Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/402c55da-9b41-4919-88b2-6b7f5b839088.roa
File:                     402c55da-9b41-4919-88b2-6b7f5b839088.roa (raw, json)
Hash identifier:          JjilrfuP58ot98PQzekEo4JLOO+0IZ/uLtBEl9N0au4=
Subject key identifier:   9C:E1:46:6E:01:2B:38:A9:4D:F5:E7:A0:C4:B0:B5:5C:A1:DC:F9:0D
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       156A69BD638DDEB26303D8D567016C7F557483EE
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/402c55da-9b41-4919-88b2-6b7f5b839088.roa
Signing time:             Thu 09 Mar 2023 00:00:00 +0000
ROA not before:           Thu 09 Mar 2023 00:00:00 +0000
ROA not after:            Sun 12 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:6a:69:bd:63:8d:de:b2:63:03:d8:d5:67:01:6c:7f:55:74:83:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar  9 00:00:00 2023 GMT
            Not After : Mar 12 23:59:59 2023 GMT
        Subject: serialNumber=ae58c01c4ccf65b688dc2cbc997e1793e920a8e38c6f4d570e9c070fa7caaa98, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:93:93:bc:80:e5:7a:6d:b6:66:05:a7:ce:d1:
                    09:d2:5a:f9:c5:8c:53:75:fe:b3:21:3e:0d:07:cd:
                    cb:0e:c7:33:7a:b7:af:fe:e9:f3:d5:6b:03:50:04:
                    45:70:df:7a:79:82:7b:56:a9:1d:29:f1:30:e6:b0:
                    f0:21:54:ef:cc:06:0e:c8:c4:71:62:7c:df:cb:15:
                    69:26:dd:6f:ec:59:6f:7f:0d:5a:ef:64:b5:82:a4:
                    8b:b5:95:67:60:5b:44:fe:c3:5c:82:26:9b:c2:31:
                    1f:e6:24:ec:02:28:6e:84:bc:40:04:74:e4:66:12:
                    89:b3:01:3b:da:64:92:f9:8a:41:90:77:72:a8:57:
                    32:12:da:31:49:90:c1:e4:c3:96:42:e8:43:f0:5a:
                    e8:36:bf:d6:bc:b9:9f:e0:76:c3:86:85:25:00:fa:
                    ca:a3:4d:67:cd:69:81:91:7b:6e:7a:42:cd:dc:f2:
                    92:72:ef:f1:07:33:0b:9c:ea:45:3f:c0:77:32:88:
                    44:8c:48:20:e1:23:25:6c:f2:79:a0:36:93:47:68:
                    6e:f8:88:59:60:40:71:bc:8f:ca:b3:15:ed:63:e4:
                    c3:54:16:cc:e5:47:f3:7c:a2:00:2b:db:82:92:65:
                    93:fa:48:d7:ea:90:db:d0:8f:cf:23:60:1c:9c:44:
                    45:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:E1:46:6E:01:2B:38:A9:4D:F5:E7:A0:C4:B0:B5:5C:A1:DC:F9:0D
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/402c55da-9b41-4919-88b2-6b7f5b839088.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:53:c1:89:ab:43:e9:e0:a8:1b:30:75:33:0f:85:39:46:6c:
         45:5c:77:f1:17:ab:2f:07:06:0b:ea:3d:76:58:00:62:39:b5:
         d1:30:b7:e8:15:a9:06:c3:16:c3:dc:15:8e:56:dd:44:7f:64:
         a8:c5:a9:ab:f3:12:a0:07:19:9a:a3:bd:ee:93:2d:52:c2:82:
         57:e5:ef:51:88:5f:0c:dd:ab:18:0b:e8:f1:a7:e5:dc:b3:af:
         b9:ab:74:0c:cf:89:9d:5b:ec:95:f3:0a:9b:5c:af:7e:2b:f4:
         0e:70:03:0f:c5:5a:72:5d:1a:fd:b9:56:0f:5e:4a:13:58:75:
         fa:60:01:96:76:19:7a:8d:57:ab:69:d5:5d:c2:2d:e8:82:c0:
         3f:c6:90:c5:74:85:8e:8e:4f:fb:16:6d:ba:48:87:ba:57:88:
         9f:4e:16:2a:6e:a0:6b:6a:0b:67:ed:93:98:5b:29:e8:5f:e5:
         38:bd:99:8d:ca:dc:45:7c:e2:e5:72:e6:f7:bd:bc:54:4d:7e:
         6e:34:ec:31:92:9a:ba:b7:9d:3a:d6:f4:83:e9:c8:1b:50:83:
         47:6d:66:ed:a1:31:2e:8d:e5:d6:a2:eb:c7:28:ed:c5:5b:42:
         17:af:ee:13:c7:2a:70:35:f2:54:8f:df:b3:68:41:d9:41:cf:
         5b:7f:54:36
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUFWppvWON3rJjA9jVZwFsf1V0g+4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzA5MDAwMDAwWhcNMjMwMzEyMjM1OTU5
WjCBpTFJMEcGA1UEBRNAYWU1OGMwMWM0Y2NmNjViNjg4ZGMyY2JjOTk3ZTE3OTNl
OTIwYThlMzhjNmY0ZDU3MGU5YzA3MGZhN2NhYWE5ODEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALuTk7yA5XpttmYFp87RCdJa+cWMU3X+syE+DQfNyw7HM3q3r/7p
89VrA1AERXDfenmCe1apHSnxMOaw8CFU78wGDsjEcWJ838sVaSbdb+xZb38NWu9k
tYKki7WVZ2BbRP7DXIImm8IxH+Yk7AIoboS8QAR05GYSibMBO9pkkvmKQZB3cqhX
MhLaMUmQweTDlkLoQ/Ba6Da/1ry5n+B2w4aFJQD6yqNNZ81pgZF7bnpCzdzyknLv
8QczC5zqRT/AdzKIRIxIIOEjJWzyeaA2k0dobviIWWBAcbyPyrMV7WPkw1QWzOVH
83yiACvbgpJlk/pI1+qQ29CPzyNgHJxERfMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSc4UZuASs4qU3156DEsLVcodz5DTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNDAyYzU1ZGEtOWI0MS00OTE5LTg4YjItNmI3ZjViODM5MDg4LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJJTwYmrQ+ngqBsw
dTMPhTlGbEVcd/EXqy8HBgvqPXZYAGI5tdEwt+gVqQbDFsPcFY5W3UR/ZKjFqavz
EqAHGZqjve6TLVLCglfl71GIXwzdqxgL6PGn5dyzr7mrdAzPiZ1b7JXzCptcr34r
9A5wAw/FWnJdGv25Vg9eShNYdfpgAZZ2GXqNV6tp1V3CLeiCwD/GkMV0hY6OT/sW
bbpIh7pXiJ9OFipuoGtqC2ftk5hbKehf5Ti9mY3K3EV84uVy5ve9vFRNfm407DGS
mrq3nTrW9IPpyBtQg0dtZu2hMS6N5dai68co7cVbQhev7hPHKnA18lSP37NoQdlB
z1t/VDY=
-----END CERTIFICATE-----