Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3631f83e-7319-4c69-a990-ae42d9719618.roa
File:                     3631f83e-7319-4c69-a990-ae42d9719618.roa (raw, json)
Hash identifier:          DLS4YcQSuCU5aJiyN88t8s1+abwo83kueaIe9ve1hU8=
Subject key identifier:   0B:69:CB:84:87:91:FD:42:B3:72:F6:C1:3D:F9:03:B8:8A:74:50:BC
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       07B39EEB52EBDFAE19211BB1BA3177E2E45E2CE2
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3631f83e-7319-4c69-a990-ae42d9719618.roa
Signing time:             Sun 12 Feb 2023 00:00:00 +0000
ROA not before:           Sun 12 Feb 2023 00:00:00 +0000
ROA not after:            Wed 15 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:b3:9e:eb:52:eb:df:ae:19:21:1b:b1:ba:31:77:e2:e4:5e:2c:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 12 00:00:00 2023 GMT
            Not After : Feb 15 23:59:59 2023 GMT
        Subject: serialNumber=b9490605b3957bd79f0a393edab98ab13a26a84c57f219263f236b6c72e470c9, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:2d:25:73:46:ff:2a:28:75:72:da:7a:da:d6:
                    59:67:b3:fb:24:d2:91:3d:de:92:b9:36:24:ca:3b:
                    07:51:9b:bb:f9:1f:6e:e6:d1:8c:86:a7:3c:e1:7f:
                    cb:b9:08:d7:eb:9a:9e:10:bb:02:9a:22:df:be:d7:
                    4f:75:e6:ac:b3:8c:a5:85:46:e9:f9:98:2a:c7:d8:
                    7b:82:ce:11:1c:ab:7a:23:8e:e7:ce:71:4c:81:50:
                    5f:45:e5:e4:c3:2f:2f:27:9c:d3:70:05:40:a1:34:
                    e6:d5:9f:e5:d6:d2:fb:8a:cb:d7:3f:e1:57:7d:e8:
                    b1:40:d4:71:78:36:e2:fc:c1:3c:79:dc:e5:2e:68:
                    a6:5c:5a:d0:e7:33:a8:66:29:fb:c9:f0:4e:6e:56:
                    e8:5c:75:4e:18:cf:47:e6:92:d3:54:92:3c:4a:fb:
                    ba:c6:c9:92:10:96:62:5e:ca:9c:01:0b:66:bc:c5:
                    05:e5:de:61:b9:70:d4:ae:29:e0:f0:b8:37:12:65:
                    76:f4:96:a0:75:94:ca:d0:ce:66:67:e7:5f:50:b2:
                    c5:38:68:52:ff:c3:5c:4b:e8:00:2d:da:d7:75:4f:
                    5a:dc:b0:99:dd:03:86:25:57:ea:75:4b:b3:46:14:
                    c3:73:af:f1:1f:e5:2a:5f:0b:99:1c:73:6a:74:70:
                    25:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:69:CB:84:87:91:FD:42:B3:72:F6:C1:3D:F9:03:B8:8A:74:50:BC
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3631f83e-7319-4c69-a990-ae42d9719618.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:5d:77:b5:72:d2:c0:a4:19:31:3b:8c:c0:16:c0:3a:df:7a:
         89:9c:f3:c7:6e:ff:12:88:1a:86:05:f9:45:eb:12:87:91:c5:
         94:e4:ca:71:5c:e7:01:b8:b0:49:14:25:46:4c:5c:1d:f5:aa:
         38:a3:42:2c:95:58:a6:a3:5d:55:31:9d:b1:a2:c6:3f:88:73:
         1d:7b:c9:22:36:9e:16:02:2e:94:6a:42:a8:8c:8c:ac:f8:fd:
         37:95:48:e0:9b:cd:ea:51:c6:86:b2:9a:93:e7:3f:7d:97:9e:
         47:de:79:74:9e:da:59:71:09:ba:94:61:74:d6:cf:94:04:61:
         f4:22:04:d5:73:bd:65:d9:f3:22:5b:e1:9b:e1:77:37:d1:1d:
         3a:0c:7b:06:60:ef:ab:dc:95:1a:dd:a4:84:ec:85:b1:1a:d0:
         43:e0:04:36:d6:e0:66:f1:f6:09:0b:c2:1e:1b:2e:d8:ee:c5:
         7c:b3:71:09:74:44:58:56:fb:62:8d:06:b3:76:7a:77:cc:56:
         74:33:36:2a:68:ce:20:73:2f:8b:c1:f4:9f:1e:5a:53:bf:c8:
         d7:af:17:70:15:3a:99:7c:f0:af:c7:79:31:3d:62:92:60:5e:
         d9:0b:0e:48:bb:b1:32:a5:e9:d4:8e:ad:20:04:b3:fb:fb:59:
         31:d8:4b:42
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUB7Oe61Lr364ZIRuxujF34uReLOIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjEyMDAwMDAwWhcNMjMwMjE1MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYjk0OTA2MDViMzk1N2JkNzlmMGEzOTNlZGFiOThhYjEz
YTI2YTg0YzU3ZjIxOTI2M2YyMzZiNmM3MmU0NzBjOTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMAtJXNG/yoodXLaetrWWWez+yTSkT3ekrk2JMo7B1Gbu/kfbubR
jIanPOF/y7kI1+uanhC7Apoi377XT3XmrLOMpYVG6fmYKsfYe4LOERyreiOO585x
TIFQX0Xl5MMvLyec03AFQKE05tWf5dbS+4rL1z/hV33osUDUcXg24vzBPHnc5S5o
plxa0OczqGYp+8nwTm5W6Fx1ThjPR+aS01SSPEr7usbJkhCWYl7KnAELZrzFBeXe
Yblw1K4p4PC4NxJldvSWoHWUytDOZmfnX1CyxThoUv/DXEvoAC3a13VPWtywmd0D
hiVX6nVLs0YUw3Ov8R/lKl8LmRxzanRwJR8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQLacuEh5H9QrNy9sE9+QO4inRQvDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMzYzMWY4M2UtNzMxOS00YzY5LWE5OTAtYWU0MmQ5NzE5NjE4LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADJdd7Vy0sCkGTE7
jMAWwDrfeomc88du/xKIGoYF+UXrEoeRxZTkynFc5wG4sEkUJUZMXB31qjijQiyV
WKajXVUxnbGixj+Icx17ySI2nhYCLpRqQqiMjKz4/TeVSOCbzepRxoaympPnP32X
nkfeeXSe2llxCbqUYXTWz5QEYfQiBNVzvWXZ8yJb4ZvhdzfRHToMewZg76vclRrd
pITshbEa0EPgBDbW4Gbx9gkLwh4bLtjuxXyzcQl0RFhW+2KNBrN2enfMVnQzNipo
ziBzL4vB9J8eWlO/yNevF3AVOpl88K/HeTE9YpJgXtkLDki7sTKl6dSOrSAEs/v7
WTHYS0I=
-----END CERTIFICATE-----