Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/5655dec9-9215-470f-a514-47515a9c3920.roa
File:                     5655dec9-9215-470f-a514-47515a9c3920.roa (raw, json)
Hash identifier:          2RJNErjDb/93oC8L4OOhygu1EtWqSR9nK43MGWB8mBI=
Subject key identifier:   CA:0B:64:42:30:2C:39:0B:49:88:D7:B2:0B:AF:3C:F2:13:33:05:24
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       1AC0278CD8D3746C7662806504F84C8450C39BE1
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/5655dec9-9215-470f-a514-47515a9c3920.roa
Signing time:             Fri 27 Jan 2023 00:00:00 +0000
ROA not before:           Fri 27 Jan 2023 00:00:00 +0000
ROA not after:            Mon 30 Jan 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:c0:27:8c:d8:d3:74:6c:76:62:80:65:04:f8:4c:84:50:c3:9b:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jan 27 00:00:00 2023 GMT
            Not After : Jan 30 23:59:59 2023 GMT
        Subject: serialNumber=fe08208c68d674356660d806558af886b8a8db7d47f7214ac871df553a64e7eb, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:8b:fb:f5:23:ab:f0:e3:6b:1a:4b:59:71:b6:
                    d1:d4:f4:3d:d2:62:67:87:4a:fc:30:ae:c3:6e:78:
                    37:13:ce:89:a5:97:b6:c5:5c:66:e8:40:3a:05:8e:
                    f9:fa:ac:60:95:42:26:be:58:c0:b5:60:5c:a5:a0:
                    d3:65:b2:24:6c:52:38:cb:be:94:01:2b:71:be:6b:
                    9f:22:62:75:86:ba:90:d7:85:cd:a9:58:a9:78:10:
                    c8:1e:93:97:16:45:69:07:ab:26:f3:ce:38:84:67:
                    35:ed:75:03:4c:71:63:d3:38:8a:48:1c:0d:f1:0b:
                    79:ab:94:9d:9b:0e:64:a5:e1:d1:ae:ef:25:c9:9b:
                    a9:c7:e4:66:0a:1c:c3:f7:da:cd:3f:d5:28:7a:15:
                    e6:a6:cc:c0:20:90:a9:df:d9:d3:28:16:59:be:f6:
                    be:cb:c7:21:2f:51:3d:39:00:5a:14:28:ce:ad:96:
                    bf:b6:7b:53:99:e8:cc:d3:ad:31:4c:fb:da:a6:34:
                    63:bb:07:7d:86:70:d6:8e:14:4b:99:bb:e4:94:1e:
                    21:c2:b5:88:f3:7a:99:29:7f:6f:e1:0d:01:bd:58:
                    c5:4f:ed:dc:f9:01:c0:cc:b0:f6:b7:3d:19:2a:52:
                    35:3b:70:5c:19:eb:ae:dd:db:96:ea:10:f4:42:27:
                    46:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:0B:64:42:30:2C:39:0B:49:88:D7:B2:0B:AF:3C:F2:13:33:05:24
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/5655dec9-9215-470f-a514-47515a9c3920.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:be:b5:90:41:e5:cb:c7:a9:16:70:04:6b:b5:92:d0:1a:f2:
         b4:91:8e:2b:34:5a:eb:71:ff:a5:de:77:9d:cf:a9:19:08:ed:
         16:ca:e0:54:b5:73:2c:6c:3e:59:6c:b9:ba:7e:47:13:fb:7b:
         a1:67:00:d8:d6:52:a4:86:31:de:13:20:c4:bf:d0:fd:17:1c:
         eb:0b:18:61:2e:68:55:74:58:ce:b9:7a:b8:79:76:d8:3e:3c:
         fb:78:f7:8d:7f:26:2b:0f:68:25:6d:bf:0e:bb:c2:ab:c9:85:
         ce:58:81:3d:17:0a:1e:ea:23:dd:6a:cf:aa:ac:68:5b:ae:9b:
         82:2b:83:a6:06:89:e5:a7:4d:20:d7:b2:6f:77:26:a1:d7:a3:
         3d:7f:c5:b5:0c:e9:6f:c2:11:4f:6f:a2:11:ef:b7:2d:ed:f7:
         f6:56:2f:66:b4:67:43:5e:ad:96:c8:58:b1:cc:4f:de:82:6a:
         37:f7:bd:4c:34:c5:c2:9a:26:4a:76:cd:0e:a1:28:71:f7:eb:
         fd:36:77:7f:81:94:2c:8f:a8:84:ab:1e:ea:61:88:55:94:a1:
         86:56:44:24:bf:87:94:35:9f:06:70:d8:ac:37:31:07:be:6a:
         61:6e:e2:bd:e3:7a:8a:e3:b0:ae:6c:2c:eb:ca:5f:19:0a:2c:
         f2:87:4b:36
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUGsAnjNjTdGx2YoBlBPhMhFDDm+EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMTI3MDAwMDAwWhcNMjMwMTMwMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZmUwODIwOGM2OGQ2NzQzNTY2NjBkODA2NTU4YWY4ODZi
OGE4ZGI3ZDQ3ZjcyMTRhYzg3MWRmNTUzYTY0ZTdlYjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAK2L+/Ujq/DjaxpLWXG20dT0PdJiZ4dK/DCuw254NxPOiaWXtsVc
ZuhAOgWO+fqsYJVCJr5YwLVgXKWg02WyJGxSOMu+lAErcb5rnyJidYa6kNeFzalY
qXgQyB6TlxZFaQerJvPOOIRnNe11A0xxY9M4ikgcDfELeauUnZsOZKXh0a7vJcmb
qcfkZgocw/fazT/VKHoV5qbMwCCQqd/Z0ygWWb72vsvHIS9RPTkAWhQozq2Wv7Z7
U5nozNOtMUz72qY0Y7sHfYZw1o4US5m75JQeIcK1iPN6mSl/b+ENAb1YxU/t3PkB
wMyw9rc9GSpSNTtwXBnrrt3bluoQ9EInRrkCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTKC2RCMCw5C0mI17ILrzzyEzMFJDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNTY1NWRlYzktOTIxNS00NzBmLWE1MTQtNDc1MTVhOWMzOTIwLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAK++tZBB5cvHqRZw
BGu1ktAa8rSRjis0Wutx/6Xed53PqRkI7RbK4FS1cyxsPllsubp+RxP7e6FnANjW
UqSGMd4TIMS/0P0XHOsLGGEuaFV0WM65erh5dtg+PPt4941/JisPaCVtvw67wqvJ
hc5YgT0XCh7qI91qz6qsaFuum4Irg6YGieWnTSDXsm93JqHXoz1/xbUM6W/CEU9v
ohHvty3t9/ZWL2a0Z0NerZbIWLHMT96Cajf3vUw0xcKaJkp2zQ6hKHH36/02d3+B
lCyPqISrHuphiFWUoYZWRCS/h5Q1nwZw2Kw3MQe+amFu4r3jeorjsK5sLOvKXxkK
LPKHSzY=
-----END CERTIFICATE-----