Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3b90ca2a-96f4-415b-82fd-043d05945f24.roa
File:                     3b90ca2a-96f4-415b-82fd-043d05945f24.roa (raw, json)
Hash identifier:          AO6LlTBYjpnl0oJGeSF3Iwq3Beo9xnF2WZDQeCS3hOA=
Subject key identifier:   3D:F2:3D:46:0E:1D:2F:FC:25:FB:82:93:6B:9F:CB:49:71:00:E3:A4
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       026B68904373CD525D07FD038DC6CC961106FA64
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3b90ca2a-96f4-415b-82fd-043d05945f24.roa
Signing time:             Sat 22 Apr 2023 00:00:00 +0000
ROA not before:           Sat 22 Apr 2023 00:00:00 +0000
ROA not after:            Tue 25 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:6b:68:90:43:73:cd:52:5d:07:fd:03:8d:c6:cc:96:11:06:fa:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 22 00:00:00 2023 GMT
            Not After : Apr 25 23:59:59 2023 GMT
        Subject: serialNumber=9c04c1795462f8d9d26d253b3132300e0c9991bb31ba673e5f68e6fd3d5f72c7, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:18:d0:b8:41:94:62:5f:1d:bf:f7:81:59:e8:
                    74:b8:cc:4e:83:dc:1c:d9:fd:a0:a4:30:1b:56:ee:
                    39:89:df:84:a2:99:94:a0:68:d6:51:a1:fc:99:96:
                    b6:11:e3:13:68:ad:cb:66:3a:c3:f9:e1:33:13:77:
                    95:87:13:a5:b1:d3:01:df:36:94:2e:8b:89:1e:ca:
                    48:98:82:08:18:41:54:3f:43:b2:c1:07:51:d4:a1:
                    85:0f:16:ca:0e:30:c1:2b:37:ca:82:8f:bb:2a:92:
                    df:6a:d5:a7:d4:b8:ac:03:0d:0d:68:ea:09:01:b1:
                    94:86:a9:37:35:b3:0d:e7:88:96:b8:e9:92:25:2b:
                    aa:48:31:32:a8:f8:35:e7:21:af:f0:f3:cb:ea:3b:
                    8a:74:c3:89:8c:b4:e2:06:9b:d9:6f:3e:0f:d5:66:
                    86:be:2f:dd:8a:08:13:69:58:13:30:0e:6d:99:f8:
                    97:d0:ed:e0:f2:a1:89:ea:a6:aa:35:db:5c:ef:ee:
                    ba:fa:76:fb:a7:cf:cc:5f:6c:53:35:94:ab:27:50:
                    59:f3:67:45:34:05:96:c6:70:81:e7:81:7d:ff:d0:
                    7b:de:3f:70:6e:db:66:ad:96:28:a1:51:f9:79:5b:
                    e1:1b:9e:57:f9:69:8e:d5:4a:bc:9f:34:18:3d:a6:
                    99:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:F2:3D:46:0E:1D:2F:FC:25:FB:82:93:6B:9F:CB:49:71:00:E3:A4
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3b90ca2a-96f4-415b-82fd-043d05945f24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:0a:44:94:c1:cd:b4:3e:da:3c:7c:ac:55:f2:e4:27:0b:e6:
         2f:88:7a:40:9b:35:46:83:23:48:06:fa:84:66:8f:1f:b4:4a:
         26:b5:e6:8c:8e:b0:ca:cf:eb:24:a9:44:ac:c5:2c:e4:b9:f8:
         02:f3:e9:21:c5:cf:9f:44:4a:98:59:d9:5f:ee:14:88:a0:00:
         d1:6a:c7:a7:e2:3c:81:68:95:9a:55:90:48:7f:38:09:20:d0:
         02:42:39:80:d8:80:05:53:a6:1a:da:a3:48:26:a1:96:ee:95:
         dd:45:d4:f9:1f:5d:6c:9a:d2:6e:9e:dc:b6:b5:2f:82:f6:40:
         98:09:7b:e7:1a:6b:b7:f8:a7:13:91:19:4d:a3:a2:d4:bd:97:
         45:28:2d:5c:e4:b9:86:45:c0:30:5d:f4:50:28:a9:f8:d0:dc:
         a0:2e:2b:cd:42:e2:5b:f7:e4:d0:e1:9d:d5:c3:30:17:f8:fc:
         00:b7:d0:6a:5b:e5:b4:02:f2:07:bb:32:bf:79:aa:dc:9e:ec:
         db:60:70:d3:d7:2b:16:34:a5:36:fc:77:a0:e4:45:c5:c2:23:
         72:ad:16:33:e2:49:26:5b:f5:f8:25:36:0b:3b:69:99:14:48:
         52:e4:a6:2f:1e:cd:69:ef:fa:cb:c8:72:4c:cf:8f:3d:0d:ff:
         83:73:bd:f1
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUAmtokENzzVJdB/0DjcbMlhEG+mQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDIyMDAwMDAwWhcNMjMwNDI1MjM1OTU5
WjCBpTFJMEcGA1UEBRNAOWMwNGMxNzk1NDYyZjhkOWQyNmQyNTNiMzEzMjMwMGUw
Yzk5OTFiYjMxYmE2NzNlNWY2OGU2ZmQzZDVmNzJjNzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAM8Y0LhBlGJfHb/3gVnodLjMToPcHNn9oKQwG1buOYnfhKKZlKBo
1lGh/JmWthHjE2ity2Y6w/nhMxN3lYcTpbHTAd82lC6LiR7KSJiCCBhBVD9DssEH
UdShhQ8Wyg4wwSs3yoKPuyqS32rVp9S4rAMNDWjqCQGxlIapNzWzDeeIlrjpkiUr
qkgxMqj4Nechr/Dzy+o7inTDiYy04gab2W8+D9Vmhr4v3YoIE2lYEzAObZn4l9Dt
4PKhieqmqjXbXO/uuvp2+6fPzF9sUzWUqydQWfNnRTQFlsZwgeeBff/Qe94/cG7b
Zq2WKKFR+Xlb4RueV/lpjtVKvJ80GD2mmQUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQ98j1GDh0v/CX7gpNrn8tJcQDjpDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvM2I5MGNhMmEtOTZmNC00MTViLTgyZmQtMDQzZDA1OTQ1ZjI0LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJoKRJTBzbQ+2jx8
rFXy5CcL5i+IekCbNUaDI0gG+oRmjx+0Sia15oyOsMrP6ySpRKzFLOS5+ALz6SHF
z59ESphZ2V/uFIigANFqx6fiPIFolZpVkEh/OAkg0AJCOYDYgAVTphrao0gmoZbu
ld1F1PkfXWya0m6e3La1L4L2QJgJe+caa7f4pxORGU2jotS9l0UoLVzkuYZFwDBd
9FAoqfjQ3KAuK81C4lv35NDhndXDMBf4/AC30Gpb5bQC8ge7Mr95qtye7NtgcNPX
KxY0pTb8d6DkRcXCI3KtFjPiSSZb9fglNgs7aZkUSFLkpi8ezWnv+svIckzPjz0N
/4NzvfE=
-----END CERTIFICATE-----