Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/24ba6984-b019-48b9-9785-d2d9ddc94020.roa
File:                     24ba6984-b019-48b9-9785-d2d9ddc94020.roa (raw, json)
Hash identifier:          Yj4h+/GvMfO+kWVKk1EecP9/NkBZgOqxHNvNE1aVZlw=
Subject key identifier:   74:F5:25:04:4F:38:9F:BF:FF:C4:91:36:BB:42:9B:B8:41:43:89:85
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       68E2F9E5466105614541B2B3D421F556DDDD3473
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/24ba6984-b019-48b9-9785-d2d9ddc94020.roa
Signing time:             Thu 16 Feb 2023 00:00:00 +0000
ROA not before:           Thu 16 Feb 2023 00:00:00 +0000
ROA not after:            Sun 19 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:e2:f9:e5:46:61:05:61:45:41:b2:b3:d4:21:f5:56:dd:dd:34:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 16 00:00:00 2023 GMT
            Not After : Feb 19 23:59:59 2023 GMT
        Subject: serialNumber=e95edcd2977feee41fd67e26ea48996204dc78363f095b3e330e44c9787fc4f3, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:d9:87:25:8d:8e:18:69:13:f7:d0:26:e3:53:
                    cf:21:08:d8:72:db:5b:7f:1d:7f:a6:19:29:b6:46:
                    6b:be:d2:7c:f9:44:82:ac:12:c2:f3:13:d0:32:c9:
                    e7:99:25:7c:96:b8:09:df:fa:94:b8:48:34:8f:f0:
                    c5:be:9c:ae:86:2b:8b:4b:f8:0e:75:e5:63:c1:4b:
                    60:a9:a8:44:a3:f0:42:08:81:b9:e8:9a:ae:82:59:
                    e4:4f:4d:f0:d6:b8:8e:5d:44:15:a7:4d:78:55:50:
                    aa:ee:8d:f2:24:47:09:aa:9b:ab:75:a1:da:b1:c1:
                    37:de:52:4b:b5:fd:2a:ac:f8:c4:23:10:7d:bf:bc:
                    3b:74:31:23:ff:69:6f:b1:25:83:00:ca:8c:41:08:
                    27:be:2b:ea:41:45:c9:0f:d5:b5:85:02:33:a7:bb:
                    29:63:52:c8:f2:1c:6a:06:99:3c:ba:c6:d7:2d:c3:
                    9a:6e:dc:71:74:fa:41:2a:47:8e:a5:21:52:7a:43:
                    8a:f9:b0:e3:f3:65:14:ad:ea:2c:51:2f:1d:ca:c2:
                    56:55:3f:80:84:75:ad:e5:45:14:b3:7b:ab:07:e2:
                    53:2d:48:fe:c0:17:59:18:fe:1d:d0:bf:67:ad:9d:
                    96:ed:f1:34:66:47:f6:54:56:5a:c3:30:b9:b9:14:
                    9b:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:F5:25:04:4F:38:9F:BF:FF:C4:91:36:BB:42:9B:B8:41:43:89:85
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/24ba6984-b019-48b9-9785-d2d9ddc94020.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:95:8b:59:f0:27:20:67:bb:ac:1c:98:2e:b0:60:10:a1:71:
         74:0c:e1:a7:09:77:1a:28:90:a8:bd:8f:c1:d5:1f:03:d0:64:
         2e:c1:59:0c:36:70:35:53:33:85:8d:02:00:b5:c4:93:24:ce:
         52:8b:e2:00:f4:8b:45:ad:db:d8:dc:8c:9b:d5:dc:e0:28:f7:
         f5:74:70:c2:d4:79:4d:d9:11:5c:91:9a:b8:24:25:b4:8f:d0:
         7d:a9:21:47:7d:ac:28:32:0e:61:d7:86:e7:f7:e0:4e:b5:03:
         34:f6:4a:e8:e7:fc:16:74:98:e6:46:6c:03:30:c4:7a:a3:7f:
         7c:c9:be:97:34:a2:13:86:9a:c8:32:4d:9e:85:a3:56:7f:74:
         53:04:a8:5b:7f:8b:c4:ad:0f:e4:62:8e:55:d7:ed:62:de:13:
         02:ac:da:fc:7d:38:cc:5a:fe:5f:ca:a5:12:63:a8:23:3a:67:
         2c:b3:8d:f0:bc:8b:af:e3:27:59:09:60:f5:33:50:96:9a:01:
         0d:55:22:ae:c9:13:e8:b8:95:e1:42:6a:91:dd:2b:9c:7c:31:
         d0:77:40:7d:72:70:56:e8:eb:40:e5:8d:d3:25:ec:e0:27:ea:
         43:47:60:78:ff:1b:6f:c2:0c:f5:f5:a3:3f:d3:6e:72:a4:63:
         81:16:a7:82
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUaOL55UZhBWFFQbKz1CH1Vt3dNHMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjE2MDAwMDAwWhcNMjMwMjE5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZTk1ZWRjZDI5NzdmZWVlNDFmZDY3ZTI2ZWE0ODk5NjIw
NGRjNzgzNjNmMDk1YjNlMzMwZTQ0Yzk3ODdmYzRmMzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAITZhyWNjhhpE/fQJuNTzyEI2HLbW38df6YZKbZGa77SfPlEgqwS
wvMT0DLJ55klfJa4Cd/6lLhINI/wxb6croYri0v4DnXlY8FLYKmoRKPwQgiBueia
roJZ5E9N8Na4jl1EFadNeFVQqu6N8iRHCaqbq3Wh2rHBN95SS7X9Kqz4xCMQfb+8
O3QxI/9pb7ElgwDKjEEIJ74r6kFFyQ/VtYUCM6e7KWNSyPIcagaZPLrG1y3Dmm7c
cXT6QSpHjqUhUnpDivmw4/NlFK3qLFEvHcrCVlU/gIR1reVFFLN7qwfiUy1I/sAX
WRj+HdC/Z62dlu3xNGZH9lRWWsMwubkUm3sCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBR09SUETzifv//EkTa7Qpu4QUOJhTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMjRiYTY5ODQtYjAxOS00OGI5LTk3ODUtZDJkOWRkYzk0MDIwLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACOVi1nwJyBnu6wc
mC6wYBChcXQM4acJdxookKi9j8HVHwPQZC7BWQw2cDVTM4WNAgC1xJMkzlKL4gD0
i0Wt29jcjJvV3OAo9/V0cMLUeU3ZEVyRmrgkJbSP0H2pIUd9rCgyDmHXhuf34E61
AzT2Sujn/BZ0mOZGbAMwxHqjf3zJvpc0ohOGmsgyTZ6Fo1Z/dFMEqFt/i8StD+Ri
jlXX7WLeEwKs2vx9OMxa/l/KpRJjqCM6ZyyzjfC8i6/jJ1kJYPUzUJaaAQ1VIq7J
E+i4leFCapHdK5x8MdB3QH1ycFbo60DljdMl7OAn6kNHYHj/G2/CDPX1oz/TbnKk
Y4EWp4I=
-----END CERTIFICATE-----