Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/5373b49c-586f-4258-b48d-c380d3a23d07.roa
File:                     5373b49c-586f-4258-b48d-c380d3a23d07.roa (raw, json)
Hash identifier:          DGh4WC4NYJpNDVt8luO40kFZe5tLqS+yZjoePGzEXNE=
Subject key identifier:   0E:F8:35:E7:C9:12:C7:C5:73:34:51:7E:2E:8A:F6:C5:3B:D3:04:B6
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       5F99BBF3E792A3714F60FD818F7F93FE5EB56B98
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/5373b49c-586f-4258-b48d-c380d3a23d07.roa
Signing time:             Fri 24 Mar 2023 00:00:00 +0000
ROA not before:           Fri 24 Mar 2023 00:00:00 +0000
ROA not after:            Mon 27 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:99:bb:f3:e7:92:a3:71:4f:60:fd:81:8f:7f:93:fe:5e:b5:6b:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 24 00:00:00 2023 GMT
            Not After : Mar 27 23:59:59 2023 GMT
        Subject: serialNumber=3453a6019abd5418b0cbc1c15a0b7aacf7db9bf8ad9da0a23c6cc7b0f6cda4bd, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:54:48:a7:ed:d4:0a:07:8e:e2:c7:40:0f:38:
                    2f:be:93:74:09:2d:13:89:2e:4a:96:48:a2:ca:1a:
                    cc:77:31:50:29:d3:c5:97:96:12:e9:c1:1a:e6:88:
                    f2:df:b1:d9:eb:cf:8b:25:40:57:80:a9:a4:c7:9c:
                    ab:3a:ca:47:e3:39:74:49:fb:be:e7:b0:c7:da:ee:
                    88:71:5e:2a:14:19:41:fa:2a:1c:b9:ef:9b:00:4f:
                    75:d1:6a:97:5f:60:08:43:a2:93:ac:41:43:b8:8f:
                    51:61:3c:48:d1:ba:00:a7:40:e6:ae:b9:19:78:03:
                    6f:47:a2:f0:8c:80:00:04:43:23:34:d6:64:9f:5b:
                    88:f3:bb:37:57:58:3e:d8:09:97:43:d8:db:07:26:
                    b0:52:c5:81:24:1d:c2:90:44:e0:d6:ac:55:e3:1d:
                    09:db:bb:42:77:08:26:88:78:c5:77:53:e4:b0:36:
                    35:3b:26:49:d1:42:78:21:ff:02:a7:77:40:ce:c5:
                    7b:7a:ae:b8:82:7d:a9:dc:7f:fc:79:63:b6:93:23:
                    55:88:ef:81:df:b4:8b:3b:29:5b:16:b9:a7:e7:53:
                    57:90:32:c4:46:d5:c5:c6:a6:66:57:26:4d:9a:db:
                    ab:8b:98:80:01:45:95:ec:cb:b6:a7:a7:90:51:0b:
                    08:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:F8:35:E7:C9:12:C7:C5:73:34:51:7E:2E:8A:F6:C5:3B:D3:04:B6
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/5373b49c-586f-4258-b48d-c380d3a23d07.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:2e:4e:31:90:a5:00:26:2c:b3:8f:86:5a:5a:40:d1:10:2e:
         6d:a0:c6:18:c7:b0:cf:8e:d7:5f:a1:4b:0e:98:87:da:49:65:
         f0:e3:86:1e:34:a9:4d:1f:c2:fe:68:82:33:c3:4b:0a:ab:dc:
         d3:0f:ab:24:fe:06:7d:e2:ae:be:b2:e9:61:91:2f:d2:8e:61:
         f4:93:5b:b7:0e:78:36:e8:e9:1d:3a:51:50:d1:9f:0d:85:35:
         c2:49:1c:59:fb:95:95:01:52:9d:bc:29:dd:23:84:e9:a8:62:
         63:78:93:5d:c6:64:17:53:fd:f5:03:6a:f3:89:0a:c8:ee:4e:
         d9:d0:55:a7:49:49:6a:5e:b8:1b:b4:c1:66:01:57:45:a7:34:
         cd:4f:85:e3:bb:5f:a2:c7:d1:42:0c:d7:8b:d8:70:60:63:2b:
         1b:e5:d7:b7:87:a9:91:59:c4:fd:56:ef:e1:4f:07:c6:d3:9c:
         58:b3:1f:9b:35:48:e3:68:32:e3:f6:cd:02:b9:b6:40:80:85:
         6a:98:29:11:34:68:3e:60:7d:8a:ca:da:c1:89:59:9d:01:fc:
         a7:87:c6:1d:f4:68:98:cd:4f:fb:85:1a:e0:b4:bb:eb:4a:f2:
         ee:cc:69:c2:f9:d7:c2:67:28:72:60:77:3e:2b:9d:f6:2a:67:
         d6:3e:c9:24
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUX5m78+eSo3FPYP2Bj3+T/l61a5gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzI0MDAwMDAwWhcNMjMwMzI3MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMzQ1M2E2MDE5YWJkNTQxOGIwY2JjMWMxNWEwYjdhYWNm
N2RiOWJmOGFkOWRhMGEyM2M2Y2M3YjBmNmNkYTRiZDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJZUSKft1AoHjuLHQA84L76TdAktE4kuSpZIosoazHcxUCnTxZeW
EunBGuaI8t+x2evPiyVAV4CppMecqzrKR+M5dEn7vuewx9ruiHFeKhQZQfoqHLnv
mwBPddFql19gCEOik6xBQ7iPUWE8SNG6AKdA5q65GXgDb0ei8IyAAARDIzTWZJ9b
iPO7N1dYPtgJl0PY2wcmsFLFgSQdwpBE4NasVeMdCdu7QncIJoh4xXdT5LA2NTsm
SdFCeCH/Aqd3QM7Fe3quuIJ9qdx//HljtpMjVYjvgd+0izspWxa5p+dTV5AyxEbV
xcamZlcmTZrbq4uYgAFFlezLtqenkFELCPMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQO+DXnyRLHxXM0UX4uivbFO9MEtjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNTM3M2I0OWMtNTg2Zi00MjU4LWI0OGQtYzM4MGQzYTIzZDA3LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKUuTjGQpQAmLLOP
hlpaQNEQLm2gxhjHsM+O11+hSw6Yh9pJZfDjhh40qU0fwv5ogjPDSwqr3NMPqyT+
Bn3irr6y6WGRL9KOYfSTW7cOeDbo6R06UVDRnw2FNcJJHFn7lZUBUp28Kd0jhOmo
YmN4k13GZBdT/fUDavOJCsjuTtnQVadJSWpeuBu0wWYBV0WnNM1PheO7X6LH0UIM
14vYcGBjKxvl17eHqZFZxP1W7+FPB8bTnFizH5s1SONoMuP2zQK5tkCAhWqYKRE0
aD5gfYrK2sGJWZ0B/KeHxh30aJjNT/uFGuC0u+tK8u7MacL518JnKHJgdz4rnfYq
Z9Y+ySQ=
-----END CERTIFICATE-----