Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3ee10aba-c0b8-4670-8324-12a5a1743df7.roa
File:                     3ee10aba-c0b8-4670-8324-12a5a1743df7.roa (raw, json)
Hash identifier:          5QkUIh7tAmIIXNlVaSaEYPns9wyjZiZGUtdy/XPa8QU=
Subject key identifier:   07:1B:CF:0B:40:9E:4D:F5:40:F2:7F:66:36:E8:FB:F5:D4:45:82:41
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       7D46536FD239D3CCD462BA4944496AEC72BDC666
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3ee10aba-c0b8-4670-8324-12a5a1743df7.roa
Signing time:             Thu 09 Mar 2023 00:00:00 +0000
ROA not before:           Thu 09 Mar 2023 00:00:00 +0000
ROA not after:            Sun 12 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:46:53:6f:d2:39:d3:cc:d4:62:ba:49:44:49:6a:ec:72:bd:c6:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar  9 00:00:00 2023 GMT
            Not After : Mar 12 23:59:59 2023 GMT
        Subject: serialNumber=4b1d0dad900b93bf4ea4aab9e8337752f3d0c8619a699f03d06277d923c87f61, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:86:96:ea:58:2a:89:4f:dc:79:d1:de:b5:e8:
                    76:37:d0:12:09:78:d3:ed:e6:8e:e0:5a:c1:a5:48:
                    42:62:d2:6d:31:ef:21:b3:92:96:67:1e:b0:12:41:
                    1b:81:e6:40:2a:66:f7:2e:3c:67:31:f0:21:e2:d4:
                    bf:c4:97:a0:dd:28:21:ac:2d:aa:a7:35:96:6b:7f:
                    ae:3b:fc:a8:fb:8c:17:dc:0a:50:a1:c6:a8:ab:82:
                    4f:b9:fe:f9:5a:50:85:58:80:13:8b:f3:41:03:4e:
                    42:5f:17:67:54:39:dd:9c:3f:aa:96:67:e6:cf:bd:
                    d5:35:af:55:88:57:5c:8c:b0:38:35:d8:aa:90:d1:
                    6c:0f:96:cd:27:88:aa:ee:f0:bb:15:3f:66:42:d9:
                    39:d3:4d:59:d9:f0:f4:b1:af:a8:84:2e:b4:7d:a2:
                    b4:d2:d3:23:70:b9:a3:04:e0:d8:7b:44:9c:c7:c1:
                    e8:2d:5f:56:90:d4:92:e4:0d:ac:2d:0a:ac:e2:67:
                    b8:d4:c5:77:b8:8f:f2:48:0d:33:a5:af:f5:70:bc:
                    d1:73:0e:8f:30:8e:d1:94:8b:18:a2:8f:8b:17:2d:
                    6d:50:ad:b9:74:08:1a:5b:f4:7d:86:a9:58:6d:f4:
                    9f:ac:70:f6:7b:19:98:13:11:35:b4:76:31:d6:af:
                    08:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:1B:CF:0B:40:9E:4D:F5:40:F2:7F:66:36:E8:FB:F5:D4:45:82:41
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3ee10aba-c0b8-4670-8324-12a5a1743df7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:ba:d0:dd:90:37:4e:1e:db:90:19:89:91:ac:fd:d7:b7:82:
         65:a2:fe:d7:a4:9f:f6:53:56:df:20:29:24:f0:ed:64:45:0b:
         bb:ec:0b:96:c7:3b:a9:1d:c8:ca:80:0f:0f:73:81:e9:6d:05:
         6b:60:aa:0b:c2:fc:83:a1:fe:08:71:41:49:c1:45:84:4c:e4:
         30:98:8f:1d:43:7d:a5:49:1e:e3:45:4c:13:91:88:29:1b:9c:
         7d:50:62:4f:ef:24:49:65:1d:33:39:6c:6d:b0:49:cb:a6:6b:
         82:26:70:b8:d1:c4:7e:7a:8c:3f:f3:bc:3a:e2:8e:07:f2:37:
         97:58:81:63:ab:6f:f6:8c:c5:cf:d6:be:bc:0d:28:99:00:4e:
         54:d5:d8:80:80:f6:aa:f5:65:07:b2:45:96:63:1a:b8:8f:8a:
         c0:8a:4d:c2:4a:63:68:c5:54:ae:4b:a5:29:ca:05:c5:cd:b8:
         2d:3e:71:2d:2f:5d:3e:cc:93:d1:73:e8:4f:e3:eb:40:38:ff:
         bc:f6:b1:03:52:0b:71:5b:27:c3:11:6d:b3:15:a0:31:a6:2e:
         97:3b:b7:79:80:a0:f2:91:77:21:38:7e:bc:6c:3c:c5:1a:d7:
         01:69:35:6b:9c:34:dd:ba:c2:5f:db:fc:5e:aa:d4:0d:c1:23:
         be:6c:c2:e0
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUfUZTb9I508zUYrpJRElq7HK9xmYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzA5MDAwMDAwWhcNMjMwMzEyMjM1OTU5
WjCBpTFJMEcGA1UEBRNANGIxZDBkYWQ5MDBiOTNiZjRlYTRhYWI5ZTgzMzc3NTJm
M2QwYzg2MTlhNjk5ZjAzZDA2Mjc3ZDkyM2M4N2Y2MTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALqGlupYKolP3HnR3rXodjfQEgl40+3mjuBawaVIQmLSbTHvIbOS
lmcesBJBG4HmQCpm9y48ZzHwIeLUv8SXoN0oIawtqqc1lmt/rjv8qPuMF9wKUKHG
qKuCT7n++VpQhViAE4vzQQNOQl8XZ1Q53Zw/qpZn5s+91TWvVYhXXIywODXYqpDR
bA+WzSeIqu7wuxU/ZkLZOdNNWdnw9LGvqIQutH2itNLTI3C5owTg2HtEnMfB6C1f
VpDUkuQNrC0KrOJnuNTFd7iP8kgNM6Wv9XC80XMOjzCO0ZSLGKKPixctbVCtuXQI
Glv0fYapWG30n6xw9nsZmBMRNbR2MdavCIECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQHG88LQJ5N9UDyf2Y26Pv11EWCQTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvM2VlMTBhYmEtYzBiOC00NjcwLTgzMjQtMTJhNWExNzQzZGY3LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAK+60N2QN04e25AZ
iZGs/de3gmWi/tekn/ZTVt8gKSTw7WRFC7vsC5bHO6kdyMqADw9zgeltBWtgqgvC
/IOh/ghxQUnBRYRM5DCYjx1DfaVJHuNFTBORiCkbnH1QYk/vJEllHTM5bG2wScum
a4ImcLjRxH56jD/zvDrijgfyN5dYgWOrb/aMxc/WvrwNKJkATlTV2ICA9qr1ZQey
RZZjGriPisCKTcJKY2jFVK5LpSnKBcXNuC0+cS0vXT7Mk9Fz6E/j60A4/7z2sQNS
C3FbJ8MRbbMVoDGmLpc7t3mAoPKRdyE4frxsPMUa1wFpNWucNN26wl/b/F6q1A3B
I75swuA=
-----END CERTIFICATE-----