Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/5b021ff9-71b7-4820-a199-f5fdec5c8503.roa
File:                     5b021ff9-71b7-4820-a199-f5fdec5c8503.roa (raw, json)
Hash identifier:          D9lY8WqxO+wt/RC9I8Ig5JVnT9gKfkw2gUoljtE95wc=
Subject key identifier:   65:E7:80:B3:3B:F7:14:5A:A6:87:61:67:B1:37:73:53:0F:FA:E2:8B
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       0863B8B191C213C25A4633621F4AB66F53A654E4
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/5b021ff9-71b7-4820-a199-f5fdec5c8503.roa
Signing time:             Fri 17 Feb 2023 00:00:00 +0000
ROA not before:           Fri 17 Feb 2023 00:00:00 +0000
ROA not after:            Mon 20 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:63:b8:b1:91:c2:13:c2:5a:46:33:62:1f:4a:b6:6f:53:a6:54:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 17 00:00:00 2023 GMT
            Not After : Feb 20 23:59:59 2023 GMT
        Subject: serialNumber=c3106fd74bf02af6898ef13b1107f6324caad25af263bc30e28494e888312c29, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:77:e4:8b:4c:d4:df:60:a6:a8:09:e6:3d:78:
                    ef:fa:f1:3d:69:57:e0:c3:f2:0c:7e:c2:a8:6b:df:
                    8a:4c:5b:0b:3a:b3:38:87:92:5c:fb:e4:43:7b:62:
                    58:73:51:4a:72:f3:53:e0:ef:1a:cf:67:46:f0:12:
                    2d:17:1f:62:45:62:df:cf:c1:51:f4:5f:3c:7e:ab:
                    14:65:86:e6:b0:a1:ac:30:5d:ef:71:9d:9d:23:40:
                    f1:17:a7:5a:b9:37:87:50:28:c0:77:b6:d6:43:ff:
                    96:0d:d9:67:9c:95:9c:f5:7a:52:56:cb:11:ee:c9:
                    65:d4:bd:2e:a0:1c:8c:f3:a6:8c:f7:39:71:df:6d:
                    a6:42:63:21:be:94:39:27:28:6e:46:f6:4b:f7:78:
                    2a:5f:f4:90:e2:62:4b:d4:fc:fd:c2:b8:8e:69:33:
                    56:0c:12:c0:85:37:42:18:5b:18:f4:bf:55:7f:22:
                    70:50:7a:17:13:17:6c:a3:ee:55:62:06:fe:58:c7:
                    a0:aa:85:a3:86:67:ea:1d:4d:b4:ca:68:c5:c2:ad:
                    a4:9e:d7:93:0d:6f:bf:27:af:0a:a1:9d:21:9f:f1:
                    5b:3d:aa:c7:f5:f5:80:ec:ad:24:7c:a3:86:17:2f:
                    0d:ed:2f:93:37:2c:3e:f4:da:ff:f1:08:23:bf:5a:
                    23:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:E7:80:B3:3B:F7:14:5A:A6:87:61:67:B1:37:73:53:0F:FA:E2:8B
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/5b021ff9-71b7-4820-a199-f5fdec5c8503.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c3:87:ca:c8:b1:6c:1e:81:1b:aa:b8:d1:78:fe:a4:e7:58:c1:
         43:71:6e:43:f4:41:2c:9b:8c:f6:14:81:7b:5e:c2:31:16:08:
         78:c9:cc:db:20:66:a6:12:39:f7:a5:71:d9:1b:4e:7f:de:61:
         8a:bd:9f:5e:db:27:8a:50:57:de:83:88:fb:6e:d0:5f:5a:4f:
         62:9b:92:ac:34:86:68:eb:6b:3e:8b:3f:07:6b:72:88:5f:5a:
         32:8c:43:99:a7:74:e8:bf:93:4b:25:53:2d:4f:64:40:c0:c1:
         95:8e:25:9b:83:4f:59:94:48:ad:22:d0:30:7b:68:50:60:86:
         f2:cf:c6:bb:5e:fb:0a:28:67:38:02:9b:6f:5f:02:4c:8c:62:
         bf:01:76:34:be:23:3a:71:7d:fb:38:a3:24:cb:c2:31:45:c1:
         e0:66:d4:8c:57:9a:49:1e:57:b8:de:20:25:3b:75:cf:d5:fa:
         c7:78:cf:b2:95:cf:dc:ef:b9:2c:84:94:1d:b2:45:a3:fe:82:
         ae:57:e9:1f:55:54:3e:2b:75:6b:2e:a0:de:b0:e5:a5:bc:ca:
         8a:3a:3f:26:b2:9a:70:2f:0b:5b:76:ee:44:6f:a0:ec:24:8a:
         15:c6:34:f5:19:e5:ee:5f:e5:e4:0a:61:a9:cd:20:f8:2a:71:
         ff:08:d2:8e
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUCGO4sZHCE8JaRjNiH0q2b1OmVOQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjE3MDAwMDAwWhcNMjMwMjIwMjM1OTU5
WjCBpTFJMEcGA1UEBRNAYzMxMDZmZDc0YmYwMmFmNjg5OGVmMTNiMTEwN2Y2MzI0
Y2FhZDI1YWYyNjNiYzMwZTI4NDk0ZTg4ODMxMmMyOTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAPV35ItM1N9gpqgJ5j147/rxPWlX4MPyDH7CqGvfikxbCzqzOIeS
XPvkQ3tiWHNRSnLzU+DvGs9nRvASLRcfYkVi38/BUfRfPH6rFGWG5rChrDBd73Gd
nSNA8RenWrk3h1AowHe21kP/lg3ZZ5yVnPV6UlbLEe7JZdS9LqAcjPOmjPc5cd9t
pkJjIb6UOScobkb2S/d4Kl/0kOJiS9T8/cK4jmkzVgwSwIU3QhhbGPS/VX8icFB6
FxMXbKPuVWIG/ljHoKqFo4Zn6h1NtMpoxcKtpJ7Xkw1vvyevCqGdIZ/xWz2qx/X1
gOytJHyjhhcvDe0vkzcsPvTa//EII79aIycCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRl54CzO/cUWqaHYWexN3NTD/riizAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNWIwMjFmZjktNzFiNy00ODIwLWExOTktZjVmZGVjNWM4NTAzLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAMOHysixbB6BG6q4
0Xj+pOdYwUNxbkP0QSybjPYUgXtewjEWCHjJzNsgZqYSOfelcdkbTn/eYYq9n17b
J4pQV96DiPtu0F9aT2Kbkqw0hmjraz6LPwdrcohfWjKMQ5mndOi/k0slUy1PZEDA
wZWOJZuDT1mUSK0i0DB7aFBghvLPxrte+wooZzgCm29fAkyMYr8BdjS+Izpxffs4
oyTLwjFFweBm1IxXmkkeV7jeICU7dc/V+sd4z7KVz9zvuSyElB2yRaP+gq5X6R9V
VD4rdWsuoN6w5aW8yoo6PyaymnAvC1t27kRvoOwkihXGNPUZ5e5f5eQKYanNIPgq
cf8I0o4=
-----END CERTIFICATE-----