Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3ec91c38-5624-42f6-be97-027f84ddb765.roa
File:                     3ec91c38-5624-42f6-be97-027f84ddb765.roa (raw, json)
Hash identifier:          VHklct+B2dP9Gviflb8ehhFsmL5goWMluZdtLAHIA8o=
Subject key identifier:   D3:CE:AC:9A:27:DF:C3:50:7D:67:AA:87:47:26:B6:37:27:D0:6C:25
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       7A9FFE402F142D148FB1BCFC726B6FCD430EB6FB
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3ec91c38-5624-42f6-be97-027f84ddb765.roa
Signing time:             Sat 11 Feb 2023 00:00:00 +0000
ROA not before:           Sat 11 Feb 2023 00:00:00 +0000
ROA not after:            Tue 14 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:9f:fe:40:2f:14:2d:14:8f:b1:bc:fc:72:6b:6f:cd:43:0e:b6:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 11 00:00:00 2023 GMT
            Not After : Feb 14 23:59:59 2023 GMT
        Subject: serialNumber=4eb55d8c878aa1672ff28f4076cb561f0625916558087a21089f68e80281f521, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:ef:d6:b1:0a:5b:59:55:08:78:bd:08:2d:9a:
                    e7:6f:b7:cd:e9:2d:55:98:06:ca:30:3a:77:d6:d2:
                    14:11:05:32:95:0c:f3:2a:76:7a:0a:61:6f:81:04:
                    3c:7b:1b:72:b7:ef:2b:64:58:c8:13:4e:77:df:e1:
                    89:5b:65:9d:14:55:fa:67:e2:d5:d2:5d:0e:a0:4f:
                    16:bb:b0:66:62:a6:7d:64:68:08:ec:0c:91:fc:77:
                    6e:ec:0b:a9:00:92:c7:8b:98:17:73:53:e7:8d:6b:
                    cc:a6:ca:47:ae:97:08:13:13:63:44:62:09:0e:c3:
                    7b:a5:bc:c6:9e:0d:77:bd:ea:b6:72:6a:09:9f:ba:
                    16:b9:a9:1e:11:b4:64:06:92:15:9b:55:97:4a:1c:
                    c3:43:e9:87:d9:e9:5d:bf:5c:63:94:3b:f1:0e:1b:
                    35:58:b9:17:d8:19:8a:f5:5a:1b:86:e6:c3:dd:0c:
                    1f:1a:80:5d:b4:c5:6a:3d:d8:cc:09:9a:62:5c:a6:
                    6f:14:56:ce:28:93:6e:01:ec:c7:a7:3f:13:b9:83:
                    c2:e0:89:a7:fe:c0:34:a4:f4:0b:9d:24:60:cf:06:
                    cd:12:4e:35:78:db:15:5b:26:dc:d1:73:47:c5:ee:
                    4b:b7:a5:c8:aa:ef:9f:71:f8:9c:b0:19:56:f0:ae:
                    8b:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:CE:AC:9A:27:DF:C3:50:7D:67:AA:87:47:26:B6:37:27:D0:6C:25
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3ec91c38-5624-42f6-be97-027f84ddb765.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:b5:6d:e9:04:fc:cb:4a:a2:e9:d7:ab:a9:00:53:33:f5:2c:
         98:be:63:20:40:e1:5b:a0:37:b8:27:b7:fb:e4:bc:f5:a9:3b:
         88:b8:02:fc:28:0b:84:79:55:e0:4c:39:81:bc:6b:a7:10:8c:
         55:9c:ee:ee:6e:81:ee:05:d8:69:a1:5f:11:a6:76:21:86:3c:
         f5:0b:44:b3:53:a9:ab:c6:fe:95:31:c8:f0:2c:a0:a1:7c:07:
         2f:82:b0:33:23:2c:61:d8:ac:d1:df:e1:36:13:57:12:65:85:
         06:1e:37:f5:ce:b6:87:e4:38:34:52:1d:c1:5e:b9:bb:49:6c:
         f7:e5:33:69:4a:f3:ff:1c:f5:79:06:d4:73:f0:73:1c:d0:db:
         92:ff:23:04:e5:f9:d2:3c:47:a8:19:4f:56:3e:43:00:23:4c:
         f4:d9:b0:cc:24:fd:5d:59:78:16:10:e2:c3:62:bf:2d:18:97:
         f8:89:a7:51:85:2f:e4:bf:53:55:6c:ed:97:57:67:9f:ec:3e:
         c5:b3:f9:3b:e7:7e:9a:4e:32:0c:e4:c5:19:37:d3:76:06:6d:
         8b:50:c6:72:83:f8:cc:64:c1:ef:9a:30:37:da:24:9d:15:57:
         1d:d9:e6:19:18:b3:a0:69:f6:05:14:07:63:79:19:93:80:e4:
         c2:3e:36:a9
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUep/+QC8ULRSPsbz8cmtvzUMOtvswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjExMDAwMDAwWhcNMjMwMjE0MjM1OTU5
WjCBpTFJMEcGA1UEBRNANGViNTVkOGM4NzhhYTE2NzJmZjI4ZjQwNzZjYjU2MWYw
NjI1OTE2NTU4MDg3YTIxMDg5ZjY4ZTgwMjgxZjUyMTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMnv1rEKW1lVCHi9CC2a52+3zektVZgGyjA6d9bSFBEFMpUM8yp2
egphb4EEPHsbcrfvK2RYyBNOd9/hiVtlnRRV+mfi1dJdDqBPFruwZmKmfWRoCOwM
kfx3buwLqQCSx4uYF3NT541rzKbKR66XCBMTY0RiCQ7De6W8xp4Nd73qtnJqCZ+6
FrmpHhG0ZAaSFZtVl0ocw0Pph9npXb9cY5Q78Q4bNVi5F9gZivVaG4bmw90MHxqA
XbTFaj3YzAmaYlymbxRWziiTbgHsx6c/E7mDwuCJp/7ANKT0C50kYM8GzRJONXjb
FVsm3NFzR8XuS7elyKrvn3H4nLAZVvCui0sCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTTzqyaJ9/DUH1nqodHJrY3J9BsJTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvM2VjOTFjMzgtNTYyNC00MmY2LWJlOTctMDI3Zjg0ZGRiNzY1LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAF+1bekE/MtKounX
q6kAUzP1LJi+YyBA4VugN7gnt/vkvPWpO4i4AvwoC4R5VeBMOYG8a6cQjFWc7u5u
ge4F2GmhXxGmdiGGPPULRLNTqavG/pUxyPAsoKF8By+CsDMjLGHYrNHf4TYTVxJl
hQYeN/XOtofkODRSHcFeubtJbPflM2lK8/8c9XkG1HPwcxzQ25L/IwTl+dI8R6gZ
T1Y+QwAjTPTZsMwk/V1ZeBYQ4sNivy0Yl/iJp1GFL+S/U1Vs7ZdXZ5/sPsWz+Tvn
fppOMgzkxRk303YGbYtQxnKD+Mxkwe+aMDfaJJ0VVx3Z5hkYs6Bp9gUUB2N5GZOA
5MI+Nqk=
-----END CERTIFICATE-----