Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2cb05733-75f8-4ddf-9340-1b4d9351d978.roa
File:                     2cb05733-75f8-4ddf-9340-1b4d9351d978.roa (raw, json)
Hash identifier:          j7cvzSLakyRPn/gpZ4qPMxiv93rBV471ueC+0tDTC4c=
Subject key identifier:   32:97:10:C9:8A:E7:84:83:FA:70:3F:92:FD:FA:95:73:37:BA:BC:25
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       38CB9356853E9886A0ADF97364C894BBB29BC1CE
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2cb05733-75f8-4ddf-9340-1b4d9351d978.roa
Signing time:             Sun 29 Jan 2023 00:00:00 +0000
ROA not before:           Sun 29 Jan 2023 00:00:00 +0000
ROA not after:            Wed 01 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:cb:93:56:85:3e:98:86:a0:ad:f9:73:64:c8:94:bb:b2:9b:c1:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jan 29 00:00:00 2023 GMT
            Not After : Feb  1 23:59:59 2023 GMT
        Subject: serialNumber=753bb1fd262f50988a6e0cc415eff3764ed256ce5349b73bd33f5e890e5606e0, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:51:3d:b1:7f:ba:c9:0b:9a:eb:a0:90:09:4f:
                    c9:42:43:ae:43:7f:37:ac:2b:4c:e6:a5:a0:7e:77:
                    35:f5:d9:48:c1:20:b6:75:66:40:a8:8f:41:2b:cc:
                    18:77:ae:c3:03:9d:e5:26:83:7e:60:66:ef:9b:e1:
                    72:6f:e3:35:e0:56:dc:f2:41:b5:8b:47:f1:b1:83:
                    77:df:fd:4b:79:08:e5:53:46:77:73:14:05:3a:c9:
                    c0:85:f5:63:27:af:e9:d8:6f:82:12:73:45:85:7a:
                    39:61:95:24:8b:1d:a4:db:9f:83:12:19:37:75:eb:
                    c0:ae:98:08:31:c7:02:0f:ad:83:26:7a:80:f8:9b:
                    f0:52:b0:6a:5b:b6:97:76:c5:04:e0:1d:68:bf:96:
                    d3:9f:bb:4e:79:b5:d5:49:2c:18:55:b1:2e:62:51:
                    aa:55:5d:54:31:8d:42:2c:9e:0f:f2:21:2a:1c:31:
                    72:5e:79:ec:08:6e:06:04:ed:2a:f8:09:9f:dd:98:
                    62:ef:fd:e4:df:f1:7b:cf:93:5e:84:6f:08:61:c5:
                    69:24:f7:fb:a9:8f:a8:d2:23:52:6d:a6:96:6b:07:
                    6a:92:3a:3a:ce:9c:24:88:2c:d2:2d:90:cc:29:f4:
                    12:6f:70:c2:20:a0:39:d2:0f:f1:b1:01:0a:02:7c:
                    62:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:97:10:C9:8A:E7:84:83:FA:70:3F:92:FD:FA:95:73:37:BA:BC:25
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/2cb05733-75f8-4ddf-9340-1b4d9351d978.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:3c:ed:b0:fd:7d:76:e7:26:86:0a:ff:40:dd:44:ef:3b:0e:
         73:70:45:bd:ad:9e:f5:51:36:88:bf:02:90:fa:d0:1d:85:e8:
         75:cf:61:59:32:44:03:eb:e0:6d:32:c3:4b:88:bd:a5:3c:80:
         5f:f8:b4:c1:16:44:6f:88:7d:be:d0:b6:7b:4b:31:f1:1f:6b:
         f6:36:41:d9:c4:8b:2e:c0:da:25:00:37:71:bc:32:ce:c6:c4:
         96:14:62:bc:7e:85:ae:3a:44:68:c4:3d:dc:3b:60:d6:f9:75:
         5e:0f:e3:8e:75:79:cb:8c:a4:c7:10:21:7f:87:5c:16:f0:86:
         4c:82:24:53:a5:39:d4:f8:f3:2f:27:f6:a6:71:32:d1:cf:be:
         c6:2b:44:bc:18:33:60:9c:47:37:90:6a:75:63:ba:71:bd:c4:
         81:07:f2:f2:70:01:77:f6:d5:a7:d1:0f:24:19:00:87:a1:b5:
         33:98:bf:f8:7b:8f:52:b9:5f:c9:23:09:8e:59:8e:a4:f1:ae:
         fc:54:45:71:68:cd:b8:b7:2f:dd:57:8a:6f:5e:f9:fb:a8:84:
         45:f3:06:92:19:0e:e2:f5:55:35:37:cf:cc:42:22:af:98:50:
         1a:70:b8:9a:f6:25:da:41:84:ea:a5:79:95:56:97:08:d2:83:
         35:c6:c6:54
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUOMuTVoU+mIagrflzZMiUu7Kbwc4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMTI5MDAwMDAwWhcNMjMwMjAxMjM1OTU5
WjCBpTFJMEcGA1UEBRNANzUzYmIxZmQyNjJmNTA5ODhhNmUwY2M0MTVlZmYzNzY0
ZWQyNTZjZTUzNDliNzNiZDMzZjVlODkwZTU2MDZlMDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAL1RPbF/uskLmuugkAlPyUJDrkN/N6wrTOaloH53NfXZSMEgtnVm
QKiPQSvMGHeuwwOd5SaDfmBm75vhcm/jNeBW3PJBtYtH8bGDd9/9S3kI5VNGd3MU
BTrJwIX1Yyev6dhvghJzRYV6OWGVJIsdpNufgxIZN3XrwK6YCDHHAg+tgyZ6gPib
8FKwalu2l3bFBOAdaL+W05+7Tnm11UksGFWxLmJRqlVdVDGNQiyeD/IhKhwxcl55
7AhuBgTtKvgJn92YYu/95N/xe8+TXoRvCGHFaST3+6mPqNIjUm2mlmsHapI6Os6c
JIgs0i2QzCn0Em9wwiCgOdIP8bEBCgJ8Yg8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQylxDJiueEg/pwP5L9+pVzN7q8JTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMmNiMDU3MzMtNzVmOC00ZGRmLTkzNDAtMWI0ZDkzNTFkOTc4LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJ087bD9fXbnJoYK
/0DdRO87DnNwRb2tnvVRNoi/ApD60B2F6HXPYVkyRAPr4G0yw0uIvaU8gF/4tMEW
RG+Ifb7QtntLMfEfa/Y2QdnEiy7A2iUAN3G8Ms7GxJYUYrx+ha46RGjEPdw7YNb5
dV4P4451ecuMpMcQIX+HXBbwhkyCJFOlOdT48y8n9qZxMtHPvsYrRLwYM2CcRzeQ
anVjunG9xIEH8vJwAXf21afRDyQZAIehtTOYv/h7j1K5X8kjCY5ZjqTxrvxURXFo
zbi3L91Xim9e+fuohEXzBpIZDuL1VTU3z8xCIq+YUBpwuJr2JdpBhOqleZVWlwjS
gzXGxlQ=
-----END CERTIFICATE-----