8mLES07qVa1L963U8r+WbOugZ7BjuzzgHNtf47QBqrFxZl4JIm+UjpqkMsUQ
IPMBU6zSEuELVGm550b6IPcOah8zlVnuGG5wP4/tI9BGKQEKkqcv5zUForgJaxQr
YNSIyBg=
-----END CERTIFICATE-----