Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/292c10af-cf1a-465c-8e4f-09fd15221b45.roa
File:                     292c10af-cf1a-465c-8e4f-09fd15221b45.roa (raw, json)
Hash identifier:          FiKJKJ2NoL/hpWmee6XfU7bGmXarQkUq/0xHHcnzJKg=
Subject key identifier:   4E:AF:EF:E0:5F:15:80:35:CC:D2:80:07:07:9A:8D:B5:B5:40:6D:24
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       056FF00AA03488452DA46EC937667B0C48F9B244
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/292c10af-cf1a-465c-8e4f-09fd15221b45.roa
Signing time:             Sat 25 Mar 2023 00:00:00 +0000
ROA not before:           Sat 25 Mar 2023 00:00:00 +0000
ROA not after:            Tue 28 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:6f:f0:0a:a0:34:88:45:2d:a4:6e:c9:37:66:7b:0c:48:f9:b2:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 25 00:00:00 2023 GMT
            Not After : Mar 28 23:59:59 2023 GMT
        Subject: serialNumber=72be7b1f12870b2f511ff525af65327920a3bdef0685cd80e1d03f80ecb05d73, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:70:44:7b:c2:87:c4:d9:c4:fa:cd:2a:c3:01:
                    37:39:54:76:c2:cd:50:3a:03:ec:5c:26:6b:a0:72:
                    4d:a1:10:06:63:2d:d7:f4:29:ae:d2:f7:0a:d1:2c:
                    06:e6:e8:67:a8:3c:b5:d4:27:0b:df:f8:39:9a:02:
                    c4:95:ef:64:90:7f:d5:b4:ac:1f:52:d5:89:38:bf:
                    33:1b:7d:ea:3a:8f:18:59:ac:8f:35:f2:3a:1a:32:
                    f4:eb:19:54:2b:75:4e:17:62:66:19:2a:5c:07:e6:
                    a2:2f:6e:fb:f4:0c:b4:b0:98:c3:d9:38:9c:d9:24:
                    86:44:f1:79:dc:b9:10:37:8c:9b:36:7a:37:7c:80:
                    d1:fb:b5:42:15:cd:2a:32:37:e1:ef:a4:55:f8:59:
                    91:ba:ac:be:27:3b:9e:f8:b6:b5:02:e1:98:19:d0:
                    4c:25:d7:78:df:c4:c6:4d:22:78:8e:f4:d4:15:06:
                    87:d2:b6:1d:a5:75:6a:ae:74:16:10:59:fd:a4:2b:
                    37:de:e0:80:7e:00:e9:2d:ac:de:56:fc:fb:2c:a7:
                    9b:74:5e:fa:37:ec:19:c5:ec:1a:67:c7:d8:39:1d:
                    2b:57:5d:23:c1:05:56:35:fe:ee:fd:3c:5d:5a:bb:
                    8e:e3:22:bd:85:e8:35:de:bd:18:3a:e9:7a:32:12:
                    b8:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:AF:EF:E0:5F:15:80:35:CC:D2:80:07:07:9A:8D:B5:B5:40:6D:24
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/292c10af-cf1a-465c-8e4f-09fd15221b45.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:6a:30:69:bf:7f:68:d0:c9:37:05:ce:ce:e7:ae:e5:c7:44:
         5e:78:42:a0:53:52:85:54:7c:81:c6:06:bc:e0:74:08:90:51:
         99:4e:c1:f1:c6:ec:aa:2d:eb:1f:0d:b4:cf:0b:ec:8a:a4:19:
         3e:4a:e3:0d:c5:10:85:40:c4:97:7f:25:61:0e:38:91:f7:18:
         3b:37:94:9d:33:fc:bf:ca:8d:5e:d0:30:04:0d:3f:5b:fd:0b:
         ab:13:4c:5f:f6:85:6b:ac:78:bd:c9:33:7c:26:bf:42:87:c7:
         9c:bb:d2:1a:02:1d:38:3a:b0:11:9a:bf:22:b8:69:0f:72:e0:
         c9:6e:15:20:64:0f:61:3d:7d:9c:bc:79:b2:e9:e3:7e:39:20:
         8a:d4:f1:6a:fb:0f:3c:e0:2a:0c:1c:d3:29:30:4e:0f:d4:b9:
         b9:c7:74:b7:f3:7d:8c:78:1b:bb:2e:a7:86:b7:42:7c:32:52:
         13:06:75:47:d0:92:30:b2:0e:45:20:13:bd:5f:1f:cb:10:5b:
         79:74:2a:1d:7b:5d:16:04:c5:1b:f4:9e:93:f5:64:49:4e:81:
         9f:aa:85:49:dd:e2:92:c9:01:35:10:3d:0f:f6:86:ae:f9:17:
         2c:cb:7f:41:ab:b6:03:a1:9f:22:60:1a:39:5b:fb:8f:dd:10:
         a2:65:a2:98
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUBW/wCqA0iEUtpG7JN2Z7DEj5skQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzI1MDAwMDAwWhcNMjMwMzI4MjM1OTU5
WjCBpTFJMEcGA1UEBRNANzJiZTdiMWYxMjg3MGIyZjUxMWZmNTI1YWY2NTMyNzky
MGEzYmRlZjA2ODVjZDgwZTFkMDNmODBlY2IwNWQ3MzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAPRwRHvCh8TZxPrNKsMBNzlUdsLNUDoD7Fwma6ByTaEQBmMt1/Qp
rtL3CtEsBuboZ6g8tdQnC9/4OZoCxJXvZJB/1bSsH1LViTi/Mxt96jqPGFmsjzXy
Ohoy9OsZVCt1ThdiZhkqXAfmoi9u+/QMtLCYw9k4nNkkhkTxedy5EDeMmzZ6N3yA
0fu1QhXNKjI34e+kVfhZkbqsvic7nvi2tQLhmBnQTCXXeN/Exk0ieI701BUGh9K2
HaV1aq50FhBZ/aQrN97ggH4A6S2s3lb8+yynm3Re+jfsGcXsGmfH2DkdK1ddI8EF
VjX+7v08XVq7juMivYXoNd69GDrpejISuC8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBROr+/gXxWANczSgAcHmo21tUBtJDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMjkyYzEwYWYtY2YxYS00NjVjLThlNGYtMDlmZDE1MjIxYjQ1LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAFqMGm/f2jQyTcF
zs7nruXHRF54QqBTUoVUfIHGBrzgdAiQUZlOwfHG7Kot6x8NtM8L7IqkGT5K4w3F
EIVAxJd/JWEOOJH3GDs3lJ0z/L/KjV7QMAQNP1v9C6sTTF/2hWuseL3JM3wmv0KH
x5y70hoCHTg6sBGavyK4aQ9y4MluFSBkD2E9fZy8ebLp4345IIrU8Wr7DzzgKgwc
0ykwTg/UubnHdLfzfYx4G7sup4a3QnwyUhMGdUfQkjCyDkUgE71fH8sQW3l0Kh17
XRYExRv0npP1ZElOgZ+qhUnd4pLJATUQPQ/2hq75FyzLf0GrtgOhnyJgGjlb+4/d
EKJlopg=
-----END CERTIFICATE-----