Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/43182371-52b7-48a7-92e7-9eedc009a215.roa
File:                     43182371-52b7-48a7-92e7-9eedc009a215.roa (raw, json)
Hash identifier:          PScfA542umESKz5Wf1K60uUcrAjhBkoxPhPw60UGmSc=
Subject key identifier:   C4:91:AA:40:23:40:A8:3A:E7:61:1F:0C:73:3E:CC:4D:5B:28:AB:23
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       20DD653300A5903BA82BCD5FE2BBA85A8816D465
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/43182371-52b7-48a7-92e7-9eedc009a215.roa
Signing time:             Sat 18 Mar 2023 00:00:00 +0000
ROA not before:           Sat 18 Mar 2023 00:00:00 +0000
ROA not after:            Tue 21 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:dd:65:33:00:a5:90:3b:a8:2b:cd:5f:e2:bb:a8:5a:88:16:d4:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 18 00:00:00 2023 GMT
            Not After : Mar 21 23:59:59 2023 GMT
        Subject: serialNumber=adb6f0eaeea7aa09bd94250db608c6d1b7ff4a01e2d31afe3786584c3b00e84f, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:48:e9:a6:da:54:50:16:49:4f:69:5b:34:c8:
                    e7:fb:12:d3:2b:fc:32:d0:19:d2:10:b9:5e:51:5c:
                    c2:db:e3:a7:18:78:97:46:d0:c7:43:96:f2:a0:2d:
                    e9:a4:51:86:73:76:6e:f5:8b:9f:56:56:c0:f8:75:
                    b3:e6:f2:8b:35:c8:f6:4f:1c:81:4d:02:0f:d1:b8:
                    95:44:c0:da:ce:26:cb:53:8b:31:bc:0e:a4:2e:ff:
                    19:a5:1b:0e:8e:b1:64:81:ac:d8:4d:a0:39:30:53:
                    5b:e5:a6:b9:d9:69:97:36:13:14:2b:c2:97:83:77:
                    99:e1:2d:7b:78:f1:55:c4:03:5e:a7:df:9a:75:f5:
                    ab:ea:ae:5c:95:a6:f5:bf:fd:30:34:7f:2b:93:89:
                    3c:02:20:f8:de:a9:71:5b:75:e4:d5:91:4c:5f:ec:
                    96:45:cc:38:bf:f9:4a:07:82:6e:be:ed:a7:fc:9c:
                    45:e6:39:c2:67:f1:21:0f:19:55:23:c9:fc:04:5f:
                    31:4c:c1:40:38:bc:b2:04:48:af:61:7b:97:4c:42:
                    3b:81:36:0f:67:fc:02:d0:15:b8:6a:2b:38:8a:ab:
                    dd:68:9c:17:c0:98:60:b5:63:f6:7f:2e:ee:d5:b2:
                    ea:bd:0f:2a:5e:74:9f:97:f1:af:39:1e:83:1e:4c:
                    93:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:91:AA:40:23:40:A8:3A:E7:61:1F:0C:73:3E:CC:4D:5B:28:AB:23
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/43182371-52b7-48a7-92e7-9eedc009a215.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:44:05:28:5a:f1:42:1e:f2:8f:d6:9f:b3:67:e0:82:46:36:
         b2:03:65:cd:28:37:b2:21:59:8e:78:95:12:7c:c9:7f:39:11:
         23:31:47:fd:d4:b4:3a:27:43:7d:3f:bb:c8:7c:5c:ac:ce:21:
         fb:01:7b:bf:f0:28:41:e3:d1:ba:c4:46:ff:34:7e:13:ca:58:
         c7:01:3b:6a:81:dd:73:41:21:4b:05:35:9d:0f:44:aa:c1:85:
         ac:af:dc:ed:28:0b:3f:7f:3b:37:fe:7e:c3:5e:8f:d4:3e:36:
         91:62:3a:67:e9:ca:a8:1c:cb:f2:96:4f:8d:c6:38:92:d0:5b:
         08:2a:cb:9f:a1:cb:fe:16:0a:54:d1:71:fc:17:80:24:ce:7c:
         e2:fe:f5:b5:99:ee:54:6f:a7:16:b7:49:19:45:a3:62:1d:54:
         d9:a6:b0:0b:c7:75:36:43:96:44:5b:b4:e6:33:31:cc:0e:2f:
         8d:6c:6e:d4:48:a2:dc:18:5f:bc:6d:f5:52:63:82:6a:c7:b1:
         78:f6:87:38:f6:14:88:eb:86:d6:9d:5d:05:9d:fe:65:98:64:
         ec:e2:c7:1d:0c:6f:8d:3f:c2:6a:0c:20:4d:61:ae:33:bf:48:
         28:55:b6:e9:6e:0a:54:60:54:b3:90:3f:2e:25:0d:7a:38:50:
         d4:c2:60:96
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUIN1lMwClkDuoK81f4ruoWogW1GUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzE4MDAwMDAwWhcNMjMwMzIxMjM1OTU5
WjCBpTFJMEcGA1UEBRNAYWRiNmYwZWFlZWE3YWEwOWJkOTQyNTBkYjYwOGM2ZDFi
N2ZmNGEwMWUyZDMxYWZlMzc4NjU4NGMzYjAwZTg0ZjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAK5I6abaVFAWSU9pWzTI5/sS0yv8MtAZ0hC5XlFcwtvjpxh4l0bQ
x0OW8qAt6aRRhnN2bvWLn1ZWwPh1s+byizXI9k8cgU0CD9G4lUTA2s4my1OLMbwO
pC7/GaUbDo6xZIGs2E2gOTBTW+WmudlplzYTFCvCl4N3meEte3jxVcQDXqffmnX1
q+quXJWm9b/9MDR/K5OJPAIg+N6pcVt15NWRTF/slkXMOL/5SgeCbr7tp/ycReY5
wmfxIQ8ZVSPJ/ARfMUzBQDi8sgRIr2F7l0xCO4E2D2f8AtAVuGorOIqr3WicF8CY
YLVj9n8u7tWy6r0PKl50n5fxrzkegx5MkycCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTEkapAI0CoOudhHwxzPsxNWyirIzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNDMxODIzNzEtNTJiNy00OGE3LTkyZTctOWVlZGMwMDlhMjE1LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAApEBSha8UIe8o/W
n7Nn4IJGNrIDZc0oN7IhWY54lRJ8yX85ESMxR/3UtDonQ30/u8h8XKzOIfsBe7/w
KEHj0brERv80fhPKWMcBO2qB3XNBIUsFNZ0PRKrBhayv3O0oCz9/Ozf+fsNej9Q+
NpFiOmfpyqgcy/KWT43GOJLQWwgqy5+hy/4WClTRcfwXgCTOfOL+9bWZ7lRvpxa3
SRlFo2IdVNmmsAvHdTZDlkRbtOYzMcwOL41sbtRIotwYX7xt9VJjgmrHsXj2hzj2
FIjrhtadXQWd/mWYZOzixx0Mb40/wmoMIE1hrjO/SChVtuluClRgVLOQPy4lDXo4
UNTCYJY=
-----END CERTIFICATE-----