Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/5adb6f98-5567-4c04-a64f-4d0f72149892.roa
File:                     5adb6f98-5567-4c04-a64f-4d0f72149892.roa (raw, json)
Hash identifier:          G3pa3MzBfqQ7cZ3jZx8LCa/loNNE1ERrealvsPm1HP4=
Subject key identifier:   9F:01:7C:3F:D9:69:19:8A:8A:B4:79:D7:45:ED:18:B9:24:6B:1A:71
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       4C5EB08E525AD2591B8066F2423C68F948A8AE3D
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/5adb6f98-5567-4c04-a64f-4d0f72149892.roa
Signing time:             Wed 15 Mar 2023 00:00:00 +0000
ROA not before:           Wed 15 Mar 2023 00:00:00 +0000
ROA not after:            Sat 18 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:5e:b0:8e:52:5a:d2:59:1b:80:66:f2:42:3c:68:f9:48:a8:ae:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 15 00:00:00 2023 GMT
            Not After : Mar 18 23:59:59 2023 GMT
        Subject: serialNumber=be090636628692253ccdd58303d2820cdc685fbd9defff0307786fe14a8e838c, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:3e:c6:cc:b3:e6:1d:96:f2:35:ca:f4:ff:56:
                    4a:4b:50:6a:73:a3:1b:6d:f2:30:79:ef:44:9b:86:
                    b8:82:19:eb:c1:c3:46:46:cd:4d:24:16:44:64:92:
                    04:01:91:7e:30:bd:71:60:82:02:59:f1:c1:d9:f5:
                    12:34:34:03:5b:f0:c9:16:40:02:08:95:d8:16:00:
                    b7:71:47:d4:63:c3:c8:46:86:af:23:78:9f:72:5c:
                    11:5b:3e:50:33:a1:bd:52:51:89:a9:0a:b3:50:78:
                    7b:1e:bc:92:7c:ed:51:9e:01:8d:cf:b8:c6:43:42:
                    42:46:4a:63:5a:45:1e:be:b5:34:08:24:09:96:6d:
                    94:eb:fe:db:43:e0:f5:12:a9:b8:a5:de:f9:a9:31:
                    bf:d1:87:cc:b0:8f:38:6e:bc:e2:21:f9:0f:6c:d2:
                    62:7c:0f:af:b8:4c:34:f8:61:bd:ad:be:84:d9:7c:
                    44:47:12:f5:a4:33:0f:c3:7f:62:0e:20:d9:5c:f4:
                    ec:61:00:2e:85:eb:a1:2c:25:6c:3b:b5:a5:d6:c7:
                    2e:06:b5:7a:f7:b8:c5:a7:d7:32:a4:09:49:c5:d1:
                    a0:1b:4c:ea:d6:dc:0c:6b:ba:94:61:f0:ee:e7:df:
                    2f:07:da:18:69:09:03:50:9f:1b:ad:ba:f1:31:07:
                    d4:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:01:7C:3F:D9:69:19:8A:8A:B4:79:D7:45:ED:18:B9:24:6B:1A:71
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/5adb6f98-5567-4c04-a64f-4d0f72149892.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:eb:e7:6a:70:02:a1:39:5a:79:31:bd:9a:77:d0:5a:3a:99:
         a4:53:d4:f1:e9:85:4f:ae:bd:13:b5:54:3e:00:7d:d7:16:42:
         bc:27:87:76:91:ae:b5:b9:54:1e:f9:c4:55:1c:d8:0e:03:7b:
         29:8f:29:16:7d:24:5a:b5:bf:8e:19:cf:22:ff:f7:b1:7f:a9:
         62:20:ce:1d:34:1f:6e:32:a7:a9:df:7e:cf:8e:99:e3:d6:67:
         35:a7:a3:95:1e:eb:5c:31:03:d1:46:6c:88:84:d9:43:59:ce:
         4b:c1:b2:d5:5b:a7:79:3c:b5:c4:df:4b:77:06:ce:09:e2:01:
         fb:e9:2d:1c:09:92:35:9c:70:eb:18:a4:84:de:3a:1b:b8:07:
         4c:dc:74:81:74:cf:61:32:e4:df:e1:e1:b9:10:57:3e:49:36:
         da:5b:d3:98:fd:31:96:dd:0e:05:23:cd:13:74:97:e4:ee:77:
         24:f9:76:3b:65:90:d4:ae:bf:ef:31:3b:2f:e9:b5:fe:d0:cf:
         34:57:5e:5d:94:9a:91:f3:da:ac:52:42:b7:53:00:68:db:c9:
         98:a7:cd:f0:3c:66:1f:15:b6:50:e4:fa:ee:5e:29:2b:5a:07:
         da:e2:31:9f:ec:52:ce:d4:eb:9b:eb:0c:5e:50:3b:f9:ad:d8:
         56:65:10:03
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUTF6wjlJa0lkbgGbyQjxo+Uiorj0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzE1MDAwMDAwWhcNMjMwMzE4MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYmUwOTA2MzY2Mjg2OTIyNTNjY2RkNTgzMDNkMjgyMGNk
YzY4NWZiZDlkZWZmZjAzMDc3ODZmZTE0YThlODM4YzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJs+xsyz5h2W8jXK9P9WSktQanOjG23yMHnvRJuGuIIZ68HDRkbN
TSQWRGSSBAGRfjC9cWCCAlnxwdn1EjQ0A1vwyRZAAgiV2BYAt3FH1GPDyEaGryN4
n3JcEVs+UDOhvVJRiakKs1B4ex68knztUZ4Bjc+4xkNCQkZKY1pFHr61NAgkCZZt
lOv+20Pg9RKpuKXe+akxv9GHzLCPOG684iH5D2zSYnwPr7hMNPhhva2+hNl8REcS
9aQzD8N/Yg4g2Vz07GEALoXroSwlbDu1pdbHLga1eve4xafXMqQJScXRoBtM6tbc
DGu6lGHw7uffLwfaGGkJA1CfG6268TEH1McCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSfAXw/2WkZioq0eddF7Ri5JGsacTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNWFkYjZmOTgtNTU2Ny00YzA0LWE2NGYtNGQwZjcyMTQ5ODkyLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHHr52pwAqE5Wnkx
vZp30Fo6maRT1PHphU+uvRO1VD4AfdcWQrwnh3aRrrW5VB75xFUc2A4DeymPKRZ9
JFq1v44ZzyL/97F/qWIgzh00H24yp6nffs+OmePWZzWno5Ue61wxA9FGbIiE2UNZ
zkvBstVbp3k8tcTfS3cGzgniAfvpLRwJkjWccOsYpITeOhu4B0zcdIF0z2Ey5N/h
4bkQVz5JNtpb05j9MZbdDgUjzRN0l+TudyT5djtlkNSuv+8xOy/ptf7QzzRXXl2U
mpHz2qxSQrdTAGjbyZinzfA8Zh8VtlDk+u5eKStaB9riMZ/sUs7U65vrDF5QO/mt
2FZlEAM=
-----END CERTIFICATE-----