Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/40049fb3-e9b5-4e41-9878-29105b30712c.roa
File:                     40049fb3-e9b5-4e41-9878-29105b30712c.roa (raw, json)
Hash identifier:          b4F3ZgpM8EfeuxNbO/vVx9lp7P23q3IU/LngLx3hPlk=
Subject key identifier:   F9:1C:F7:C9:71:36:88:5D:41:3D:25:AC:23:3C:E9:84:63:E4:81:CE
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       7D7774298408D7F3B1EBEDAA4E3116A42BD6EB91
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/40049fb3-e9b5-4e41-9878-29105b30712c.roa
Signing time:             Thu 23 Feb 2023 00:00:00 +0000
ROA not before:           Thu 23 Feb 2023 00:00:00 +0000
ROA not after:            Sun 26 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:77:74:29:84:08:d7:f3:b1:eb:ed:aa:4e:31:16:a4:2b:d6:eb:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 23 00:00:00 2023 GMT
            Not After : Feb 26 23:59:59 2023 GMT
        Subject: serialNumber=4048bb84b459c8c895fab9ead65b9144ab98dca114d57122e49cb8098569afa0, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:19:81:00:69:f2:62:a2:48:f8:38:09:7f:ad:
                    c9:7a:cc:b9:bf:44:dc:ba:75:59:42:68:7d:0d:e0:
                    e7:14:89:37:5d:c6:d6:3d:9a:3f:1c:5a:41:50:a7:
                    e3:34:60:14:cd:89:6f:80:2d:0d:6c:4b:6b:9c:33:
                    99:31:df:65:fd:a5:e4:cb:e7:7b:64:16:22:9c:13:
                    45:42:05:97:dd:b5:31:f3:62:34:7a:f9:0c:f4:8a:
                    a5:78:80:39:36:53:0c:a1:6e:10:f3:7f:02:4c:61:
                    fa:60:bf:c4:b2:3b:a2:c1:58:b0:fe:15:a6:d1:4b:
                    d2:b7:ef:a3:dc:14:07:f5:38:90:11:6f:31:cb:7c:
                    91:4c:0f:b4:95:a2:c8:db:c3:31:88:75:d4:27:09:
                    75:0a:71:ff:3f:3e:c8:88:a4:f1:ad:e6:2b:49:97:
                    92:c2:91:37:e6:48:c4:5a:4a:1f:07:da:f2:3b:58:
                    a9:df:18:09:2e:3a:47:9e:ea:d3:8a:0b:0a:f2:b3:
                    3e:21:a3:1c:91:d0:ca:1c:ae:7d:9b:c7:20:c5:34:
                    dd:b0:b2:57:cf:4e:05:93:4b:6d:14:59:ca:15:eb:
                    6b:78:2a:15:5e:db:32:31:7e:94:9b:b3:95:da:38:
                    f5:5c:c2:b3:1a:e3:c0:55:29:42:ad:93:7f:99:af:
                    c5:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:1C:F7:C9:71:36:88:5D:41:3D:25:AC:23:3C:E9:84:63:E4:81:CE
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/40049fb3-e9b5-4e41-9878-29105b30712c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:7f:90:55:fd:b4:91:d6:fb:6f:d5:1c:b7:4b:13:94:b6:65:
         7e:28:80:71:43:24:0a:2b:f4:4c:b7:12:96:b2:de:95:a9:f6:
         7b:e2:ba:dc:7a:f7:35:74:b9:78:85:03:8a:bc:e2:09:37:d7:
         42:09:e0:e3:ce:5d:bf:08:e8:b9:cc:3f:0f:e9:4a:f5:c6:3c:
         73:58:0f:af:94:7e:31:ce:c9:e8:2e:69:9e:40:e7:bc:fb:f8:
         54:b4:a5:48:2e:3e:ee:e3:80:d5:f0:c8:81:6e:16:3d:17:14:
         2d:74:91:d4:87:8d:4d:35:73:02:90:83:45:12:49:73:28:26:
         80:79:a7:0e:9a:8b:e8:60:04:a7:31:de:6d:35:14:44:fb:7a:
         73:f7:a4:5d:b6:37:b6:f3:a3:f9:be:1b:f7:fa:b2:cd:68:a1:
         5d:8b:eb:7d:7e:ef:ac:51:09:52:d3:a7:82:7c:70:e1:2f:67:
         7e:f5:75:be:19:a8:38:75:e4:78:83:e8:71:47:32:eb:75:15:
         d2:be:70:cf:23:97:82:7a:d7:d7:7e:cb:65:af:dd:ba:15:cf:
         f1:ea:d4:2d:80:08:29:be:74:fb:2b:70:db:0e:81:16:2d:18:
         13:77:0f:cb:33:ff:ca:2a:9b:93:6f:89:c2:52:39:4c:c1:14:
         6c:07:9f:e2
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUfXd0KYQI1/Ox6+2qTjEWpCvW65EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjIzMDAwMDAwWhcNMjMwMjI2MjM1OTU5
WjCBpTFJMEcGA1UEBRNANDA0OGJiODRiNDU5YzhjODk1ZmFiOWVhZDY1YjkxNDRh
Yjk4ZGNhMTE0ZDU3MTIyZTQ5Y2I4MDk4NTY5YWZhMDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJYZgQBp8mKiSPg4CX+tyXrMub9E3Lp1WUJofQ3g5xSJN13G1j2a
PxxaQVCn4zRgFM2Jb4AtDWxLa5wzmTHfZf2l5Mvne2QWIpwTRUIFl921MfNiNHr5
DPSKpXiAOTZTDKFuEPN/Akxh+mC/xLI7osFYsP4VptFL0rfvo9wUB/U4kBFvMct8
kUwPtJWiyNvDMYh11CcJdQpx/z8+yIik8a3mK0mXksKRN+ZIxFpKHwfa8jtYqd8Y
CS46R57q04oLCvKzPiGjHJHQyhyufZvHIMU03bCyV89OBZNLbRRZyhXra3gqFV7b
MjF+lJuzldo49VzCsxrjwFUpQq2Tf5mvxaECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBT5HPfJcTaIXUE9JawjPOmEY+SBzjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNDAwNDlmYjMtZTliNS00ZTQxLTk4NzgtMjkxMDViMzA3MTJjLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAh/kFX9tJHW+2/V
HLdLE5S2ZX4ogHFDJAor9Ey3Epay3pWp9nviutx69zV0uXiFA4q84gk310IJ4OPO
Xb8I6LnMPw/pSvXGPHNYD6+UfjHOyeguaZ5A57z7+FS0pUguPu7jgNXwyIFuFj0X
FC10kdSHjU01cwKQg0USSXMoJoB5pw6ai+hgBKcx3m01FET7enP3pF22N7bzo/m+
G/f6ss1ooV2L631+76xRCVLTp4J8cOEvZ371db4ZqDh15HiD6HFHMut1FdK+cM8j
l4J619d+y2Wv3boVz/Hq1C2ACCm+dPsrcNsOgRYtGBN3D8sz/8oqm5NvicJSOUzB
FGwHn+I=
-----END CERTIFICATE-----