Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/53864eda-9941-4ee0-9a69-39e1382b3e85.roa
File:                     53864eda-9941-4ee0-9a69-39e1382b3e85.roa (raw, json)
Hash identifier:          F5zLDuDxiTqu27RWXJfrsnEA/5vEe9gPKTkPDzYsgiw=
Subject key identifier:   9D:82:04:E6:C5:C5:04:F5:18:7F:4A:6B:CF:81:D9:D8:E8:93:AD:CC
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       64A24E1145BE74F2E493222B61CC4A1BCA45BC43
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/53864eda-9941-4ee0-9a69-39e1382b3e85.roa
Signing time:             Fri 10 Mar 2023 00:00:00 +0000
ROA not before:           Fri 10 Mar 2023 00:00:00 +0000
ROA not after:            Mon 13 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:a2:4e:11:45:be:74:f2:e4:93:22:2b:61:cc:4a:1b:ca:45:bc:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 10 00:00:00 2023 GMT
            Not After : Mar 13 23:59:59 2023 GMT
        Subject: serialNumber=99f6c49aaebfc1b61686260cb1e9a919ece8593b84d0e49db929847e6635e53b, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:f2:62:31:54:0c:46:90:78:d1:84:08:6d:69:
                    55:a8:04:b7:6f:55:8c:b8:0c:8f:a8:d6:44:23:7c:
                    65:3d:07:36:9c:e2:c4:63:bf:c6:4b:4d:b9:09:65:
                    4f:aa:cd:64:02:92:1f:7a:a5:25:47:47:a3:6c:4c:
                    c3:a5:4a:29:30:80:a3:09:32:fb:a5:83:ee:5f:e0:
                    13:34:e6:6a:f1:1e:90:e3:a6:99:ca:8a:c4:42:7e:
                    af:d4:03:1a:23:52:4e:2a:2f:d3:cf:b6:9f:60:01:
                    db:57:d5:8d:e8:22:ee:68:10:88:66:e4:bb:45:8d:
                    6e:c0:9b:5f:9b:de:36:b3:ec:3a:d4:72:b0:34:67:
                    cb:3b:0e:f9:ea:1d:1e:10:43:52:98:18:c3:be:46:
                    70:cb:76:cf:16:ea:34:f5:4a:93:ec:bf:96:75:be:
                    26:cc:36:e0:f2:1f:30:96:83:f9:3a:53:3d:cd:37:
                    60:57:80:bd:6e:72:a5:da:6d:da:57:12:38:6c:4f:
                    73:f8:24:b6:30:01:2b:0f:db:ce:99:a0:86:bf:02:
                    b7:21:c2:5a:72:5e:65:1e:f5:8a:f8:82:83:11:09:
                    3d:e7:d2:6b:c8:73:52:7b:b1:7d:f5:9d:71:7e:0e:
                    55:5e:25:28:b6:e1:e8:c3:66:71:15:c2:59:6e:03:
                    c1:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:82:04:E6:C5:C5:04:F5:18:7F:4A:6B:CF:81:D9:D8:E8:93:AD:CC
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/53864eda-9941-4ee0-9a69-39e1382b3e85.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:1f:06:be:1d:09:fa:13:60:89:ce:e7:7c:e4:e3:d3:a8:95:
         71:7c:0d:79:ec:69:22:d4:c0:2a:78:96:22:8e:7e:cd:9e:c8:
         dc:62:48:fd:42:09:17:11:05:e3:fe:6e:f7:82:a1:61:d3:dc:
         41:ba:bf:6c:fd:cc:25:f7:2c:50:0d:d5:c6:4c:f3:31:8b:3f:
         b7:83:e7:33:1b:b8:26:11:2d:51:4f:d2:98:d7:f7:66:91:c3:
         ee:a1:1c:52:06:d7:3a:b8:4e:c1:d9:a3:3c:dc:a5:3f:b3:16:
         0e:a8:95:f4:71:e5:e6:b1:12:a7:b0:33:52:d7:33:4d:15:6c:
         42:43:03:c2:98:59:78:35:a6:78:73:fb:0b:93:18:db:18:79:
         e1:3a:59:a8:a1:84:4b:34:bb:6c:fa:f8:97:e4:10:f6:34:76:
         43:0a:22:a0:5b:c8:6d:93:3c:70:ba:0c:fe:8b:e5:73:d5:f0:
         6a:eb:de:77:74:c0:b1:a2:0d:91:5a:3d:f3:73:7c:5c:19:72:
         f9:8f:b3:d5:22:43:a2:f2:b1:43:a6:e5:b2:84:54:7e:a5:a2:
         0f:e1:6e:a9:d1:15:2a:c9:74:21:4a:bd:25:ed:fb:35:90:88:
         26:f1:5f:5b:5f:e1:46:4e:a0:64:10:f5:c1:ac:51:37:43:6b:
         a7:a9:ad:2a
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUZKJOEUW+dPLkkyIrYcxKG8pFvEMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzEwMDAwMDAwWhcNMjMwMzEzMjM1OTU5
WjCBpTFJMEcGA1UEBRNAOTlmNmM0OWFhZWJmYzFiNjE2ODYyNjBjYjFlOWE5MTll
Y2U4NTkzYjg0ZDBlNDlkYjkyOTg0N2U2NjM1ZTUzYjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAL/yYjFUDEaQeNGECG1pVagEt29VjLgMj6jWRCN8ZT0HNpzixGO/
xktNuQllT6rNZAKSH3qlJUdHo2xMw6VKKTCAowky+6WD7l/gEzTmavEekOOmmcqK
xEJ+r9QDGiNSTiov08+2n2AB21fVjegi7mgQiGbku0WNbsCbX5veNrPsOtRysDRn
yzsO+eodHhBDUpgYw75GcMt2zxbqNPVKk+y/lnW+Jsw24PIfMJaD+TpTPc03YFeA
vW5ypdpt2lcSOGxPc/gktjABKw/bzpmghr8CtyHCWnJeZR71iviCgxEJPefSa8hz
UnuxffWdcX4OVV4lKLbh6MNmcRXCWW4DwVMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSdggTmxcUE9Rh/SmvPgdnY6JOtzDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNTM4NjRlZGEtOTk0MS00ZWUwLTlhNjktMzllMTM4MmIzZTg1LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAA4fBr4dCfoTYInO
53zk49OolXF8DXnsaSLUwCp4liKOfs2eyNxiSP1CCRcRBeP+bveCoWHT3EG6v2z9
zCX3LFAN1cZM8zGLP7eD5zMbuCYRLVFP0pjX92aRw+6hHFIG1zq4TsHZozzcpT+z
Fg6olfRx5eaxEqewM1LXM00VbEJDA8KYWXg1pnhz+wuTGNsYeeE6WaihhEs0u2z6
+JfkEPY0dkMKIqBbyG2TPHC6DP6L5XPV8Grr3nd0wLGiDZFaPfNzfFwZcvmPs9Ui
Q6LysUOm5bKEVH6log/hbqnRFSrJdCFKvSXt+zWQiCbxX1tf4UZOoGQQ9cGsUTdD
a6eprSo=
-----END CERTIFICATE-----