Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/69634410-3dce-47b7-872c-6d28f0285c57.roa
File:                     69634410-3dce-47b7-872c-6d28f0285c57.roa (raw, json)
Hash identifier:          U3IErK5rom7x0dzI+Z9rQHZiSqwN1AVnvWPosq4wORA=
Subject key identifier:   D2:20:A7:CF:F5:8B:22:64:9F:E7:16:A4:7B:3D:7B:33:7E:E5:8D:BE
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       06CD259E1AB41E24EF00CB35477BE5773BF29588
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/69634410-3dce-47b7-872c-6d28f0285c57.roa
Signing time:             Sun 05 Mar 2023 00:00:00 +0000
ROA not before:           Sun 05 Mar 2023 00:00:00 +0000
ROA not after:            Wed 08 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:cd:25:9e:1a:b4:1e:24:ef:00:cb:35:47:7b:e5:77:3b:f2:95:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar  5 00:00:00 2023 GMT
            Not After : Mar  8 23:59:59 2023 GMT
        Subject: serialNumber=1189e91c49aa63a4fa2bf72ca580a60305005416784eab22ca3c4593560cdbc2, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:28:c3:a9:28:43:c6:a5:58:76:18:3a:60:88:
                    d2:66:99:c7:97:75:02:36:de:00:50:54:76:1c:10:
                    a5:ed:fc:4c:67:da:28:53:54:19:db:6d:89:41:13:
                    c2:c0:0c:00:97:a6:21:2f:8d:6b:5e:35:57:56:92:
                    23:28:da:01:cd:bb:4b:e6:a4:ba:2f:7a:66:ee:b9:
                    ed:96:2e:51:7a:b2:01:22:f0:3c:1b:df:35:58:ed:
                    07:5e:05:0e:b2:5e:fe:31:5e:7d:a1:00:a0:a8:55:
                    66:78:41:a5:ec:db:b4:72:60:01:ae:38:0e:bd:20:
                    f4:a6:20:0c:7c:7b:60:e3:ed:d1:ad:10:7e:66:91:
                    94:a3:70:6b:1c:f4:6d:d6:8c:13:15:c1:de:b3:c6:
                    14:0d:77:db:fe:39:1b:2d:4b:5e:75:f5:02:b7:cd:
                    f2:fa:01:34:eb:fb:c0:0f:70:f1:2c:09:a9:79:7f:
                    2d:82:8a:3b:a3:68:5b:df:cd:c2:68:3b:4a:3e:83:
                    d0:a1:73:b3:ff:a8:a6:61:bb:52:93:29:db:80:7d:
                    c4:31:79:e6:59:54:20:c0:24:c0:dc:60:8a:5b:a7:
                    08:8e:37:91:7f:6c:66:a2:65:c9:7a:5b:52:75:ed:
                    17:d4:e3:bd:4d:04:48:45:59:4c:7d:01:f9:f5:77:
                    2f:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:20:A7:CF:F5:8B:22:64:9F:E7:16:A4:7B:3D:7B:33:7E:E5:8D:BE
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/69634410-3dce-47b7-872c-6d28f0285c57.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:74:3f:3f:4a:8b:aa:1b:9d:2d:34:10:c4:85:9a:29:d5:f4:
         f5:ff:ef:5c:3b:97:ee:03:e0:b3:2d:66:b4:7f:9e:29:a3:21:
         53:40:10:f4:06:4d:7b:2b:e9:ea:07:fd:82:2a:9b:0d:12:53:
         65:33:f1:2b:5e:0b:22:61:de:d5:00:42:34:54:cd:47:41:54:
         4c:a9:d9:0c:7d:c2:0d:d7:5a:9c:c5:2d:92:af:e5:ca:2c:d8:
         5a:cc:89:e4:7b:a8:1d:b6:20:93:05:73:be:25:7c:85:1c:72:
         f7:2b:9c:c8:47:29:c6:54:22:88:df:85:69:58:2b:a7:2e:71:
         83:e6:4e:c4:87:b2:6d:c7:80:a2:2e:0b:02:bf:dc:1b:67:d1:
         e4:15:94:fc:55:9c:4d:0f:da:33:c8:af:67:57:09:73:db:5c:
         2e:42:c5:ec:3d:db:54:e4:d0:6f:53:ed:c5:09:4b:3e:02:e6:
         98:d1:39:c3:4e:5a:6e:a3:21:f0:33:1d:4c:79:33:20:7e:7c:
         a5:3e:a8:1d:e8:ac:58:b1:38:17:18:78:2e:1a:fd:67:93:02:
         16:76:6e:59:9e:ae:e8:e1:53:3a:c4:fe:16:73:f4:ff:5d:77:
         30:fe:8c:e9:f1:e2:31:5e:8d:6b:c6:23:75:ad:c1:3e:29:a0:
         61:ef:ca:61
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUBs0lnhq0HiTvAMs1R3vldzvylYgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzA1MDAwMDAwWhcNMjMwMzA4MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMTE4OWU5MWM0OWFhNjNhNGZhMmJmNzJjYTU4MGE2MDMw
NTAwNTQxNjc4NGVhYjIyY2EzYzQ1OTM1NjBjZGJjMjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALQow6koQ8alWHYYOmCI0maZx5d1AjbeAFBUdhwQpe38TGfaKFNU
GdttiUETwsAMAJemIS+Na141V1aSIyjaAc27S+akui96Zu657ZYuUXqyASLwPBvf
NVjtB14FDrJe/jFefaEAoKhVZnhBpezbtHJgAa44Dr0g9KYgDHx7YOPt0a0QfmaR
lKNwaxz0bdaMExXB3rPGFA132/45Gy1LXnX1ArfN8voBNOv7wA9w8SwJqXl/LYKK
O6NoW9/Nwmg7Sj6D0KFzs/+opmG7UpMp24B9xDF55llUIMAkwNxgilunCI43kX9s
ZqJlyXpbUnXtF9TjvU0ESEVZTH0B+fV3L30CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTSIKfP9YsiZJ/nFqR7PXszfuWNvjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNjk2MzQ0MTAtM2RjZS00N2I3LTg3MmMtNmQyOGYwMjg1YzU3LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAA50Pz9Ki6obnS00
EMSFminV9PX/71w7l+4D4LMtZrR/nimjIVNAEPQGTXsr6eoH/YIqmw0SU2Uz8Ste
CyJh3tUAQjRUzUdBVEyp2Qx9wg3XWpzFLZKv5cos2FrMieR7qB22IJMFc74lfIUc
cvcrnMhHKcZUIojfhWlYK6cucYPmTsSHsm3HgKIuCwK/3Btn0eQVlPxVnE0P2jPI
r2dXCXPbXC5Cxew921Tk0G9T7cUJSz4C5pjROcNOWm6jIfAzHUx5MyB+fKU+qB3o
rFixOBcYeC4a/WeTAhZ2blmerujhUzrE/hZz9P9ddzD+jOnx4jFejWvGI3WtwT4p
oGHvymE=
-----END CERTIFICATE-----