Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/437db21f-4453-4962-8254-f725a1afb703.roa
File:                     437db21f-4453-4962-8254-f725a1afb703.roa (raw, json)
Hash identifier:          hSAyP2t1IHTJ7Qf2WfdB0QCzcKjHkWEK07V8d/5l8pU=
Subject key identifier:   08:D0:4E:00:4F:72:83:E5:30:E8:FA:29:ED:48:AF:B0:64:14:FB:9F
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       FBD8383938C0DF5DE3C0D5099BF7E40877CBD6
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/437db21f-4453-4962-8254-f725a1afb703.roa
Signing time:             Thu 27 Oct 2022 00:00:00 +0000
ROA not before:           Thu 27 Oct 2022 00:00:00 +0000
ROA not after:            Sun 30 Oct 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            fb:d8:38:39:38:c0:df:5d:e3:c0:d5:09:9b:f7:e4:08:77:cb:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Oct 27 00:00:00 2022 GMT
            Not After : Oct 30 23:59:59 2022 GMT
        Subject: serialNumber=e4f1748ae58c5e89cecf5bf38912cd9a8687275d507aa1423f15259d0e125aea, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:c8:53:e0:11:f4:0f:86:c1:fe:01:b8:8e:66:
                    89:d3:82:38:a8:3b:dc:51:22:0d:7c:73:fc:d0:b0:
                    06:53:e2:1b:6b:2f:f6:91:33:74:ad:60:eb:18:72:
                    43:63:1f:b8:d9:74:0c:d7:72:9e:fc:a3:c9:cd:b3:
                    c5:13:c7:31:6f:7d:c3:de:14:4a:11:76:7a:2a:c1:
                    af:4d:18:8b:e2:d1:35:17:93:ea:18:f8:bd:e3:42:
                    08:39:1b:5c:c7:03:5e:1e:5c:c4:f1:2e:00:a7:9d:
                    98:5c:b6:99:f9:12:80:e9:aa:41:15:86:39:49:ee:
                    08:6c:45:f6:5b:d0:c5:10:96:e2:ef:47:92:4f:16:
                    70:df:62:e7:55:c6:b8:58:2a:4c:a0:06:60:c4:29:
                    a7:fd:ce:d0:96:30:18:c3:f8:8e:e5:b3:f1:54:6b:
                    aa:14:78:45:86:21:c7:7d:cc:bc:c6:08:6f:9e:92:
                    1b:25:e2:0c:d1:02:64:12:56:74:6b:37:00:8f:6e:
                    7b:02:45:f8:2f:83:f9:ff:a0:16:c7:aa:04:37:24:
                    d3:e0:e6:3f:35:49:70:7e:c9:05:19:9a:45:c0:b8:
                    27:11:84:36:bc:ff:0d:39:77:63:e6:5d:5b:32:0d:
                    f9:ce:89:5a:e6:ae:3a:24:21:cc:ed:ef:92:f2:50:
                    a0:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:D0:4E:00:4F:72:83:E5:30:E8:FA:29:ED:48:AF:B0:64:14:FB:9F
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/437db21f-4453-4962-8254-f725a1afb703.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:ba:be:29:4a:2c:3a:a1:67:01:22:6d:e9:a1:d2:61:69:7c:
         bd:2a:c9:4e:6d:83:1f:f7:d8:d4:a4:4e:14:b7:b9:f7:ea:4d:
         31:4d:f2:dc:69:8f:ae:e3:eb:a8:36:c3:b5:53:ad:90:87:b3:
         70:ad:a2:df:c6:8f:ab:6c:31:ad:63:ac:24:3b:d6:b0:dd:8a:
         15:19:50:d7:e8:8b:dd:cc:e0:29:49:02:26:a2:84:ed:39:f3:
         57:7a:17:7c:2a:ff:0a:0e:e7:da:63:c4:1c:5a:3c:d4:92:a8:
         10:2d:be:0c:50:83:e0:67:f6:a4:b5:01:7a:14:3b:30:36:67:
         79:4a:85:99:cc:35:a3:93:01:6a:98:ef:03:dc:20:cb:ab:1f:
         ec:9e:7e:85:31:7b:86:21:c0:38:66:f4:3f:59:65:72:4e:15:
         ff:d0:5e:24:40:0a:80:f9:70:8e:e2:86:80:e9:94:b1:77:8a:
         96:1b:6f:ed:90:d3:54:1f:bb:b8:5a:2f:00:67:d1:f3:d7:ec:
         a1:7e:57:f3:bc:24:79:1b:b4:d8:18:80:bb:69:23:28:63:db:
         f7:20:b2:11:66:26:38:02:f3:51:d3:a8:a4:01:1f:23:a0:3a:
         70:9c:6f:1d:e9:9c:03:b4:22:d3:39:10:f6:0c:3e:30:5a:31:
         70:07:37:86
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUAPvYODk4wN9d48DVCZv35Ah3y9YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMDI3MDAwMDAwWhcNMjIxMDMwMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZTRmMTc0OGFlNThjNWU4OWNlY2Y1YmYzODkxMmNkOWE4
Njg3Mjc1ZDUwN2FhMTQyM2YxNTI1OWQwZTEyNWFlYTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKzIU+AR9A+Gwf4BuI5midOCOKg73FEiDXxz/NCwBlPiG2sv9pEz
dK1g6xhyQ2MfuNl0DNdynvyjyc2zxRPHMW99w94UShF2eirBr00Yi+LRNReT6hj4
veNCCDkbXMcDXh5cxPEuAKedmFy2mfkSgOmqQRWGOUnuCGxF9lvQxRCW4u9Hkk8W
cN9i51XGuFgqTKAGYMQpp/3O0JYwGMP4juWz8VRrqhR4RYYhx33MvMYIb56SGyXi
DNECZBJWdGs3AI9uewJF+C+D+f+gFseqBDck0+DmPzVJcH7JBRmaRcC4JxGENrz/
DTl3Y+ZdWzIN+c6JWuauOiQhzO3vkvJQoB0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQI0E4AT3KD5TDo+intSK+wZBT7nzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNDM3ZGIyMWYtNDQ1My00OTYyLTgyNTQtZjcyNWExYWZiNzAzLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADS6vilKLDqhZwEi
bemh0mFpfL0qyU5tgx/32NSkThS3uffqTTFN8txpj67j66g2w7VTrZCHs3Ctot/G
j6tsMa1jrCQ71rDdihUZUNfoi93M4ClJAiaihO0581d6F3wq/woO59pjxBxaPNSS
qBAtvgxQg+Bn9qS1AXoUOzA2Z3lKhZnMNaOTAWqY7wPcIMurH+yefoUxe4YhwDhm
9D9ZZXJOFf/QXiRACoD5cI7ihoDplLF3ipYbb+2Q01Qfu7haLwBn0fPX7KF+V/O8
JHkbtNgYgLtpIyhj2/cgshFmJjgC81HTqKQBHyOgOnCcbx3pnAO0ItM5EPYMPjBa
MXAHN4Y=
-----END CERTIFICATE-----