Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3303a329-7bd2-44cc-9317-105a4d38fa96.roa
File:                     3303a329-7bd2-44cc-9317-105a4d38fa96.roa (raw, json)
Hash identifier:          0/VmN/EHplStCXNUldApBITRxns2Qmh/4FQ+3BjdpZQ=
Subject key identifier:   A1:17:C8:DF:CE:EA:5C:D1:57:BF:38:98:38:BB:B2:0B:30:8A:96:FC
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       55AF105616371582CC95B4FAE25B7B9CF9D838A0
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3303a329-7bd2-44cc-9317-105a4d38fa96.roa
Signing time:             Wed 15 Feb 2023 00:00:00 +0000
ROA not before:           Wed 15 Feb 2023 00:00:00 +0000
ROA not after:            Sat 18 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:af:10:56:16:37:15:82:cc:95:b4:fa:e2:5b:7b:9c:f9:d8:38:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 15 00:00:00 2023 GMT
            Not After : Feb 18 23:59:59 2023 GMT
        Subject: serialNumber=0fb19dccb3cd6bab2c0195fbd3f7f515540c2757a7e7c695b79fdcaeca9d8879, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:b4:64:e0:00:dd:47:e3:cd:03:09:88:8b:45:
                    d4:42:c2:cf:b8:cd:e3:ee:7d:17:df:d6:9e:24:d6:
                    be:16:27:00:fa:4f:79:e5:94:90:22:78:42:2f:00:
                    38:be:17:89:3f:02:87:ee:3f:bf:1d:c1:7b:47:b4:
                    3d:2b:ea:df:39:17:2e:42:96:e3:74:a2:ff:88:8d:
                    1a:b0:39:31:0d:ed:30:23:67:23:4f:65:0c:8f:fc:
                    bf:fb:e5:69:36:94:2c:77:ad:56:88:45:a3:ef:ad:
                    16:9b:39:0d:db:29:1a:aa:8f:6d:ec:d1:f9:eb:71:
                    d9:bd:db:e2:fc:38:07:08:56:99:54:58:65:58:e2:
                    cb:81:37:59:7c:87:0c:cc:ba:a8:43:a5:d2:00:5f:
                    7a:92:1f:52:44:23:ab:2f:67:af:59:e9:4b:66:ce:
                    b1:3a:b4:38:07:f1:77:84:07:20:14:74:b9:81:1f:
                    ef:b7:81:06:58:a1:c8:b2:d8:98:18:dc:ae:ea:e7:
                    76:b8:6f:9a:0e:b9:26:ad:09:51:6a:1d:06:94:72:
                    8a:12:02:50:17:c3:18:5d:ed:fe:dd:2b:09:65:9d:
                    f6:72:f0:b4:1b:25:95:4f:db:a0:df:f1:4a:e9:30:
                    4b:cc:72:1a:85:31:99:26:83:d6:fc:93:45:d4:54:
                    d0:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:17:C8:DF:CE:EA:5C:D1:57:BF:38:98:38:BB:B2:0B:30:8A:96:FC
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3303a329-7bd2-44cc-9317-105a4d38fa96.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:eb:36:69:8a:d9:a3:d8:17:59:a5:6e:cc:13:24:fa:c3:0d:
         a6:c9:b9:b2:52:38:c2:36:b1:37:1e:7c:94:6c:9a:95:68:8c:
         5d:bc:80:e1:e9:5c:49:96:8f:02:70:73:2b:af:49:66:c4:fd:
         b0:d5:86:96:6d:a3:0c:5c:52:75:bb:0f:c3:96:c0:55:0c:d1:
         69:ed:fe:24:bf:ba:93:14:3b:57:9e:3c:16:95:b4:71:42:3e:
         93:ef:37:4f:31:08:e4:9e:6a:2e:2d:e8:9c:38:08:17:83:f8:
         c6:34:a4:45:75:fe:e8:d9:05:42:34:b4:58:46:24:3f:cc:83:
         51:d7:aa:39:88:c3:17:9d:79:a4:1f:99:16:f6:d4:19:cb:ac:
         1b:60:e6:f3:46:04:16:17:7b:f3:85:68:40:d5:83:4e:e2:95:
         82:b3:ab:b5:b6:78:dc:64:ff:96:66:6f:89:d0:5b:73:93:ba:
         59:75:e9:ab:b2:36:77:0c:46:db:7c:8d:8c:91:25:04:39:74:
         8b:90:00:d0:5c:0b:a9:24:02:8a:e6:13:24:ba:29:03:62:90:
         fd:3a:71:38:cf:65:9c:09:7b:bf:d5:e2:bf:fb:88:43:a1:3d:
         6e:48:53:1c:e8:3c:05:cf:e8:f8:64:d5:ef:52:d0:38:c9:4e:
         bf:d8:50:4f
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUVa8QVhY3FYLMlbT64lt7nPnYOKAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjE1MDAwMDAwWhcNMjMwMjE4MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMGZiMTlkY2NiM2NkNmJhYjJjMDE5NWZiZDNmN2Y1MTU1
NDBjMjc1N2E3ZTdjNjk1Yjc5ZmRjYWVjYTlkODg3OTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALe0ZOAA3UfjzQMJiItF1ELCz7jN4+59F9/WniTWvhYnAPpPeeWU
kCJ4Qi8AOL4XiT8Ch+4/vx3Be0e0PSvq3zkXLkKW43Si/4iNGrA5MQ3tMCNnI09l
DI/8v/vlaTaULHetVohFo++tFps5DdspGqqPbezR+etx2b3b4vw4BwhWmVRYZVji
y4E3WXyHDMy6qEOl0gBfepIfUkQjqy9nr1npS2bOsTq0OAfxd4QHIBR0uYEf77eB
BlihyLLYmBjcrurndrhvmg65Jq0JUWodBpRyihICUBfDGF3t/t0rCWWd9nLwtBsl
lU/boN/xSukwS8xyGoUxmSaD1vyTRdRU0HUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBShF8jfzupc0Ve/OJg4u7ILMIqW/DAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMzMwM2EzMjktN2JkMi00NGNjLTkzMTctMTA1YTRkMzhmYTk2LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEjrNmmK2aPYF1ml
bswTJPrDDabJubJSOMI2sTcefJRsmpVojF28gOHpXEmWjwJwcyuvSWbE/bDVhpZt
owxcUnW7D8OWwFUM0Wnt/iS/upMUO1eePBaVtHFCPpPvN08xCOSeai4t6Jw4CBeD
+MY0pEV1/ujZBUI0tFhGJD/Mg1HXqjmIwxedeaQfmRb21BnLrBtg5vNGBBYXe/OF
aEDVg07ilYKzq7W2eNxk/5Zmb4nQW3OTull16auyNncMRtt8jYyRJQQ5dIuQANBc
C6kkAormEyS6KQNikP06cTjPZZwJe7/V4r/7iEOhPW5IUxzoPAXP6Phk1e9S0DjJ
Tr/YUE8=
-----END CERTIFICATE-----