Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3338444d-55dc-4b63-8442-c9d113b5786f.roa
File:                     3338444d-55dc-4b63-8442-c9d113b5786f.roa (raw, json)
Hash identifier:          0Ex5TtNoFOdn+ObyXB3jHeQPTGfb1wnD0NS1XaaA8Vc=
Subject key identifier:   F1:83:8C:14:9D:C5:7F:0B:08:30:C0:21:7F:E2:33:41:6C:82:30:BA
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       532BE42E9FC37B443579576F57B6CB12F4277A2F
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3338444d-55dc-4b63-8442-c9d113b5786f.roa
Signing time:             Fri 24 Feb 2023 00:00:00 +0000
ROA not before:           Fri 24 Feb 2023 00:00:00 +0000
ROA not after:            Mon 27 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:2b:e4:2e:9f:c3:7b:44:35:79:57:6f:57:b6:cb:12:f4:27:7a:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 24 00:00:00 2023 GMT
            Not After : Feb 27 23:59:59 2023 GMT
        Subject: serialNumber=2c806e70331a7ab5dfeb7c86dffeff6fd69be02e6e4349c87185e1886a7c7c67, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:2a:9f:a2:43:29:4c:f2:0d:04:09:5c:6c:fd:
                    0d:7f:ed:09:e5:94:8b:bd:e1:1d:4a:fd:80:1b:4c:
                    06:a6:c3:ab:59:8e:d8:cd:1c:1d:73:5a:55:14:85:
                    83:e6:94:b8:c8:6d:79:83:c8:6e:62:e4:1e:d2:fa:
                    63:a0:16:63:d7:da:88:af:ef:b8:c8:ef:57:c0:f6:
                    89:ae:b4:b3:ba:db:78:ad:61:9d:45:bf:ac:a9:7f:
                    a2:a6:03:1c:85:cc:e7:39:5a:46:06:d2:fc:5b:a6:
                    e5:9e:3c:09:a5:23:04:de:41:74:26:f0:4a:ac:cd:
                    d4:13:e3:4a:26:48:39:c1:4f:13:48:47:b2:ee:9f:
                    d2:ab:7a:c3:fc:ae:e6:7d:19:c3:14:fe:37:da:fc:
                    ff:74:7a:ee:79:c2:d3:70:f2:20:83:47:71:63:07:
                    b8:fd:ff:d4:f0:ea:60:f6:d0:be:bd:68:78:98:2f:
                    71:e0:17:e0:a1:5c:7b:b3:d7:6a:50:dd:a1:81:68:
                    8b:5b:d1:b9:ad:a6:73:6a:2f:05:42:23:a1:d8:dc:
                    0d:95:91:3d:fd:2f:ed:7b:78:92:c2:59:dc:1c:a1:
                    0a:9f:2f:cd:be:53:a1:73:53:4d:c6:12:35:c0:9b:
                    a7:e1:5c:96:ed:bd:e2:85:f0:00:4c:ae:6d:33:4a:
                    51:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:83:8C:14:9D:C5:7F:0B:08:30:C0:21:7F:E2:33:41:6C:82:30:BA
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3338444d-55dc-4b63-8442-c9d113b5786f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:07:ec:ad:69:64:46:2f:e2:f2:dc:0b:4b:fb:62:8d:05:00:
         bc:58:c2:fd:2f:3d:66:fd:fe:d5:31:7f:65:fe:a7:71:5c:07:
         4d:05:7d:67:d2:a7:dc:85:5f:ad:b6:33:85:b8:91:78:93:4e:
         ad:ae:f6:8f:05:4a:91:5a:57:ae:b5:a0:7f:bc:9f:ea:41:96:
         74:df:06:8d:83:87:c1:04:2c:c6:35:97:3a:54:d2:a8:cd:c2:
         40:f0:61:28:90:77:fd:0d:7a:eb:de:c4:a8:15:f9:b1:8a:18:
         db:34:3d:cf:bb:0e:67:4b:ea:7c:03:43:f2:ca:09:7e:39:02:
         b1:8b:c7:37:34:31:b5:11:ca:82:cc:4f:19:04:0f:b3:58:27:
         ae:36:bc:2c:b9:a3:13:61:d2:f9:f6:bb:05:2b:a9:57:34:a4:
         a4:6d:84:7c:ce:dc:d2:70:97:d4:73:6b:9f:9e:42:8f:35:54:
         95:b1:aa:05:b7:60:bf:66:29:c1:20:d3:e4:07:0a:70:29:45:
         b6:2c:25:d6:45:57:00:b8:e4:d5:32:27:e6:3c:3d:cf:97:4d:
         aa:5e:5d:09:be:bf:b9:cc:34:e8:8d:1f:d6:c8:64:a8:0a:97:
         d0:45:ac:3a:f2:32:28:ed:a7:e0:89:c3:24:27:24:7e:ba:2a:
         9a:97:d2:97
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUUyvkLp/De0Q1eVdvV7bLEvQnei8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjI0MDAwMDAwWhcNMjMwMjI3MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMmM4MDZlNzAzMzFhN2FiNWRmZWI3Yzg2ZGZmZWZmNmZk
NjliZTAyZTZlNDM0OWM4NzE4NWUxODg2YTdjN2M2NzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAM0qn6JDKUzyDQQJXGz9DX/tCeWUi73hHUr9gBtMBqbDq1mO2M0c
HXNaVRSFg+aUuMhteYPIbmLkHtL6Y6AWY9faiK/vuMjvV8D2ia60s7rbeK1hnUW/
rKl/oqYDHIXM5zlaRgbS/Fum5Z48CaUjBN5BdCbwSqzN1BPjSiZIOcFPE0hHsu6f
0qt6w/yu5n0ZwxT+N9r8/3R67nnC03DyIINHcWMHuP3/1PDqYPbQvr1oeJgvceAX
4KFce7PXalDdoYFoi1vRua2mc2ovBUIjodjcDZWRPf0v7Xt4ksJZ3ByhCp8vzb5T
oXNTTcYSNcCbp+Fclu294oXwAEyubTNKUZsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTxg4wUncV/CwgwwCF/4jNBbIIwujAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMzMzODQ0NGQtNTVkYy00YjYzLTg0NDItYzlkMTEzYjU3ODZmLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJYH7K1pZEYv4vLc
C0v7Yo0FALxYwv0vPWb9/tUxf2X+p3FcB00FfWfSp9yFX622M4W4kXiTTq2u9o8F
SpFaV661oH+8n+pBlnTfBo2Dh8EELMY1lzpU0qjNwkDwYSiQd/0NeuvexKgV+bGK
GNs0Pc+7DmdL6nwDQ/LKCX45ArGLxzc0MbURyoLMTxkED7NYJ642vCy5oxNh0vn2
uwUrqVc0pKRthHzO3NJwl9Rza5+eQo81VJWxqgW3YL9mKcEg0+QHCnApRbYsJdZF
VwC45NUyJ+Y8Pc+XTapeXQm+v7nMNOiNH9bIZKgKl9BFrDryMijtp+CJwyQnJH66
KpqX0pc=
-----END CERTIFICATE-----