Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3db10b2c-2325-4876-9e40-377396e5881d.roa
File:                     3db10b2c-2325-4876-9e40-377396e5881d.roa (raw, json)
Hash identifier:          1g384LjR50N//EB4ainFoWopCxCbXkprWUvfRC4B7b4=
Subject key identifier:   4D:C9:FE:99:3B:00:FA:AF:C3:5C:CE:26:1D:D8:C1:79:FC:23:5C:99
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       105EEF22D22EBA347BC4258E2D27020278CE53EE
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3db10b2c-2325-4876-9e40-377396e5881d.roa
Signing time:             Wed 22 Mar 2023 00:00:00 +0000
ROA not before:           Wed 22 Mar 2023 00:00:00 +0000
ROA not after:            Sat 25 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:5e:ef:22:d2:2e:ba:34:7b:c4:25:8e:2d:27:02:02:78:ce:53:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 22 00:00:00 2023 GMT
            Not After : Mar 25 23:59:59 2023 GMT
        Subject: serialNumber=f61b1d52086069ed91523c1e6927ceba657cd2cefc3c2c4e17cf1258fae8300d, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:b7:15:8d:0f:86:9d:83:73:87:5c:2d:84:cf:
                    f0:76:e4:66:00:57:1b:83:41:a1:9e:7d:0f:2a:5f:
                    a4:f7:5a:d3:d5:dd:85:b2:68:10:00:cd:5a:c5:af:
                    d4:d4:36:b8:00:1b:d0:97:bf:6e:ef:b8:06:a0:73:
                    77:62:d8:ae:1f:a0:94:d6:6a:b5:63:ab:b1:ed:5c:
                    28:be:42:ba:6c:72:de:2e:dc:fb:d4:84:0e:2f:64:
                    d9:e2:72:0c:ae:1f:58:d0:81:01:87:f0:d1:73:9f:
                    52:ad:a3:7d:b7:ae:f2:12:67:b5:bd:90:3f:85:93:
                    6b:c2:90:a7:dc:27:a2:65:11:6f:65:d9:53:7b:df:
                    db:3d:eb:b4:2b:05:a4:16:3a:73:e8:b1:77:b1:69:
                    89:11:f9:0e:a3:4b:6d:e2:6b:e7:5c:d3:23:85:43:
                    c9:c2:44:55:92:83:47:d9:62:21:fe:1b:2d:ef:6e:
                    57:29:e6:67:15:e2:63:42:de:0a:74:9b:77:b6:36:
                    f4:54:77:80:d1:86:9e:7d:d7:f2:8e:85:3b:a2:6f:
                    bd:87:a1:78:9c:0f:cc:0f:b1:72:d5:74:7b:31:29:
                    21:7b:3b:ef:d4:8e:76:63:ad:f5:03:82:d0:06:20:
                    74:78:0d:d8:97:28:d8:97:7d:9a:41:b9:9c:60:52:
                    21:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:C9:FE:99:3B:00:FA:AF:C3:5C:CE:26:1D:D8:C1:79:FC:23:5C:99
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3db10b2c-2325-4876-9e40-377396e5881d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:df:d5:9b:8d:6d:a0:98:95:c1:ea:2c:f9:1d:97:e9:88:f4:
         85:73:25:b3:01:3d:e1:78:73:f9:09:46:1d:23:6f:47:fa:12:
         3e:36:14:e3:cf:a7:92:65:95:22:0b:17:9c:07:0a:e5:03:9a:
         ca:7c:aa:23:5d:a3:1d:44:e5:62:03:36:8c:ec:a2:6e:0a:8b:
         d1:b3:2a:0f:f0:d7:89:6d:4d:e2:40:ac:c3:09:97:d4:f7:1e:
         82:64:93:a4:9e:80:db:83:c2:ee:d3:14:f5:ad:7f:d8:aa:61:
         77:0d:64:44:dc:32:b3:04:d9:c4:8e:69:d5:9b:75:89:54:aa:
         15:4c:89:34:ad:19:39:c4:46:af:24:22:4f:07:1c:ec:40:1b:
         6d:55:cc:91:32:9a:14:8e:6b:0b:83:b4:25:80:e1:7e:12:19:
         09:49:45:15:66:40:75:69:0a:a6:3b:68:66:35:a7:e3:71:2a:
         79:da:8d:be:4b:0e:dc:55:22:eb:f5:e1:0a:fe:00:1e:48:1d:
         f0:55:4e:53:af:5c:f4:6c:52:bc:3c:96:c5:c0:e4:e3:69:1d:
         4e:12:80:7c:08:e6:23:26:cc:ab:94:4e:e9:9e:25:fd:47:cd:
         6d:05:95:c0:d0:11:12:7e:2e:a8:69:f5:43:37:06:ba:fe:d2:
         3e:eb:f3:69
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUEF7vItIuujR7xCWOLScCAnjOU+4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzIyMDAwMDAwWhcNMjMwMzI1MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZjYxYjFkNTIwODYwNjllZDkxNTIzYzFlNjkyN2NlYmE2
NTdjZDJjZWZjM2MyYzRlMTdjZjEyNThmYWU4MzAwZDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAIW3FY0Php2Dc4dcLYTP8HbkZgBXG4NBoZ59DypfpPda09XdhbJo
EADNWsWv1NQ2uAAb0Je/bu+4BqBzd2LYrh+glNZqtWOrse1cKL5Cumxy3i7c+9SE
Di9k2eJyDK4fWNCBAYfw0XOfUq2jfbeu8hJntb2QP4WTa8KQp9wnomURb2XZU3vf
2z3rtCsFpBY6c+ixd7FpiRH5DqNLbeJr51zTI4VDycJEVZKDR9liIf4bLe9uVynm
ZxXiY0LeCnSbd7Y29FR3gNGGnn3X8o6FO6JvvYeheJwPzA+xctV0ezEpIXs779SO
dmOt9QOC0AYgdHgN2Jco2Jd9mkG5nGBSIS0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRNyf6ZOwD6r8NcziYd2MF5/CNcmTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvM2RiMTBiMmMtMjMyNS00ODc2LTllNDAtMzc3Mzk2ZTU4ODFkLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAALf1ZuNbaCYlcHq
LPkdl+mI9IVzJbMBPeF4c/kJRh0jb0f6Ej42FOPPp5JllSILF5wHCuUDmsp8qiNd
ox1E5WIDNozsom4Ki9GzKg/w14ltTeJArMMJl9T3HoJkk6SegNuDwu7TFPWtf9iq
YXcNZETcMrME2cSOadWbdYlUqhVMiTStGTnERq8kIk8HHOxAG21VzJEymhSOawuD
tCWA4X4SGQlJRRVmQHVpCqY7aGY1p+NxKnnajb5LDtxVIuv14Qr+AB5IHfBVTlOv
XPRsUrw8lsXA5ONpHU4SgHwI5iMmzKuUTumeJf1HzW0FlcDQERJ+Lqhp9UM3Brr+
0j7r82k=
-----END CERTIFICATE-----