Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/34cf2e89-f34a-4141-9d01-697781d84dd5.roa
File:                     34cf2e89-f34a-4141-9d01-697781d84dd5.roa (raw, json)
Hash identifier:          KBIILuGeRAokvEhc/z6R0TWH5iV65kKrf67/BME+LxU=
Subject key identifier:   33:FA:AD:18:DD:44:4E:26:4D:43:93:7A:E3:A1:1B:77:FA:B2:E2:F3
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       748F92FC0AE5A3EBEAC4EA2B7342261FEEA0AB58
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/34cf2e89-f34a-4141-9d01-697781d84dd5.roa
Signing time:             Sun 26 Mar 2023 00:00:00 +0000
ROA not before:           Sun 26 Mar 2023 00:00:00 +0000
ROA not after:            Wed 29 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:8f:92:fc:0a:e5:a3:eb:ea:c4:ea:2b:73:42:26:1f:ee:a0:ab:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 26 00:00:00 2023 GMT
            Not After : Mar 29 23:59:59 2023 GMT
        Subject: serialNumber=7b4d9c50b6873d4cd8ec59d3d2eec91b14a589fa327925c38f693a4641e1cf72, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:42:5e:b1:eb:fa:d2:f7:24:50:f2:af:4e:e7:
                    8b:35:9a:e7:a0:51:8b:6b:90:30:f2:93:79:ed:93:
                    4a:06:99:2f:5a:d1:8c:18:51:c1:0d:ce:21:19:a3:
                    e9:1e:43:b9:2a:38:20:f6:89:6d:d4:12:25:78:4d:
                    8c:e7:ca:16:20:0a:d8:da:13:05:98:d5:f4:b6:75:
                    d9:c2:29:1e:fa:28:9a:8a:df:a6:b1:61:b6:c8:e2:
                    3f:7d:46:e2:32:21:af:30:4b:8c:f7:4f:76:11:c0:
                    82:32:9e:1d:e8:88:20:7b:04:e3:a9:35:bd:f8:17:
                    9b:9e:60:f2:5c:70:9b:29:9b:55:4b:e1:8c:17:10:
                    8d:15:56:74:04:da:cf:97:df:e4:7a:68:0b:81:62:
                    5c:d4:dc:b4:8c:fc:d5:4d:50:a6:47:11:2d:76:96:
                    93:3e:1d:64:8b:0a:e7:d8:00:36:99:8d:68:2a:f7:
                    75:0e:45:63:a6:be:b9:d1:c4:8b:80:26:33:cb:ae:
                    35:89:a9:33:aa:40:09:73:cb:dd:8b:20:91:31:ef:
                    2c:cc:08:19:22:7e:01:a7:30:eb:b9:0f:f5:c7:83:
                    b5:1e:e5:23:c4:46:7f:54:cc:a2:b1:4c:f0:88:61:
                    fd:07:93:fa:78:35:9e:79:02:68:34:7d:13:46:a3:
                    3b:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:FA:AD:18:DD:44:4E:26:4D:43:93:7A:E3:A1:1B:77:FA:B2:E2:F3
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/34cf2e89-f34a-4141-9d01-697781d84dd5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:8f:c9:78:47:ab:1b:ed:41:6b:f7:50:15:07:9d:21:19:cc:
         28:c4:19:4e:bc:f1:ca:e5:40:ed:9a:37:29:84:89:d5:01:15:
         23:8e:97:61:85:81:1f:ee:ca:69:fc:6d:26:75:7e:4b:e4:8c:
         01:0e:ba:f5:b4:7d:49:02:be:02:54:cd:9b:cb:0c:8f:97:41:
         bf:bd:03:fa:a3:e4:ed:2c:b9:6f:43:a1:8e:1b:a5:0b:aa:2c:
         4d:19:90:05:03:14:ac:1f:05:21:55:a0:e3:94:f2:00:76:8c:
         04:fd:e4:1a:b1:81:28:17:57:4a:f6:69:a3:95:7e:d8:8c:1f:
         b3:0a:53:dd:fd:f5:cb:9d:ba:f9:7a:f4:91:7d:55:53:11:09:
         f2:c8:31:9c:e0:83:5f:a1:88:c6:1e:97:da:a5:9a:7d:d6:bc:
         3d:83:44:eb:ad:71:5e:92:e9:fd:9c:40:5d:0c:a5:5b:5b:1a:
         e1:ce:87:96:67:98:22:e4:b8:aa:cc:ac:d3:90:fd:28:66:60:
         bc:ef:88:8b:d1:33:6c:09:5a:08:2e:10:c5:fe:fb:d4:73:4f:
         e0:40:65:ea:b9:78:0a:b6:ca:cc:e2:22:4e:e1:b9:3f:1c:c3:
         1c:25:66:18:d1:c4:49:24:a1:36:49:78:e9:b2:e9:2a:77:13:
         f0:21:32:29
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUdI+S/Arlo+vqxOorc0ImH+6gq1gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzI2MDAwMDAwWhcNMjMwMzI5MjM1OTU5
WjCBpTFJMEcGA1UEBRNAN2I0ZDljNTBiNjg3M2Q0Y2Q4ZWM1OWQzZDJlZWM5MWIx
NGE1ODlmYTMyNzkyNWMzOGY2OTNhNDY0MWUxY2Y3MjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAIRCXrHr+tL3JFDyr07nizWa56BRi2uQMPKTee2TSgaZL1rRjBhR
wQ3OIRmj6R5DuSo4IPaJbdQSJXhNjOfKFiAK2NoTBZjV9LZ12cIpHvoomorfprFh
tsjiP31G4jIhrzBLjPdPdhHAgjKeHeiIIHsE46k1vfgXm55g8lxwmymbVUvhjBcQ
jRVWdATaz5ff5HpoC4FiXNTctIz81U1QpkcRLXaWkz4dZIsK59gANpmNaCr3dQ5F
Y6a+udHEi4AmM8uuNYmpM6pACXPL3YsgkTHvLMwIGSJ+Aacw67kP9ceDtR7lI8RG
f1TMorFM8Ihh/QeT+ng1nnkCaDR9E0ajO8UCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQz+q0Y3UROJk1Dk3rjoRt3+rLi8zAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMzRjZjJlODktZjM0YS00MTQxLTlkMDEtNjk3NzgxZDg0ZGQ1LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHCPyXhHqxvtQWv3
UBUHnSEZzCjEGU688crlQO2aNymEidUBFSOOl2GFgR/uymn8bSZ1fkvkjAEOuvW0
fUkCvgJUzZvLDI+XQb+9A/qj5O0suW9DoY4bpQuqLE0ZkAUDFKwfBSFVoOOU8gB2
jAT95BqxgSgXV0r2aaOVftiMH7MKU9399cuduvl69JF9VVMRCfLIMZzgg1+hiMYe
l9qlmn3WvD2DROutcV6S6f2cQF0MpVtbGuHOh5ZnmCLkuKrMrNOQ/ShmYLzviIvR
M2wJWgguEMX++9RzT+BAZeq5eAq2ysziIk7huT8cwxwlZhjRxEkkoTZJeOmy6Sp3
E/AhMik=
-----END CERTIFICATE-----