Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/37af8a36-4e5f-4139-a348-fb7bedc30261.roa
File:                     37af8a36-4e5f-4139-a348-fb7bedc30261.roa (raw, json)
Hash identifier:          PkCxaHOJgiZF1nNyq9SuJV3E5iD0w9qvD7bWC4q8Qgc=
Subject key identifier:   A8:80:E0:27:9E:6B:8D:6F:01:72:E0:62:72:0F:40:C2:D8:F1:61:CF
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       59DE7CD9C092320DB0A17714D7038EAFEAA4DCC9
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/37af8a36-4e5f-4139-a348-fb7bedc30261.roa
Signing time:             Tue 21 Feb 2023 00:00:00 +0000
ROA not before:           Tue 21 Feb 2023 00:00:00 +0000
ROA not after:            Fri 24 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:de:7c:d9:c0:92:32:0d:b0:a1:77:14:d7:03:8e:af:ea:a4:dc:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 21 00:00:00 2023 GMT
            Not After : Feb 24 23:59:59 2023 GMT
        Subject: serialNumber=0376b4f1a4b9b574b0d00f75e6aac2e85ca730b21f451cd97ffeee57178cbfd1, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:e2:db:4c:b7:e2:27:ed:fc:59:dc:e2:cd:da:
                    9d:7c:f3:a6:f4:23:7a:7c:75:6d:64:75:9b:20:5e:
                    23:e2:67:2d:ef:50:57:14:b7:d2:44:66:34:f9:4d:
                    dd:b3:98:e4:3a:f7:39:4b:b2:29:c7:a0:a1:07:17:
                    d8:63:59:b2:fa:83:42:1b:ca:6d:3f:a1:9d:4d:5e:
                    c7:33:35:20:97:5c:71:a5:87:96:c4:4a:4a:1a:86:
                    69:5b:62:06:0f:0f:f6:1c:c2:68:bb:87:6d:c0:00:
                    e6:4f:21:ec:36:4e:d9:de:92:85:da:c7:de:5d:35:
                    8d:15:b2:da:c2:c2:a5:bf:cc:24:b2:24:2a:5f:34:
                    1e:b9:e9:ba:81:57:34:21:de:85:ff:40:75:0c:e5:
                    52:78:96:a1:c1:5d:1a:0c:0c:9c:74:fc:a4:68:f4:
                    27:29:fc:be:34:dd:64:a0:32:33:4c:a7:35:23:41:
                    0f:f0:2a:95:9b:6a:b3:37:c8:3b:da:33:3f:20:10:
                    07:9a:94:c9:2c:0d:79:90:a9:80:7f:63:81:0a:31:
                    29:81:fe:c1:13:54:f7:02:39:53:ae:0e:38:b3:4e:
                    9a:b8:d1:c3:a1:1f:06:68:32:7b:6e:2b:80:44:ca:
                    1f:b5:95:b0:0c:35:25:4c:ef:97:70:3c:33:58:76:
                    5c:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:80:E0:27:9E:6B:8D:6F:01:72:E0:62:72:0F:40:C2:D8:F1:61:CF
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/37af8a36-4e5f-4139-a348-fb7bedc30261.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:fd:8f:50:b0:0b:8c:98:ee:bf:05:99:32:24:8e:a4:12:14:
         40:24:fd:61:bb:ce:25:72:dc:c9:8f:e5:91:91:b6:bb:37:26:
         9f:49:d9:09:b2:17:1a:4e:bf:7d:b4:1f:34:48:7f:56:63:e5:
         e4:04:c2:76:15:2c:3a:90:0c:4b:94:6d:8e:ef:1e:4c:b2:78:
         25:a7:7a:ca:ee:49:54:4d:df:4f:c7:4a:84:2a:85:03:50:68:
         53:05:aa:4e:90:ec:2f:9f:d4:cf:44:c0:19:6f:5f:2e:fb:48:
         2e:64:50:89:ee:e7:01:98:e4:de:3f:81:60:5d:56:a9:a5:67:
         d5:d6:14:f6:3c:3a:9f:aa:e5:07:4b:8e:91:77:fd:22:5b:6a:
         3e:f8:82:e3:76:7b:d0:29:16:6f:d4:c3:05:57:4a:33:c6:01:
         2c:22:32:0f:c1:14:ba:be:9d:96:94:41:43:4f:be:82:40:29:
         b7:7a:30:22:2b:c5:4d:bf:2c:c5:34:ac:e6:e9:e4:b1:30:99:
         20:da:f0:3a:03:bb:06:4c:41:b0:26:e3:26:f6:54:82:11:c8:
         fa:d7:c8:ad:d6:34:0b:f9:90:c6:4f:a3:dc:ef:55:36:ab:3a:
         db:7b:cd:60:0e:46:83:ba:ee:ad:77:fd:9f:f2:4c:cb:f0:91:
         10:c4:87:6b
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUWd582cCSMg2woXcU1wOOr+qk3MkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjIxMDAwMDAwWhcNMjMwMjI0MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMDM3NmI0ZjFhNGI5YjU3NGIwZDAwZjc1ZTZhYWMyZTg1
Y2E3MzBiMjFmNDUxY2Q5N2ZmZWVlNTcxNzhjYmZkMTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALPi20y34ift/Fnc4s3anXzzpvQjenx1bWR1myBeI+JnLe9QVxS3
0kRmNPlN3bOY5Dr3OUuyKcegoQcX2GNZsvqDQhvKbT+hnU1exzM1IJdccaWHlsRK
ShqGaVtiBg8P9hzCaLuHbcAA5k8h7DZO2d6ShdrH3l01jRWy2sLCpb/MJLIkKl80
HrnpuoFXNCHehf9AdQzlUniWocFdGgwMnHT8pGj0Jyn8vjTdZKAyM0ynNSNBD/Aq
lZtqszfIO9ozPyAQB5qUySwNeZCpgH9jgQoxKYH+wRNU9wI5U64OOLNOmrjRw6Ef
Bmgye24rgETKH7WVsAw1JUzvl3A8M1h2XIsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSogOAnnmuNbwFy4GJyD0DC2PFhzzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMzdhZjhhMzYtNGU1Zi00MTM5LWEzNDgtZmI3YmVkYzMwMjYxLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADL9j1CwC4yY7r8F
mTIkjqQSFEAk/WG7ziVy3MmP5ZGRtrs3Jp9J2QmyFxpOv320HzRIf1Zj5eQEwnYV
LDqQDEuUbY7vHkyyeCWnesruSVRN30/HSoQqhQNQaFMFqk6Q7C+f1M9EwBlvXy77
SC5kUInu5wGY5N4/gWBdVqmlZ9XWFPY8Op+q5QdLjpF3/SJbaj74guN2e9ApFm/U
wwVXSjPGASwiMg/BFLq+nZaUQUNPvoJAKbd6MCIrxU2/LMU0rObp5LEwmSDa8DoD
uwZMQbAm4yb2VIIRyPrXyK3WNAv5kMZPo9zvVTarOtt7zWAORoO67q13/Z/yTMvw
kRDEh2s=
-----END CERTIFICATE-----