Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/49bd4edb-f171-4db6-88a3-fb081c87d703.roa
File:                     49bd4edb-f171-4db6-88a3-fb081c87d703.roa (raw, json)
Hash identifier:          7axhJxHrhte2FoIKj/tMiiryuA6eLF6n6ngFhfzKcp4=
Subject key identifier:   68:3E:99:4A:DC:F5:8C:06:1D:21:35:61:BA:96:54:C1:FD:FA:1E:64
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       2E7A75CE05EB1A95F006B97FA7EF048C230E2F9D
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/49bd4edb-f171-4db6-88a3-fb081c87d703.roa
Signing time:             Fri 21 Apr 2023 00:00:00 +0000
ROA not before:           Fri 21 Apr 2023 00:00:00 +0000
ROA not after:            Mon 24 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:7a:75:ce:05:eb:1a:95:f0:06:b9:7f:a7:ef:04:8c:23:0e:2f:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 21 00:00:00 2023 GMT
            Not After : Apr 24 23:59:59 2023 GMT
        Subject: serialNumber=ffda1fe37423e664e6d58b4f4bf061eb110e2c4ba485902954c014ad978fe6a7, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:2b:73:75:02:2a:28:49:f5:54:0d:04:06:fe:
                    cf:18:3b:3a:1a:91:94:b2:8f:e4:0c:0b:4e:f5:45:
                    a0:df:d7:17:94:56:d8:84:f4:8e:b0:d3:0d:3e:20:
                    62:42:44:a8:28:d2:5b:22:3b:31:52:89:21:19:88:
                    bc:bd:88:af:df:78:c0:e4:01:15:9b:34:2a:99:3b:
                    60:34:44:ba:67:81:f8:a0:f8:cb:f2:ad:00:b5:fd:
                    6d:fe:c7:8c:16:b9:59:fc:53:d5:1d:6c:bd:92:af:
                    4a:58:f4:ff:26:af:d4:e1:85:13:43:24:0b:cb:36:
                    68:99:22:82:a4:59:b4:3f:46:d0:c6:da:66:17:db:
                    ec:06:f9:39:c4:77:a0:72:14:a3:b8:62:2a:ec:c4:
                    b7:46:2f:17:5f:d5:6e:82:a7:60:35:5d:bf:7b:82:
                    bc:0b:a2:4f:ea:88:41:ba:ac:14:e7:75:ad:44:90:
                    0a:13:d9:63:55:d6:df:57:76:ba:5c:ce:b2:bc:5d:
                    79:fa:d2:78:fe:52:8f:34:5b:40:47:b7:0e:17:52:
                    09:45:3b:75:da:04:e2:3e:5c:d8:b3:3d:b0:46:7c:
                    28:b1:a1:66:3b:c4:72:b3:16:a0:e1:1d:6e:9b:c2:
                    d9:2e:8a:4c:5f:b4:20:11:0a:71:94:a0:c7:fc:b7:
                    f3:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:3E:99:4A:DC:F5:8C:06:1D:21:35:61:BA:96:54:C1:FD:FA:1E:64
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/49bd4edb-f171-4db6-88a3-fb081c87d703.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:2b:32:68:33:f6:1f:f0:ed:0c:c6:7f:bc:76:2c:65:41:ec:
         e2:1e:5f:75:e8:a7:8f:82:c8:56:0b:ef:c7:ee:0a:61:c9:e0:
         2f:61:8d:fe:db:06:93:e1:95:33:93:8d:e9:d2:41:86:65:3a:
         26:1c:38:11:65:85:b8:e7:61:95:96:9d:59:5a:cb:7e:55:bd:
         17:d5:48:7f:4f:49:83:64:78:3c:dd:6c:45:24:61:aa:6c:d2:
         2e:dc:1c:5b:44:36:fe:b3:37:72:71:3d:b8:19:a0:11:6f:06:
         86:49:ef:23:7c:14:39:1e:35:f3:ee:f9:81:ae:b9:ba:0e:69:
         86:5c:d5:ba:36:a1:5f:0a:7b:06:59:6e:0c:b5:42:7a:41:a2:
         8b:c3:36:45:92:e1:e5:ab:e9:19:a0:96:0a:ab:f8:30:e9:cb:
         1b:7a:21:fd:95:15:64:80:fc:53:ec:08:33:fa:fa:9f:a9:ca:
         3a:ae:ec:fb:66:9e:a4:90:5a:18:05:27:5e:36:d4:e8:38:ba:
         fd:90:14:c2:43:ac:af:d4:ca:8e:78:f0:bb:1d:fa:02:05:4f:
         a0:fc:91:2a:95:cc:4c:ce:e3:e2:c5:89:9c:59:d7:74:c7:d3:
         f5:df:18:ed:e3:c7:bb:b6:82:ab:cd:3f:0d:3a:03:01:3b:0f:
         4f:ac:6b:d1
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIULnp1zgXrGpXwBrl/p+8EjCMOL50wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDIxMDAwMDAwWhcNMjMwNDI0MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZmZkYTFmZTM3NDIzZTY2NGU2ZDU4YjRmNGJmMDYxZWIx
MTBlMmM0YmE0ODU5MDI5NTRjMDE0YWQ5NzhmZTZhNzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKQrc3UCKihJ9VQNBAb+zxg7OhqRlLKP5AwLTvVFoN/XF5RW2IT0
jrDTDT4gYkJEqCjSWyI7MVKJIRmIvL2Ir994wOQBFZs0Kpk7YDREumeB+KD4y/Kt
ALX9bf7HjBa5WfxT1R1svZKvSlj0/yav1OGFE0MkC8s2aJkigqRZtD9G0MbaZhfb
7Ab5OcR3oHIUo7hiKuzEt0YvF1/VboKnYDVdv3uCvAuiT+qIQbqsFOd1rUSQChPZ
Y1XW31d2ulzOsrxdefrSeP5SjzRbQEe3DhdSCUU7ddoE4j5c2LM9sEZ8KLGhZjvE
crMWoOEdbpvC2S6KTF+0IBEKcZSgx/y38+0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRoPplK3PWMBh0hNWG6llTB/foeZDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNDliZDRlZGItZjE3MS00ZGI2LTg4YTMtZmIwODFjODdkNzAzLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACgrMmgz9h/w7QzG
f7x2LGVB7OIeX3Xop4+CyFYL78fuCmHJ4C9hjf7bBpPhlTOTjenSQYZlOiYcOBFl
hbjnYZWWnVlay35VvRfVSH9PSYNkeDzdbEUkYaps0i7cHFtENv6zN3JxPbgZoBFv
BoZJ7yN8FDkeNfPu+YGuuboOaYZc1bo2oV8KewZZbgy1QnpBoovDNkWS4eWr6Rmg
lgqr+DDpyxt6If2VFWSA/FPsCDP6+p+pyjqu7PtmnqSQWhgFJ1421Og4uv2QFMJD
rK/Uyo548Lsd+gIFT6D8kSqVzEzO4+LFiZxZ13TH0/XfGO3jx7u2gqvNPw06AwE7
D0+sa9E=
-----END CERTIFICATE-----