Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/5e758c63-7caf-4b63-8c17-38336ac84fba.roa
File:                     5e758c63-7caf-4b63-8c17-38336ac84fba.roa (raw, json)
Hash identifier:          d/rsRP1KAc702Zb6oz03EXAa6Ho5Ehk606xkH+klOG4=
Subject key identifier:   48:23:41:B7:73:E8:70:19:50:B9:BE:2B:D9:BE:30:28:7F:CF:0D:FE
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       326451AA4FB22A30C244485AAA4833D77F4637BE
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/5e758c63-7caf-4b63-8c17-38336ac84fba.roa
Signing time:             Sun 12 Feb 2023 00:00:00 +0000
ROA not before:           Sun 12 Feb 2023 00:00:00 +0000
ROA not after:            Wed 15 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:64:51:aa:4f:b2:2a:30:c2:44:48:5a:aa:48:33:d7:7f:46:37:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 12 00:00:00 2023 GMT
            Not After : Feb 15 23:59:59 2023 GMT
        Subject: serialNumber=97779287bb59a5aacd9e40f3238b9803cffc4b20b016d9b72c7df665f778393d, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:89:fd:44:dd:50:06:20:8f:d7:db:22:c3:05:
                    18:e4:55:65:7c:5e:94:e6:a7:f5:c4:84:4d:85:49:
                    76:cf:dc:84:24:0d:a1:f4:1d:b0:70:de:e0:18:c6:
                    5f:e6:42:b0:5b:cc:47:54:ad:05:c4:8c:cf:d4:fd:
                    39:bf:4a:07:61:1b:b9:d2:0d:45:dc:97:90:a4:19:
                    f8:ab:4d:24:94:8c:66:f3:7f:a2:7a:b6:8e:e7:61:
                    3a:2a:ef:f1:e7:92:27:73:38:fc:e7:63:54:e7:49:
                    1c:0f:91:1f:7c:c4:d4:cb:6b:c4:6c:5c:75:59:b9:
                    bd:18:e5:11:a7:6a:06:3b:13:61:71:82:43:41:a7:
                    48:74:1e:e8:44:92:bd:a6:0a:41:25:50:5b:a1:17:
                    87:9c:2a:7d:0c:e7:55:40:e9:d9:e2:68:46:de:31:
                    b8:e8:42:d1:1e:42:10:25:1f:e3:cd:8d:6c:cd:9b:
                    3a:75:10:e0:a6:28:68:dd:dd:dc:6a:40:c8:82:ec:
                    b1:89:f6:2d:e2:d8:20:69:89:34:d3:67:53:b6:d9:
                    b5:12:e6:23:9f:12:63:9c:44:e5:fb:aa:6e:a8:0c:
                    66:95:36:ce:8e:e7:68:24:57:e1:0c:3e:f0:0c:de:
                    eb:b8:bd:59:b0:60:59:1b:15:33:97:56:18:d9:19:
                    87:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:23:41:B7:73:E8:70:19:50:B9:BE:2B:D9:BE:30:28:7F:CF:0D:FE
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/5e758c63-7caf-4b63-8c17-38336ac84fba.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:df:b6:48:a8:53:4c:fb:12:36:2e:23:36:25:11:28:1f:41:
         1e:6f:fc:ed:3c:43:1f:6d:6c:73:99:07:c0:cf:d7:43:33:94:
         96:78:ad:a8:fc:89:96:5d:c6:9a:20:7f:71:fb:b2:e2:f1:ba:
         66:38:59:1a:ab:c8:a3:cc:33:e4:e9:ca:f5:7c:f0:3f:00:38:
         29:0e:53:b3:d2:54:dd:81:36:6e:93:55:92:6c:01:22:d4:df:
         e9:48:62:e6:a1:c8:cd:a2:52:e7:ee:45:5a:12:df:ca:58:ba:
         b4:6c:d9:f9:ff:53:02:14:61:b0:f8:dd:38:1b:70:28:45:f8:
         0d:af:d6:ae:3a:d6:0c:aa:7c:6c:6f:a1:8f:8e:0c:58:09:95:
         c0:e6:32:c3:5a:a6:1c:16:89:48:00:11:7f:33:81:39:89:b0:
         36:01:d0:4e:da:d9:f9:21:87:9b:4a:30:da:9c:a1:3c:d7:dc:
         df:26:72:c8:5c:e8:c5:14:35:de:cb:83:cd:94:ec:0b:5a:82:
         18:21:11:d8:c2:b7:9a:d4:32:e4:4c:d2:29:22:b4:9b:4d:15:
         6d:f8:e3:77:6f:a2:35:cc:fa:2e:4a:83:c0:dc:47:e7:ae:68:
         2b:57:b5:ac:69:8a:27:48:8f:5a:37:ca:9b:ac:ad:4c:ca:55:
         83:9f:c9:24
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUMmRRqk+yKjDCREhaqkgz139GN74wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjEyMDAwMDAwWhcNMjMwMjE1MjM1OTU5
WjCBpTFJMEcGA1UEBRNAOTc3NzkyODdiYjU5YTVhYWNkOWU0MGYzMjM4Yjk4MDNj
ZmZjNGIyMGIwMTZkOWI3MmM3ZGY2NjVmNzc4MzkzZDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKSJ/UTdUAYgj9fbIsMFGORVZXxelOan9cSETYVJds/chCQNofQd
sHDe4BjGX+ZCsFvMR1StBcSMz9T9Ob9KB2EbudINRdyXkKQZ+KtNJJSMZvN/onq2
judhOirv8eeSJ3M4/OdjVOdJHA+RH3zE1MtrxGxcdVm5vRjlEadqBjsTYXGCQ0Gn
SHQe6ESSvaYKQSVQW6EXh5wqfQznVUDp2eJoRt4xuOhC0R5CECUf482NbM2bOnUQ
4KYoaN3d3GpAyILssYn2LeLYIGmJNNNnU7bZtRLmI58SY5xE5fuqbqgMZpU2zo7n
aCRX4Qw+8Aze67i9WbBgWRsVM5dWGNkZh8cCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRII0G3c+hwGVC5vivZvjAof88N/jAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNWU3NThjNjMtN2NhZi00YjYzLThjMTctMzgzMzZhYzg0ZmJhLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACbftkioU0z7EjYu
IzYlESgfQR5v/O08Qx9tbHOZB8DP10MzlJZ4raj8iZZdxpogf3H7suLxumY4WRqr
yKPMM+TpyvV88D8AOCkOU7PSVN2BNm6TVZJsASLU3+lIYuahyM2iUufuRVoS38pY
urRs2fn/UwIUYbD43TgbcChF+A2v1q461gyqfGxvoY+ODFgJlcDmMsNaphwWiUgA
EX8zgTmJsDYB0E7a2fkhh5tKMNqcoTzX3N8mcshc6MUUNd7Lg82U7AtaghghEdjC
t5rUMuRM0ikitJtNFW3443dvojXM+i5Kg8DcR+euaCtXtaxpiidIj1o3ypusrUzK
VYOfySQ=
-----END CERTIFICATE-----