Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/354928c4-4c61-45b9-9bb0-9c36a577de50.roa
File:                     354928c4-4c61-45b9-9bb0-9c36a577de50.roa (raw, json)
Hash identifier:          CrF0Br5qI8fdMv9kb/d6TPDciysDJwIAbAfmNCt82q0=
Subject key identifier:   BB:8E:EC:6C:D9:0C:FA:2B:18:92:F6:95:A6:88:B6:69:B7:72:A3:DD
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       13D728217F47FCA6234F646A7CEC70DB4AED9631
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/354928c4-4c61-45b9-9bb0-9c36a577de50.roa
Signing time:             Wed 19 Apr 2023 00:00:00 +0000
ROA not before:           Wed 19 Apr 2023 00:00:00 +0000
ROA not after:            Sat 22 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:d7:28:21:7f:47:fc:a6:23:4f:64:6a:7c:ec:70:db:4a:ed:96:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 19 00:00:00 2023 GMT
            Not After : Apr 22 23:59:59 2023 GMT
        Subject: serialNumber=531db8af23c3ae0e10e60d9dff9db5b7e619fff9a93f1148b361df3621249b63, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:ec:e9:69:86:93:8f:e5:26:ac:0e:99:d8:26:
                    bc:52:22:f5:9d:cc:a9:4e:df:df:fe:40:9f:d7:ec:
                    1b:34:b3:70:fa:3c:48:94:29:f4:a6:83:49:3a:de:
                    38:a8:25:84:71:98:f9:14:24:34:55:d4:ee:3b:7c:
                    76:e0:d9:eb:43:9a:b9:0d:bd:eb:94:16:ca:39:db:
                    36:b1:2d:06:01:4c:5a:56:29:e6:d8:29:d1:20:0c:
                    3b:ab:c9:2c:fb:17:01:2e:cd:92:5a:3d:17:bd:21:
                    c0:16:e2:bc:e9:d8:e6:e6:0d:e3:f2:07:2b:cb:f4:
                    c8:14:27:64:a2:f5:d9:d7:1c:61:45:90:57:9d:c6:
                    4b:2f:88:bf:7f:f8:77:c6:1b:2c:f5:33:ba:23:c8:
                    af:11:e3:cb:2c:2a:b8:4b:97:a9:e6:ac:97:17:5e:
                    b0:53:3d:90:9d:d8:b5:42:da:3e:2b:68:e6:a9:2d:
                    03:44:43:de:24:6a:b5:3d:a6:6b:90:2f:95:cd:32:
                    02:fc:2b:4a:00:96:c7:2a:eb:b5:8a:f7:e0:c0:99:
                    38:8a:3c:63:58:1e:32:75:b8:42:2c:62:e4:04:08:
                    3e:8d:2c:12:f4:a9:d6:c1:9a:04:50:40:d5:63:73:
                    37:91:d6:4b:e5:ab:a4:d2:34:f8:62:c8:00:50:65:
                    ba:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:8E:EC:6C:D9:0C:FA:2B:18:92:F6:95:A6:88:B6:69:B7:72:A3:DD
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/354928c4-4c61-45b9-9bb0-9c36a577de50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:58:65:de:54:68:41:3e:13:c8:33:d8:2e:f1:1e:fe:e2:47:
         04:7d:d4:32:8f:8e:26:a6:38:4b:a8:dd:25:55:6c:6f:c8:5c:
         b6:c0:08:51:17:f2:d4:c0:02:20:aa:41:e6:16:88:ab:16:4b:
         91:d9:27:90:92:1c:3f:5e:94:d5:62:2b:2e:d8:b8:3e:94:f5:
         09:67:6f:8e:15:95:d3:f6:1b:30:17:3d:ad:03:41:f8:24:61:
         6a:45:5a:9b:5b:c1:31:a1:3c:d1:5f:17:77:b0:f7:89:ea:74:
         42:fa:47:96:6d:f7:c1:b8:1f:22:b9:be:87:42:a0:51:04:87:
         6d:ac:70:8e:f1:ac:3d:51:21:92:43:68:79:95:53:9a:b2:22:
         34:12:c3:89:37:4d:cf:61:c1:1f:74:ec:51:cb:7d:e8:05:97:
         a9:f1:98:43:7e:c2:bc:c9:ff:f5:79:2c:36:03:7d:e0:f6:7a:
         52:02:9f:2e:ba:99:50:08:a0:d6:fa:ab:8b:91:28:b8:cd:86:
         7d:13:11:d4:f1:46:60:45:9a:11:24:54:74:e2:ab:3c:6b:65:
         4f:1b:5c:d5:46:d3:bf:7d:3a:a9:63:aa:08:f1:53:72:33:4b:
         40:d3:ba:d5:6b:ea:f2:09:1f:6a:07:c2:3b:f0:af:da:9f:50:
         54:e0:c7:06
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUE9coIX9H/KYjT2RqfOxw20rtljEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDE5MDAwMDAwWhcNMjMwNDIyMjM1OTU5
WjCBpTFJMEcGA1UEBRNANTMxZGI4YWYyM2MzYWUwZTEwZTYwZDlkZmY5ZGI1Yjdl
NjE5ZmZmOWE5M2YxMTQ4YjM2MWRmMzYyMTI0OWI2MzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJTs6WmGk4/lJqwOmdgmvFIi9Z3MqU7f3/5An9fsGzSzcPo8SJQp
9KaDSTreOKglhHGY+RQkNFXU7jt8duDZ60OauQ2965QWyjnbNrEtBgFMWlYp5tgp
0SAMO6vJLPsXAS7Nklo9F70hwBbivOnY5uYN4/IHK8v0yBQnZKL12dccYUWQV53G
Sy+Iv3/4d8YbLPUzuiPIrxHjyywquEuXqeaslxdesFM9kJ3YtULaPito5qktA0RD
3iRqtT2ma5Avlc0yAvwrSgCWxyrrtYr34MCZOIo8Y1geMnW4Qixi5AQIPo0sEvSp
1sGaBFBA1WNzN5HWS+WrpNI0+GLIAFBlussCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBS7juxs2Qz6KxiS9pWmiLZpt3Kj3TAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMzU0OTI4YzQtNGM2MS00NWI5LTliYjAtOWMzNmE1NzdkZTUwLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAZYZd5UaEE+E8gz
2C7xHv7iRwR91DKPjiamOEuo3SVVbG/IXLbACFEX8tTAAiCqQeYWiKsWS5HZJ5CS
HD9elNViKy7YuD6U9Qlnb44VldP2GzAXPa0DQfgkYWpFWptbwTGhPNFfF3ew94nq
dEL6R5Zt98G4HyK5vodCoFEEh22scI7xrD1RIZJDaHmVU5qyIjQSw4k3Tc9hwR90
7FHLfegFl6nxmEN+wrzJ//V5LDYDfeD2elICny66mVAIoNb6q4uRKLjNhn0TEdTx
RmBFmhEkVHTiqzxrZU8bXNVG0799OqljqgjxU3IzS0DTutVr6vIJH2oHwjvwr9qf
UFTgxwY=
-----END CERTIFICATE-----