Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/55c37922-574e-45bc-b95c-45451ec0b4bd.roa
File:                     55c37922-574e-45bc-b95c-45451ec0b4bd.roa (raw, json)
Hash identifier:          hk7hP+hsCg+1Mb2UrzHu47Ki72J1qaQr/RHBPsaUvHU=
Subject key identifier:   7E:C0:EF:11:99:BC:2A:A5:31:3A:7B:E3:C4:66:3A:51:7C:94:27:E9
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       7C98673432A2903733202A2D690A60B8E339E976
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/55c37922-574e-45bc-b95c-45451ec0b4bd.roa
Signing time:             Mon 20 Feb 2023 00:00:00 +0000
ROA not before:           Mon 20 Feb 2023 00:00:00 +0000
ROA not after:            Thu 23 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:98:67:34:32:a2:90:37:33:20:2a:2d:69:0a:60:b8:e3:39:e9:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 20 00:00:00 2023 GMT
            Not After : Feb 23 23:59:59 2023 GMT
        Subject: serialNumber=a8dfba537eebc9df770e594c905770934154027b2b9de5c2cf95f724faac206d, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:1b:3c:31:8b:76:d4:f7:f0:c4:b7:f1:e0:da:
                    88:2a:da:59:55:ac:5e:00:fe:d3:96:3f:f4:f5:bb:
                    e5:e4:18:ca:de:56:8c:89:2b:0a:b0:39:ba:b7:b1:
                    4c:37:74:0d:c5:22:73:15:cb:1b:61:c3:96:58:57:
                    1c:e8:1d:a5:a4:91:bb:6c:b5:66:e2:d4:b9:d1:b6:
                    ef:d0:10:c6:19:b7:78:5f:fb:d5:48:0c:b9:04:2f:
                    a5:e6:e2:3f:2d:1a:4d:b3:ec:e1:25:d7:15:f7:02:
                    5f:63:44:51:c1:6c:dd:43:bb:bf:41:d8:61:02:c3:
                    e5:a1:17:f1:1a:97:5d:10:67:dc:26:de:be:a9:db:
                    56:15:31:db:cb:cd:a5:3e:c2:7c:36:80:fa:d8:d2:
                    12:ab:dd:e3:38:9b:7a:da:46:c7:f1:91:1e:a9:71:
                    0b:f5:ec:ba:f7:ef:31:d5:0b:79:e1:0c:78:e6:21:
                    ae:1a:2b:c4:a6:25:9a:7a:d4:b9:50:0f:36:4f:31:
                    bb:f3:e2:b4:e2:4d:26:22:72:db:7e:90:3f:d5:3e:
                    2e:de:30:29:ee:84:be:2a:0b:a4:92:a0:a4:c6:f0:
                    29:64:e7:43:91:c7:d1:c3:0c:b5:b9:fb:e3:c1:da:
                    e3:96:20:97:84:42:48:2d:63:88:10:a8:2b:76:39:
                    4a:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:C0:EF:11:99:BC:2A:A5:31:3A:7B:E3:C4:66:3A:51:7C:94:27:E9
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/55c37922-574e-45bc-b95c-45451ec0b4bd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cc:b4:6b:c3:d4:d3:5d:9a:c0:36:a2:8c:44:e6:50:7e:c2:04:
         dc:33:75:36:3b:e8:e2:ed:4e:df:f3:6f:50:f4:08:f6:8a:c8:
         fa:01:9a:43:08:7d:50:88:55:47:06:78:fc:8f:d2:a8:fc:f6:
         6a:cc:d9:c6:3d:6d:6d:3a:17:ca:2e:92:10:d1:57:d6:a2:d4:
         5f:a5:57:6e:ae:21:40:47:35:94:06:3e:90:df:65:aa:1b:fd:
         75:04:fb:45:c3:1d:ad:10:65:02:b0:ee:32:a9:2d:a1:b6:0e:
         9d:e0:e3:26:29:b6:cf:34:a5:1d:10:80:6c:da:f5:2f:d7:4f:
         ed:99:f1:26:11:3b:64:ce:01:bf:c0:f7:0f:b0:d9:d5:7c:88:
         1c:43:a9:4c:b4:91:a7:c3:58:4e:9c:5a:27:c0:94:f6:0d:e1:
         d4:4c:94:94:cf:5a:54:42:2d:e3:7e:3a:4c:6f:a2:8c:d7:28:
         e8:61:9d:bb:f2:30:3e:68:75:63:a2:01:eb:85:ad:b0:00:50:
         4b:6c:55:2c:2a:66:58:08:f2:c2:a8:1f:8d:7f:a3:83:50:11:
         d3:e6:5b:81:a7:3d:20:bb:50:ff:af:30:c1:37:4a:c0:54:56:
         0b:ca:29:df:ec:97:9b:7b:e1:82:39:35:05:b4:f5:23:dd:55:
         38:03:36:3b
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUfJhnNDKikDczICotaQpguOM56XYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjIwMDAwMDAwWhcNMjMwMjIzMjM1OTU5
WjCBpTFJMEcGA1UEBRNAYThkZmJhNTM3ZWViYzlkZjc3MGU1OTRjOTA1NzcwOTM0
MTU0MDI3YjJiOWRlNWMyY2Y5NWY3MjRmYWFjMjA2ZDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAK0bPDGLdtT38MS38eDaiCraWVWsXgD+05Y/9PW75eQYyt5WjIkr
CrA5urexTDd0DcUicxXLG2HDllhXHOgdpaSRu2y1ZuLUudG279AQxhm3eF/71UgM
uQQvpebiPy0aTbPs4SXXFfcCX2NEUcFs3UO7v0HYYQLD5aEX8RqXXRBn3Cbevqnb
VhUx28vNpT7CfDaA+tjSEqvd4zibetpGx/GRHqlxC/XsuvfvMdULeeEMeOYhrhor
xKYlmnrUuVAPNk8xu/PitOJNJiJy236QP9U+Lt4wKe6EvioLpJKgpMbwKWTnQ5HH
0cMMtbn748Ha45Ygl4RCSC1jiBCoK3Y5SpkCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBR+wO8RmbwqpTE6e+PEZjpRfJQn6TAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNTVjMzc5MjItNTc0ZS00NWJjLWI5NWMtNDU0NTFlYzBiNGJkLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAMy0a8PU012awDai
jETmUH7CBNwzdTY76OLtTt/zb1D0CPaKyPoBmkMIfVCIVUcGePyP0qj89mrM2cY9
bW06F8oukhDRV9ai1F+lV26uIUBHNZQGPpDfZaob/XUE+0XDHa0QZQKw7jKpLaG2
Dp3g4yYpts80pR0QgGza9S/XT+2Z8SYRO2TOAb/A9w+w2dV8iBxDqUy0kafDWE6c
WifAlPYN4dRMlJTPWlRCLeN+OkxvoozXKOhhnbvyMD5odWOiAeuFrbAAUEtsVSwq
ZlgI8sKoH41/o4NQEdPmW4GnPSC7UP+vMME3SsBUVgvKKd/sl5t74YI5NQW09SPd
VTgDNjs=
-----END CERTIFICATE-----