Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3695561e-0562-4708-94d2-3256116da1c0.roa
File:                     3695561e-0562-4708-94d2-3256116da1c0.roa (raw, json)
Hash identifier:          n2DJRn5BEwUi1Hpg7nFneN3I59dQ3ye1EQY8TDPz62k=
Subject key identifier:   09:7C:21:D2:CB:27:28:87:24:DB:22:6A:C7:B4:8F:9B:FE:55:BF:6A
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       4F9E6A0D3BC049E3CC3201C84EB0B3C9EDD03EF5
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3695561e-0562-4708-94d2-3256116da1c0.roa
Signing time:             Sun 19 Feb 2023 00:00:00 +0000
ROA not before:           Sun 19 Feb 2023 00:00:00 +0000
ROA not after:            Wed 22 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:9e:6a:0d:3b:c0:49:e3:cc:32:01:c8:4e:b0:b3:c9:ed:d0:3e:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 19 00:00:00 2023 GMT
            Not After : Feb 22 23:59:59 2023 GMT
        Subject: serialNumber=a49d93f63e3cb9b466f793da048066343edff33efa5480d49fd49314efb9129b, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:c7:c9:66:f0:7f:6a:80:e3:2c:c8:14:39:bd:
                    b9:f3:53:66:52:b8:bc:bf:49:47:e0:16:9c:4c:65:
                    e6:36:3c:87:74:01:d1:c1:64:51:c4:a3:33:37:fc:
                    64:90:82:f7:23:5b:6f:af:f1:62:53:ae:2d:ad:ec:
                    e7:83:99:00:02:11:8c:f4:fa:b8:5c:a6:cf:4b:22:
                    10:75:4f:87:84:46:f2:78:4e:aa:66:07:cf:d2:94:
                    fb:a2:d2:c3:93:4d:d7:30:25:37:91:aa:c4:e4:03:
                    2a:7a:2b:7a:9f:98:5c:ff:47:c1:9a:74:51:62:e2:
                    60:6e:8c:99:18:ed:62:78:60:59:96:6d:ab:19:90:
                    26:26:45:23:c0:75:06:81:54:f7:26:04:d3:f6:31:
                    45:3e:9e:55:ba:0c:b6:c0:25:57:75:73:92:7c:36:
                    4b:e2:af:72:e3:9c:5f:6f:c5:b5:86:b5:43:70:52:
                    aa:05:a7:a5:1a:7a:45:7c:55:ab:b9:07:e4:d8:97:
                    32:a5:a7:e9:b1:90:50:df:bb:ef:19:53:90:17:fb:
                    7c:75:45:7a:1c:03:58:7a:65:74:e6:93:1e:fb:00:
                    d6:85:67:ae:7d:9a:94:f4:35:ae:9f:68:c5:23:c6:
                    48:d9:f9:1d:f5:c1:4e:92:1c:a3:75:f3:23:32:4b:
                    9c:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:7C:21:D2:CB:27:28:87:24:DB:22:6A:C7:B4:8F:9B:FE:55:BF:6A
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3695561e-0562-4708-94d2-3256116da1c0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:a3:3d:c6:69:7b:9b:62:bd:fb:ef:ce:9d:2e:ef:fd:28:18:
         7c:71:8c:2f:8d:f7:44:7d:7f:97:aa:b3:9d:52:2d:6e:dc:5c:
         51:d4:ff:95:02:7c:24:54:4f:ea:55:c0:8b:45:fa:98:93:b3:
         cc:f7:56:9b:16:42:9a:1a:71:20:33:6b:8c:72:67:cd:c6:60:
         8b:2d:38:3e:17:a1:09:c1:79:50:a6:ba:99:6a:06:da:e5:48:
         51:bc:2b:37:6e:c4:6d:6c:5d:8f:71:7f:21:cb:88:1b:d0:81:
         87:de:df:bd:c1:16:94:25:18:a2:24:0f:16:fa:b6:1e:51:ba:
         43:bb:2e:96:62:36:62:69:d0:f0:db:60:a3:06:4b:43:c0:49:
         9f:19:a6:47:61:6a:be:b6:13:84:38:c1:10:ad:65:af:ad:cd:
         35:79:0c:ab:b7:e6:c8:a8:06:2b:1f:11:d6:2c:0d:49:0c:d1:
         13:97:9b:43:a2:ea:96:1f:6e:0e:45:92:40:e4:9e:50:70:65:
         47:fb:fb:3e:0f:01:f5:90:ec:8a:72:ac:b0:74:5e:24:5d:39:
         fd:5d:9d:55:54:67:d9:c0:9d:19:6f:25:e7:09:ea:49:3c:71:
         d7:90:a4:47:1f:2c:3b:d6:79:21:dc:8d:84:28:d4:42:fe:27:
         9c:e7:dc:5b
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUT55qDTvASePMMgHITrCzye3QPvUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjE5MDAwMDAwWhcNMjMwMjIyMjM1OTU5
WjCBpTFJMEcGA1UEBRNAYTQ5ZDkzZjYzZTNjYjliNDY2Zjc5M2RhMDQ4MDY2MzQz
ZWRmZjMzZWZhNTQ4MGQ0OWZkNDkzMTRlZmI5MTI5YjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMrHyWbwf2qA4yzIFDm9ufNTZlK4vL9JR+AWnExl5jY8h3QB0cFk
UcSjMzf8ZJCC9yNbb6/xYlOuLa3s54OZAAIRjPT6uFymz0siEHVPh4RG8nhOqmYH
z9KU+6LSw5NN1zAlN5GqxOQDKnorep+YXP9HwZp0UWLiYG6MmRjtYnhgWZZtqxmQ
JiZFI8B1BoFU9yYE0/YxRT6eVboMtsAlV3Vzknw2S+KvcuOcX2/FtYa1Q3BSqgWn
pRp6RXxVq7kH5NiXMqWn6bGQUN+77xlTkBf7fHVFehwDWHpldOaTHvsA1oVnrn2a
lPQ1rp9oxSPGSNn5HfXBTpIco3XzIzJLnKsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQJfCHSyycohyTbImrHtI+b/lW/ajAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMzY5NTU2MWUtMDU2Mi00NzA4LTk0ZDItMzI1NjExNmRhMWMwLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAB+jPcZpe5tivfvv
zp0u7/0oGHxxjC+N90R9f5eqs51SLW7cXFHU/5UCfCRUT+pVwItF+piTs8z3VpsW
QpoacSAza4xyZ83GYIstOD4XoQnBeVCmuplqBtrlSFG8KzduxG1sXY9xfyHLiBvQ
gYfe373BFpQlGKIkDxb6th5RukO7LpZiNmJp0PDbYKMGS0PASZ8Zpkdhar62E4Q4
wRCtZa+tzTV5DKu35sioBisfEdYsDUkM0ROXm0Oi6pYfbg5FkkDknlBwZUf7+z4P
AfWQ7IpyrLB0XiRdOf1dnVVUZ9nAnRlvJecJ6kk8cdeQpEcfLDvWeSHcjYQo1EL+
J5zn3Fs=
-----END CERTIFICATE-----