Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/422ccef8-3331-42cd-b255-ab585d536200.roa
File:                     422ccef8-3331-42cd-b255-ab585d536200.roa (raw, json)
Hash identifier:          GeFlZUH5+UY9456BrWQg7Tm+AKWx0fU72/8mUPYy8Ms=
Subject key identifier:   41:B4:18:4B:32:94:48:58:E7:E7:08:29:00:0F:14:FD:FB:0D:59:23
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       3F93F92809EF022D56B0C65E7C6DAF76055C577C
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/422ccef8-3331-42cd-b255-ab585d536200.roa
Signing time:             Sat 11 Feb 2023 00:00:00 +0000
ROA not before:           Sat 11 Feb 2023 00:00:00 +0000
ROA not after:            Tue 14 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:93:f9:28:09:ef:02:2d:56:b0:c6:5e:7c:6d:af:76:05:5c:57:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 11 00:00:00 2023 GMT
            Not After : Feb 14 23:59:59 2023 GMT
        Subject: serialNumber=d8547cd69b06d9047b3510cf69c57467ba8d397f1e4034139c0905e2b0b29af5, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:ff:5f:02:2a:87:da:07:f6:8d:5c:fc:b6:19:
                    85:24:17:30:f9:ad:eb:9d:5e:7c:09:fc:f9:c0:eb:
                    6f:1f:a7:70:34:2d:af:fe:ea:c5:e9:47:0c:40:7f:
                    2f:89:58:3a:27:23:a6:d8:e0:73:ae:e7:75:e3:f1:
                    8f:6d:db:a4:d0:9d:e5:a8:1a:14:18:fd:13:46:09:
                    ce:51:79:82:0e:91:87:6d:0b:7d:59:c8:f9:cb:48:
                    15:82:f9:6e:79:10:93:54:9b:bc:39:a5:49:8b:72:
                    e5:13:36:f7:3a:bb:da:69:ae:f7:7d:3c:62:3c:b3:
                    82:4e:73:96:c7:fb:e2:11:78:3b:e2:35:22:28:b7:
                    38:d9:2b:62:f3:bf:64:09:bf:e8:a7:69:3d:52:ea:
                    8e:50:6f:d2:a8:e6:72:de:31:eb:50:7f:6a:48:cc:
                    92:b2:00:f7:f1:f5:07:a2:67:f6:66:7b:ec:66:f9:
                    79:7b:fd:43:df:55:03:69:69:b3:cf:22:3a:83:d0:
                    33:fa:eb:89:26:94:78:d3:3f:57:ca:39:2f:ab:04:
                    ec:47:25:d7:c8:12:35:28:c1:20:95:f0:0c:71:52:
                    03:48:b0:c5:d0:ec:c2:f2:62:eb:68:8c:1d:d0:c4:
                    73:1f:22:7a:7b:ee:49:e5:d4:34:d6:47:fc:37:bd:
                    96:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:B4:18:4B:32:94:48:58:E7:E7:08:29:00:0F:14:FD:FB:0D:59:23
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/422ccef8-3331-42cd-b255-ab585d536200.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:3e:8b:38:1b:05:a2:19:bb:d7:88:77:54:a3:44:72:6f:54:
         98:70:6e:71:a6:0d:84:fc:2d:63:52:04:cd:b7:ba:b3:e0:b5:
         f0:04:7f:5f:e4:51:e0:76:d4:c3:ae:91:89:0d:2f:b7:1f:4a:
         9a:29:98:6d:6f:0e:2a:72:ea:da:04:02:da:1f:36:67:58:8e:
         b1:4d:2e:79:94:0b:bd:03:a9:50:5d:62:2f:1a:7c:95:b0:14:
         1f:b5:be:a2:6c:42:5b:5c:aa:c7:d7:73:1c:7b:18:2a:87:d4:
         b2:3a:5d:dc:f2:7d:48:2d:4f:ca:fd:b1:07:6d:b5:f0:d6:af:
         af:5b:2a:57:e4:59:23:c0:62:61:ee:d6:ef:78:7d:ed:04:6f:
         64:96:ac:75:92:ef:76:1f:cb:68:a9:70:27:6d:84:af:a0:f3:
         bd:85:98:74:3b:83:1e:9e:c6:a8:83:a3:e9:92:50:20:c6:79:
         10:79:ad:3c:87:91:83:94:36:03:c6:6a:ba:cf:53:5e:63:7b:
         52:ce:ca:bc:d6:0f:31:4a:53:1d:9d:d9:38:29:df:06:cf:40:
         f8:91:34:5e:42:c4:fa:98:58:4b:ce:b8:6a:60:8b:1d:1a:52:
         09:90:e5:5f:89:2b:e3:7e:9b:15:75:a2:e5:7d:11:e7:7a:44:
         d2:95:f2:8c
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUP5P5KAnvAi1WsMZefG2vdgVcV3wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjExMDAwMDAwWhcNMjMwMjE0MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZDg1NDdjZDY5YjA2ZDkwNDdiMzUxMGNmNjljNTc0Njdi
YThkMzk3ZjFlNDAzNDEzOWMwOTA1ZTJiMGIyOWFmNTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAIL/XwIqh9oH9o1c/LYZhSQXMPmt651efAn8+cDrbx+ncDQtr/7q
xelHDEB/L4lYOicjptjgc67ndePxj23bpNCd5agaFBj9E0YJzlF5gg6Rh20LfVnI
+ctIFYL5bnkQk1SbvDmlSYty5RM29zq72mmu9308Yjyzgk5zlsf74hF4O+I1Iii3
ONkrYvO/ZAm/6KdpPVLqjlBv0qjmct4x61B/akjMkrIA9/H1B6Jn9mZ77Gb5eXv9
Q99VA2lps88iOoPQM/rriSaUeNM/V8o5L6sE7Ecl18gSNSjBIJXwDHFSA0iwxdDs
wvJi62iMHdDEcx8ienvuSeXUNNZH/De9lrMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRBtBhLMpRIWOfnCCkADxT9+w1ZIzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNDIyY2NlZjgtMzMzMS00MmNkLWIyNTUtYWI1ODVkNTM2MjAwLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFs+izgbBaIZu9eI
d1SjRHJvVJhwbnGmDYT8LWNSBM23urPgtfAEf1/kUeB21MOukYkNL7cfSpopmG1v
Dipy6toEAtofNmdYjrFNLnmUC70DqVBdYi8afJWwFB+1vqJsQltcqsfXcxx7GCqH
1LI6XdzyfUgtT8r9sQdttfDWr69bKlfkWSPAYmHu1u94fe0Eb2SWrHWS73Yfy2ip
cCdthK+g872FmHQ7gx6exqiDo+mSUCDGeRB5rTyHkYOUNgPGarrPU15je1LOyrzW
DzFKUx2d2Tgp3wbPQPiRNF5CxPqYWEvOuGpgix0aUgmQ5V+JK+N+mxV1ouV9Eed6
RNKV8ow=
-----END CERTIFICATE-----