Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2499173d-0101-46f1-be6a-eb01196798c0.roa
File:                     2499173d-0101-46f1-be6a-eb01196798c0.roa (raw, json)
Hash identifier:          Dvv0PzWhLXZa31AXBuk8FQ2jX7lA/5dkpAb+h19Sk+I=
Subject key identifier:   C0:C1:9B:42:7B:5E:B8:6E:33:F5:62:F7:C0:B0:85:8B:9E:E0:DD:24
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       31CAFC670E997958F0F0ACE23459BB7912A45927
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2499173d-0101-46f1-be6a-eb01196798c0.roa
Signing time:             Sat 22 Apr 2023 00:00:00 +0000
ROA not before:           Sat 22 Apr 2023 00:00:00 +0000
ROA not after:            Tue 25 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:ca:fc:67:0e:99:79:58:f0:f0:ac:e2:34:59:bb:79:12:a4:59:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 22 00:00:00 2023 GMT
            Not After : Apr 25 23:59:59 2023 GMT
        Subject: serialNumber=daebb278e4e63b633d8939ebf49048abecb156e5e6a074ce3bbd5f7bab6a3c4c, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:37:fd:2f:a2:96:2b:66:4c:fc:60:ba:11:41:
                    34:0e:fe:2c:b3:ab:c3:fc:a4:e4:14:0c:2d:83:2e:
                    56:9d:28:ef:8d:c1:fb:34:93:66:72:85:94:39:b6:
                    fd:e1:f9:17:c3:7c:c8:4e:e3:10:12:48:ea:a3:5c:
                    c6:b2:94:ef:dd:a1:c1:45:e2:5f:2a:1b:4d:88:bc:
                    b1:bc:27:42:ab:39:9b:48:5e:5b:3f:64:ca:5a:77:
                    4c:3e:f6:c8:da:cc:2b:17:62:83:18:35:92:30:e2:
                    77:6b:58:17:40:de:d6:d1:d5:70:3a:9a:0d:e1:fb:
                    c5:69:6b:75:90:0c:21:b1:99:40:07:f2:96:8b:42:
                    0e:eb:56:a4:06:50:bf:b8:44:c9:0c:69:0a:d8:9f:
                    61:a1:5e:3c:f3:75:bb:55:c6:13:2a:d7:fb:bd:24:
                    26:ff:cc:70:6b:57:30:11:3e:02:c7:bb:15:e3:80:
                    01:2d:3f:cb:16:47:d5:68:68:b2:49:31:73:67:e0:
                    e9:94:76:95:c8:d4:4d:5e:54:df:47:a6:ac:d4:8b:
                    53:17:5b:69:ef:55:98:c8:b2:f9:80:6f:43:fc:8d:
                    68:de:04:38:f8:83:b0:19:0a:22:06:da:ba:96:a1:
                    af:90:49:b6:2b:41:75:dd:7b:57:71:0b:b7:a4:89:
                    85:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:C1:9B:42:7B:5E:B8:6E:33:F5:62:F7:C0:B0:85:8B:9E:E0:DD:24
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2499173d-0101-46f1-be6a-eb01196798c0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:2b:cb:96:88:f0:ba:ad:9c:0e:6f:d6:f1:42:46:fb:c8:d7:
         40:1d:b3:b4:47:8a:96:0c:35:3c:82:06:b2:2e:9c:db:0f:40:
         de:2f:de:01:c3:c7:01:8a:27:fd:97:e4:1c:40:c0:2f:d2:4d:
         3d:1d:6f:25:fb:e3:a0:ab:f6:79:ad:32:54:3a:6a:6b:db:a7:
         32:2e:2b:8f:4a:58:cf:c8:97:30:c4:ce:7c:bd:5b:83:e3:29:
         a9:05:19:e7:7c:6d:d8:60:42:88:8b:c9:ff:4f:d1:4f:2b:42:
         ef:97:8a:9e:45:6d:2a:42:72:23:55:cc:c8:b3:4a:da:97:cc:
         a2:0f:05:82:0a:7f:fc:2b:5c:34:e4:51:f2:47:3c:34:71:c1:
         2e:c7:e4:0d:12:fd:f0:15:af:ff:b2:5e:9d:76:d1:92:60:55:
         a5:9a:22:08:ee:3c:c7:48:32:f3:f1:78:dd:f3:f7:1d:dc:ed:
         0e:9a:d8:cb:bd:8d:1a:8d:6d:9f:5f:ac:b9:26:77:d0:1f:84:
         79:23:6d:fc:61:be:3a:c1:95:86:8b:19:68:14:11:b8:94:5e:
         c2:70:dd:0a:d1:f6:25:47:73:fc:34:c4:46:d3:80:17:85:c9:
         50:04:dd:e8:d1:db:24:c0:1a:f1:73:f6:ef:b4:2b:42:6b:2f:
         70:ce:38:e4
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUMcr8Zw6ZeVjw8KziNFm7eRKkWScwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDIyMDAwMDAwWhcNMjMwNDI1MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZGFlYmIyNzhlNGU2M2I2MzNkODkzOWViZjQ5MDQ4YWJl
Y2IxNTZlNWU2YTA3NGNlM2JiZDVmN2JhYjZhM2M0YzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANA3/S+ilitmTPxguhFBNA7+LLOrw/yk5BQMLYMuVp0o743B+zST
ZnKFlDm2/eH5F8N8yE7jEBJI6qNcxrKU792hwUXiXyobTYi8sbwnQqs5m0heWz9k
ylp3TD72yNrMKxdigxg1kjDid2tYF0De1tHVcDqaDeH7xWlrdZAMIbGZQAfylotC
DutWpAZQv7hEyQxpCtifYaFePPN1u1XGEyrX+70kJv/McGtXMBE+Ase7FeOAAS0/
yxZH1Whoskkxc2fg6ZR2lcjUTV5U30emrNSLUxdbae9VmMiy+YBvQ/yNaN4EOPiD
sBkKIgbaupahr5BJtitBdd17V3ELt6SJhS8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTAwZtCe164bjP1YvfAsIWLnuDdJDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMjQ5OTE3M2QtMDEwMS00NmYxLWJlNmEtZWIwMTE5Njc5OGMwLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACcry5aI8LqtnA5v
1vFCRvvI10Ads7RHipYMNTyCBrIunNsPQN4v3gHDxwGKJ/2X5BxAwC/STT0dbyX7
46Cr9nmtMlQ6amvbpzIuK49KWM/IlzDEzny9W4PjKakFGed8bdhgQoiLyf9P0U8r
Qu+Xip5FbSpCciNVzMizStqXzKIPBYIKf/wrXDTkUfJHPDRxwS7H5A0S/fAVr/+y
Xp120ZJgVaWaIgjuPMdIMvPxeN3z9x3c7Q6a2Mu9jRqNbZ9frLkmd9AfhHkjbfxh
vjrBlYaLGWgUEbiUXsJw3QrR9iVHc/w0xEbTgBeFyVAE3ejR2yTAGvFz9u+0K0Jr
L3DOOOQ=
-----END CERTIFICATE-----