Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/478c0d18-edfb-400e-a19e-7ab96c82961b.roa
File:                     478c0d18-edfb-400e-a19e-7ab96c82961b.roa (raw, json)
Hash identifier:          GUFSMRmeTglThVdfXZugaUKYYMwfNgs6lM8q0naGjZg=
Subject key identifier:   D1:F0:B2:FD:26:7D:6C:6B:19:3B:8E:F2:45:25:F5:70:C7:03:6F:D5
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       5023461A7953C60A8935F8444777512FA223BB1A
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/478c0d18-edfb-400e-a19e-7ab96c82961b.roa
Signing time:             Sun 23 Apr 2023 00:00:00 +0000
ROA not before:           Sun 23 Apr 2023 00:00:00 +0000
ROA not after:            Wed 26 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:23:46:1a:79:53:c6:0a:89:35:f8:44:47:77:51:2f:a2:23:bb:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 23 00:00:00 2023 GMT
            Not After : Apr 26 23:59:59 2023 GMT
        Subject: serialNumber=0608a7a19a02f010ce8fb806c91cd218c5038666a5c20b1e203061e87464a5d2, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:93:c3:d1:eb:bd:6e:4b:6e:1c:96:50:32:be:
                    5c:15:b4:46:f3:ba:58:cf:c7:7a:81:89:f0:50:4b:
                    62:7b:8a:69:1d:e2:91:1c:b1:32:3b:53:40:bb:4c:
                    13:01:64:af:e6:eb:5f:cf:32:b3:ec:ac:33:eb:f1:
                    e1:bb:7b:88:de:f6:0f:a5:13:7e:2f:dd:58:69:2e:
                    5b:82:db:f5:8f:0c:f7:a5:73:a6:b3:c3:e9:a4:23:
                    49:86:f3:b9:5e:c2:a4:a6:8a:b8:b4:7f:53:d0:af:
                    34:5d:bd:52:56:4e:3c:8d:70:57:e7:41:28:b0:1e:
                    af:f1:7d:e4:a8:1a:0d:98:95:2c:06:21:d0:dc:a4:
                    08:6a:b4:9b:4e:15:84:51:7d:08:af:b4:28:42:5f:
                    de:ae:8a:5f:99:51:1b:9a:9d:ed:50:bf:26:54:41:
                    fd:40:98:3a:42:43:b9:34:56:a3:32:18:94:42:bf:
                    0d:aa:8e:e5:af:26:92:0e:ce:a2:55:86:4c:e4:54:
                    5b:ed:02:72:70:26:94:5c:cf:ec:5b:81:2f:89:f6:
                    a8:36:06:23:aa:a0:23:4b:83:45:a6:46:2f:4d:00:
                    b1:33:6d:d4:d1:0b:e7:87:e9:fb:45:66:60:53:08:
                    9a:a8:12:05:c4:fb:5f:8b:af:02:89:31:41:75:26:
                    e1:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:F0:B2:FD:26:7D:6C:6B:19:3B:8E:F2:45:25:F5:70:C7:03:6F:D5
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/478c0d18-edfb-400e-a19e-7ab96c82961b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:c8:cd:28:cd:d2:82:d5:7e:71:d2:7e:a3:a3:f0:d2:5f:82:
         08:e8:88:f1:ce:b2:97:3e:62:31:c2:a9:dd:91:e0:c9:59:0b:
         c8:92:a3:15:a7:62:b2:7a:b6:32:56:4a:79:7a:a0:ff:cb:c3:
         01:e1:86:06:16:28:f1:79:c5:86:37:23:b4:76:f8:51:65:31:
         70:96:e1:c6:d0:5c:3e:fb:0a:78:09:15:c8:1a:db:f3:8e:8d:
         cd:26:03:cf:f2:d8:ed:e0:db:3b:e5:c4:a1:53:a4:81:a9:25:
         0b:96:32:19:9a:bd:e9:70:0a:ce:37:c8:b6:38:5f:50:f4:a6:
         16:38:89:58:e5:57:23:7d:51:ef:f8:c8:71:bb:2a:7b:fa:bb:
         99:ea:3d:9c:34:f5:d8:e7:e6:b7:a8:54:6d:fa:57:f6:40:03:
         1a:83:7d:1a:44:63:0d:8c:31:82:9b:2d:bd:71:8d:6c:d1:6f:
         0c:94:5d:51:97:2e:39:45:1f:d8:db:3b:e5:7b:ad:bb:42:db:
         d7:22:d8:e7:87:85:8f:1c:88:32:12:e3:9c:5b:11:49:2b:92:
         9a:03:20:4b:19:67:24:fb:7d:91:fd:88:08:ca:5c:e2:ea:33:
         4c:b2:9e:94:ad:c4:38:62:8e:d7:42:05:ac:f1:d7:9f:3c:c8:
         f1:fd:d1:0e
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUUCNGGnlTxgqJNfhER3dRL6IjuxowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDIzMDAwMDAwWhcNMjMwNDI2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMDYwOGE3YTE5YTAyZjAxMGNlOGZiODA2YzkxY2QyMThj
NTAzODY2NmE1YzIwYjFlMjAzMDYxZTg3NDY0YTVkMjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKyTw9HrvW5LbhyWUDK+XBW0RvO6WM/HeoGJ8FBLYnuKaR3ikRyx
MjtTQLtMEwFkr+brX88ys+ysM+vx4bt7iN72D6UTfi/dWGkuW4Lb9Y8M96VzprPD
6aQjSYbzuV7CpKaKuLR/U9CvNF29UlZOPI1wV+dBKLAer/F95KgaDZiVLAYh0Nyk
CGq0m04VhFF9CK+0KEJf3q6KX5lRG5qd7VC/JlRB/UCYOkJDuTRWozIYlEK/DaqO
5a8mkg7OolWGTORUW+0CcnAmlFzP7FuBL4n2qDYGI6qgI0uDRaZGL00AsTNt1NEL
54fp+0VmYFMImqgSBcT7X4uvAokxQXUm4b0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTR8LL9Jn1saxk7jvJFJfVwxwNv1TAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNDc4YzBkMTgtZWRmYi00MDBlLWExOWUtN2FiOTZjODI5NjFiLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALnIzSjN0oLVfnHS
fqOj8NJfggjoiPHOspc+YjHCqd2R4MlZC8iSoxWnYrJ6tjJWSnl6oP/LwwHhhgYW
KPF5xYY3I7R2+FFlMXCW4cbQXD77CngJFcga2/OOjc0mA8/y2O3g2zvlxKFTpIGp
JQuWMhmavelwCs43yLY4X1D0phY4iVjlVyN9Ue/4yHG7Knv6u5nqPZw09djn5reo
VG36V/ZAAxqDfRpEYw2MMYKbLb1xjWzRbwyUXVGXLjlFH9jbO+V7rbtC29ci2OeH
hY8ciDIS45xbEUkrkpoDIEsZZyT7fZH9iAjKXOLqM0yynpStxDhijtdCBazx1588
yPH90Q4=
-----END CERTIFICATE-----