Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3f2f6031-d653-4670-8251-5b738ef226b7.roa
File:                     3f2f6031-d653-4670-8251-5b738ef226b7.roa (raw, json)
Hash identifier:          myX92ag5uG9ph4NSfSr23iDLUMw0u1knqhR59Q9pElo=
Subject key identifier:   27:B6:B5:3E:AB:37:FE:87:D6:E6:DB:68:7C:B8:FA:D4:D0:95:B6:5C
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       541CF1762E251A0861C1B6183FA7AEE6FD467526
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3f2f6031-d653-4670-8251-5b738ef226b7.roa
Signing time:             Thu 23 Feb 2023 00:00:00 +0000
ROA not before:           Thu 23 Feb 2023 00:00:00 +0000
ROA not after:            Sun 26 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:1c:f1:76:2e:25:1a:08:61:c1:b6:18:3f:a7:ae:e6:fd:46:75:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 23 00:00:00 2023 GMT
            Not After : Feb 26 23:59:59 2023 GMT
        Subject: serialNumber=d7711001b695f5fc335036e66ed4c4b3b14727df7c7184e003cd72ddd644e844, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:1b:ae:f8:6a:2a:86:f4:ba:f3:61:f5:b9:e4:
                    aa:9c:e7:32:f3:7a:0b:cd:c9:f2:76:65:8a:bf:ba:
                    4d:4a:f5:de:79:d3:7c:52:2d:57:03:e3:50:a2:e0:
                    3e:a0:6f:9a:a4:fb:34:9d:d3:cc:49:a0:1b:41:e0:
                    94:48:97:b8:07:b2:01:f9:f1:0c:d0:0b:75:29:35:
                    28:c8:58:4d:45:d7:9b:46:36:a1:97:e0:c0:7c:bf:
                    37:bd:8a:c8:12:32:42:d8:6a:1f:68:ec:06:c9:c0:
                    69:fd:c4:5d:c2:af:61:a2:38:39:0b:92:da:c3:3e:
                    35:79:6b:84:a7:40:ba:c4:45:64:da:89:88:74:d8:
                    80:cf:d2:dc:7e:9b:63:18:82:ed:52:45:26:b0:96:
                    b4:0e:6f:7f:a9:f7:b0:ee:30:3f:14:87:59:2e:3b:
                    49:cc:b3:77:2c:77:52:2e:46:d6:44:a7:07:da:00:
                    97:d5:fd:34:51:1d:4d:3f:0f:c0:52:fa:95:e5:bf:
                    2f:c9:94:a8:1c:c4:96:33:5d:bd:de:d7:a4:14:a1:
                    38:77:ba:16:f5:f3:0b:28:22:20:6b:0c:78:e7:08:
                    55:9e:ed:07:84:86:74:f2:79:60:7b:2c:5d:79:50:
                    3f:5a:b6:7d:ce:40:22:fa:c5:f9:26:ab:38:e0:f0:
                    cb:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:B6:B5:3E:AB:37:FE:87:D6:E6:DB:68:7C:B8:FA:D4:D0:95:B6:5C
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/3f2f6031-d653-4670-8251-5b738ef226b7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:a7:72:64:5d:4a:ff:e0:fe:75:f2:68:43:c3:d2:ee:67:ef:
         7e:ae:b0:ce:8d:a7:fa:34:54:ef:36:13:5c:cc:3f:99:1f:24:
         6c:e7:a3:82:7a:e0:6d:93:ba:53:a1:71:b6:6b:36:3e:57:d9:
         26:35:a5:6d:89:17:90:8b:c3:78:40:6e:03:eb:11:58:ce:ba:
         af:54:e4:ee:92:e2:71:90:c8:de:db:f0:10:39:4c:35:ca:01:
         d2:34:48:2c:c9:bb:07:c1:f5:36:ce:1c:56:d0:65:38:02:5f:
         ab:e6:34:35:d8:23:9b:96:ae:d0:eb:cb:50:b2:7a:b2:0e:6d:
         09:0f:21:5f:fb:2f:75:d3:ec:a4:71:68:fb:3c:2e:2c:3e:30:
         25:d8:cc:34:4e:c4:fd:bc:de:2a:49:2a:63:82:57:a5:80:47:
         ba:81:36:95:57:5a:78:fa:65:07:04:e7:01:da:4d:11:5c:8f:
         da:40:e6:a0:4e:b5:54:50:a0:80:8b:15:2d:1e:eb:7f:27:80:
         c9:99:9f:9d:f9:2c:81:c4:c3:74:38:67:ed:d6:43:df:86:22:
         f2:de:6b:63:63:c5:a3:45:a3:90:d2:f3:06:19:e5:e9:11:e1:
         74:52:64:15:82:7d:fd:83:f6:9a:2f:a1:c4:79:0b:d4:f8:e7:
         b0:5c:f9:42
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUVBzxdi4lGghhwbYYP6eu5v1GdSYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjIzMDAwMDAwWhcNMjMwMjI2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZDc3MTEwMDFiNjk1ZjVmYzMzNTAzNmU2NmVkNGM0YjNi
MTQ3MjdkZjdjNzE4NGUwMDNjZDcyZGRkNjQ0ZTg0NDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALQbrvhqKob0uvNh9bnkqpznMvN6C83J8nZlir+6TUr13nnTfFIt
VwPjUKLgPqBvmqT7NJ3TzEmgG0HglEiXuAeyAfnxDNALdSk1KMhYTUXXm0Y2oZfg
wHy/N72KyBIyQthqH2jsBsnAaf3EXcKvYaI4OQuS2sM+NXlrhKdAusRFZNqJiHTY
gM/S3H6bYxiC7VJFJrCWtA5vf6n3sO4wPxSHWS47Scyzdyx3Ui5G1kSnB9oAl9X9
NFEdTT8PwFL6leW/L8mUqBzEljNdvd7XpBShOHe6FvXzCygiIGsMeOcIVZ7tB4SG
dPJ5YHssXXlQP1q2fc5AIvrF+SarOODwy3sCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQntrU+qzf+h9bm22h8uPrU0JW2XDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvM2YyZjYwMzEtZDY1My00NjcwLTgyNTEtNWI3MzhlZjIyNmI3LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADyncmRdSv/g/nXy
aEPD0u5n736usM6Np/o0VO82E1zMP5kfJGzno4J64G2TulOhcbZrNj5X2SY1pW2J
F5CLw3hAbgPrEVjOuq9U5O6S4nGQyN7b8BA5TDXKAdI0SCzJuwfB9TbOHFbQZTgC
X6vmNDXYI5uWrtDry1CyerIObQkPIV/7L3XT7KRxaPs8Liw+MCXYzDROxP283ipJ
KmOCV6WAR7qBNpVXWnj6ZQcE5wHaTRFcj9pA5qBOtVRQoICLFS0e638ngMmZn535
LIHEw3Q4Z+3WQ9+GIvLea2NjxaNFo5DS8wYZ5ekR4XRSZBWCff2D9povocR5C9T4
57Bc+UI=
-----END CERTIFICATE-----