Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/22844002-b4c5-4a55-9849-b2f31df7c5ab.roa
File:                     22844002-b4c5-4a55-9849-b2f31df7c5ab.roa (raw, json)
Hash identifier:          XnaErJ9kWxwXISTDPtQFgelMkXFZcF97z0W+yH4eqTI=
Subject key identifier:   DD:66:56:BC:AA:B3:39:1F:3A:6E:E4:BD:D5:46:41:89:04:90:10:2A
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       4809A13702DA1C7A7CE62A959E8959BC8C41219D
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/22844002-b4c5-4a55-9849-b2f31df7c5ab.roa
Signing time:             Sat 18 Feb 2023 00:00:00 +0000
ROA not before:           Sat 18 Feb 2023 00:00:00 +0000
ROA not after:            Tue 21 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:09:a1:37:02:da:1c:7a:7c:e6:2a:95:9e:89:59:bc:8c:41:21:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 18 00:00:00 2023 GMT
            Not After : Feb 21 23:59:59 2023 GMT
        Subject: serialNumber=6956d4caffac4d977c20eedeed6c0a01df2e01c11503446245e3770da1677131, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:55:9e:05:9a:70:b5:73:64:e5:97:7a:a8:0e:
                    1d:2b:ac:f8:65:3c:0c:6f:9a:57:12:8c:a3:87:da:
                    87:f0:c6:ef:ff:b7:bd:b4:be:d0:cd:a8:d6:a6:d5:
                    1b:26:52:39:af:d8:06:dd:a6:57:08:fa:52:ca:0e:
                    80:63:bc:93:29:91:5a:b9:f9:f3:0a:39:46:54:3f:
                    6f:09:4e:e6:55:b3:b6:6f:99:2d:cc:f5:91:1d:f5:
                    14:e9:55:70:a5:eb:2c:98:d0:11:2e:0f:8c:1e:41:
                    fc:78:11:32:b7:27:b4:c8:63:db:14:43:81:9a:f3:
                    60:fd:41:f4:19:b0:e3:c9:b3:53:bb:44:1a:86:c6:
                    70:f8:c5:1e:79:0f:63:6c:45:b0:48:50:24:f5:6c:
                    63:d2:7f:6e:cc:22:44:1d:98:d2:7e:7b:4b:4a:d1:
                    9e:b5:d5:89:3c:a3:a9:cf:4b:54:aa:7a:7d:72:c1:
                    db:61:01:47:37:e8:2a:7c:ea:f2:e6:4b:24:cd:30:
                    98:f6:54:55:d8:c7:2c:72:f9:85:69:e4:f4:a3:9e:
                    1a:f3:32:f3:92:8e:47:43:ad:28:aa:a4:e2:9f:37:
                    15:9d:de:16:d5:24:36:f1:71:c2:e8:5d:bc:ce:da:
                    03:4f:24:12:29:a1:d1:13:47:2d:fe:e2:7e:29:9e:
                    1b:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:66:56:BC:AA:B3:39:1F:3A:6E:E4:BD:D5:46:41:89:04:90:10:2A
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/22844002-b4c5-4a55-9849-b2f31df7c5ab.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:a1:66:54:05:7e:9c:70:93:f3:06:1f:44:c8:ac:6e:7f:03:
         68:b2:34:16:24:15:2a:a5:e2:95:a2:0d:20:28:23:ac:fc:1e:
         2e:06:e2:8b:01:1d:1f:0a:06:ff:9f:70:d3:e9:42:03:5a:57:
         39:45:36:d5:02:e6:24:3a:ca:e3:6d:be:11:e8:2f:99:07:93:
         f0:35:7a:50:21:05:2c:6b:ce:72:b3:83:fa:0f:f0:2b:d5:74:
         e7:b0:e3:d8:bc:8c:e3:45:9e:bf:fa:92:85:d7:1b:e5:58:8d:
         51:87:3d:7d:ab:9b:4e:d4:0b:3e:34:9c:d9:78:b1:d7:99:7d:
         16:3b:d6:06:e6:22:85:8f:74:76:d3:27:ff:d4:04:93:fe:93:
         6a:80:62:24:0d:51:51:0c:3a:42:2b:4c:5f:9a:02:55:32:d5:
         40:72:37:51:57:16:ae:ef:25:53:6c:84:96:65:9f:3d:d5:40:
         7b:be:97:bc:0e:60:b5:da:af:d5:a8:07:22:f6:43:72:20:a8:
         3f:7f:bc:32:12:cc:5f:9f:2c:4e:ba:e4:68:34:77:25:5c:37:
         ca:a5:fa:ed:29:35:ca:d5:44:4a:23:f3:72:72:c6:bb:51:54:
         a7:05:c6:45:cc:61:3d:12:43:54:9a:0f:58:bb:04:26:7c:52:
         57:e5:c9:84
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUSAmhNwLaHHp85iqVnolZvIxBIZ0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjE4MDAwMDAwWhcNMjMwMjIxMjM1OTU5
WjCBpTFJMEcGA1UEBRNANjk1NmQ0Y2FmZmFjNGQ5NzdjMjBlZWRlZWQ2YzBhMDFk
ZjJlMDFjMTE1MDM0NDYyNDVlMzc3MGRhMTY3NzEzMTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALlVngWacLVzZOWXeqgOHSus+GU8DG+aVxKMo4fah/DG7/+3vbS+
0M2o1qbVGyZSOa/YBt2mVwj6UsoOgGO8kymRWrn58wo5RlQ/bwlO5lWztm+ZLcz1
kR31FOlVcKXrLJjQES4PjB5B/HgRMrcntMhj2xRDgZrzYP1B9Bmw48mzU7tEGobG
cPjFHnkPY2xFsEhQJPVsY9J/bswiRB2Y0n57S0rRnrXViTyjqc9LVKp6fXLB22EB
RzfoKnzq8uZLJM0wmPZUVdjHLHL5hWnk9KOeGvMy85KOR0OtKKqk4p83FZ3eFtUk
NvFxwuhdvM7aA08kEimh0RNHLf7ifimeG/cCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTdZla8qrM5Hzpu5L3VRkGJBJAQKjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMjI4NDQwMDItYjRjNS00YTU1LTk4NDktYjJmMzFkZjdjNWFiLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADehZlQFfpxwk/MG
H0TIrG5/A2iyNBYkFSql4pWiDSAoI6z8Hi4G4osBHR8KBv+fcNPpQgNaVzlFNtUC
5iQ6yuNtvhHoL5kHk/A1elAhBSxrznKzg/oP8CvVdOew49i8jONFnr/6koXXG+VY
jVGHPX2rm07UCz40nNl4sdeZfRY71gbmIoWPdHbTJ//UBJP+k2qAYiQNUVEMOkIr
TF+aAlUy1UByN1FXFq7vJVNshJZlnz3VQHu+l7wOYLXar9WoByL2Q3IgqD9/vDIS
zF+fLE665Gg0dyVcN8ql+u0pNcrVREoj83JyxrtRVKcFxkXMYT0SQ1SaD1i7BCZ8
UlflyYQ=
-----END CERTIFICATE-----