Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6baa12df-2368-4608-8255-83eda20bbfbd.roa
File:                     6baa12df-2368-4608-8255-83eda20bbfbd.roa (raw, json)
Hash identifier:          kiPJEsBLLBqv54YzvXK3qDBmMimQK9umKPYbuFtJNtM=
Subject key identifier:   7B:25:0A:31:0B:DA:1F:B8:EA:93:87:8C:04:A5:F5:DC:94:54:FB:73
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       4617FD2FA33D8558688E28F49CF144E079B4B3D3
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6baa12df-2368-4608-8255-83eda20bbfbd.roa
Signing time:             Thu 13 Apr 2023 00:00:00 +0000
ROA not before:           Thu 13 Apr 2023 00:00:00 +0000
ROA not after:            Sun 16 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:17:fd:2f:a3:3d:85:58:68:8e:28:f4:9c:f1:44:e0:79:b4:b3:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 13 00:00:00 2023 GMT
            Not After : Apr 16 23:59:59 2023 GMT
        Subject: serialNumber=4c6832289fad5f6b6d8f971c34b911e9c296e289ebc30d57e69958d7dbde0c18, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:59:66:c7:c1:0c:93:9f:39:c3:ad:59:96:65:
                    37:12:6f:01:0f:e4:8d:ae:50:6d:e1:dc:7a:c0:89:
                    7c:06:2f:6a:31:97:2f:98:3c:1d:4c:a5:ee:d3:b5:
                    db:48:e7:be:ed:b4:53:a2:5f:94:f8:38:3b:e5:89:
                    1b:cb:97:ab:ae:65:45:0f:87:d7:a5:30:c0:1c:23:
                    31:d8:07:d3:46:d4:60:ab:c2:8e:32:d1:f0:19:a7:
                    73:31:d1:b5:76:70:64:90:11:df:b9:5a:69:5d:95:
                    ee:de:f5:cd:ba:bd:4f:05:23:1b:7c:67:bc:4b:5f:
                    e1:ab:44:41:c7:8a:1a:35:a5:43:61:19:33:53:6f:
                    88:66:92:5a:2a:cd:b3:25:ca:0c:84:5d:95:0e:9d:
                    e8:18:3f:ad:5a:10:cc:c0:f9:04:e1:e7:d6:81:a1:
                    18:10:6b:0a:cd:d2:34:ad:78:ce:d5:75:de:97:dc:
                    84:99:64:f2:8d:b2:42:2a:bd:27:f8:76:32:61:f1:
                    49:bd:06:82:db:98:51:6f:55:b1:d4:cd:c4:9c:fe:
                    53:cb:05:c2:02:5a:bc:82:31:3c:6c:71:b2:5d:4c:
                    84:2e:62:34:38:96:b4:f1:38:65:4d:9c:28:39:60:
                    2b:d3:25:e3:20:52:33:0c:81:3a:62:fd:8a:0f:8c:
                    42:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:25:0A:31:0B:DA:1F:B8:EA:93:87:8C:04:A5:F5:DC:94:54:FB:73
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6baa12df-2368-4608-8255-83eda20bbfbd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:2c:ad:ae:7a:ed:42:f2:5f:1f:47:84:58:38:a9:f3:97:49:
         2d:e3:69:d9:2d:e0:aa:79:42:1f:33:f4:02:91:26:81:ab:8a:
         f9:7f:92:ee:3b:ce:9c:21:cc:6e:5e:a8:c7:b5:f5:36:7f:2a:
         2e:df:e5:14:52:de:6a:46:48:c7:8d:e5:f2:b8:68:48:7d:d0:
         4b:4e:6f:c8:f6:44:7e:8e:fc:02:b3:75:1e:b4:5e:7d:a0:ae:
         e9:d8:c8:43:54:d2:be:70:51:05:45:88:cd:f3:58:74:3f:7a:
         ef:aa:98:87:6c:d0:4a:ed:71:9d:17:7f:eb:d6:9a:1a:ee:85:
         8c:1f:0c:9e:fb:a6:41:26:9c:b9:44:70:a9:48:46:1c:56:76:
         db:df:db:17:d1:db:4d:4f:fd:87:78:4a:78:76:ab:6f:23:d9:
         c3:c6:fe:1a:27:58:6c:3a:d1:fd:6e:55:06:29:d8:de:b2:7a:
         d4:d4:cf:a0:eb:9c:72:e6:93:02:b9:97:84:8c:1d:7c:0a:45:
         7a:ed:06:d1:6a:a9:34:34:89:4f:1d:1e:dd:4a:64:47:38:1c:
         b7:f5:13:6a:71:7f:a8:04:95:77:f3:e2:c6:a4:cf:3d:b1:5f:
         48:28:ca:a9:06:ab:c5:b8:d8:bf:6c:1c:b9:09:be:a1:67:4c:
         08:d6:02:ae
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIURhf9L6M9hVhojij0nPFE4Hm0s9MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDEzMDAwMDAwWhcNMjMwNDE2MjM1OTU5
WjCBpTFJMEcGA1UEBRNANGM2ODMyMjg5ZmFkNWY2YjZkOGY5NzFjMzRiOTExZTlj
Mjk2ZTI4OWViYzMwZDU3ZTY5OTU4ZDdkYmRlMGMxODEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMVZZsfBDJOfOcOtWZZlNxJvAQ/kja5QbeHcesCJfAYvajGXL5g8
HUyl7tO120jnvu20U6JflPg4O+WJG8uXq65lRQ+H16UwwBwjMdgH00bUYKvCjjLR
8BmnczHRtXZwZJAR37laaV2V7t71zbq9TwUjG3xnvEtf4atEQceKGjWlQ2EZM1Nv
iGaSWirNsyXKDIRdlQ6d6Bg/rVoQzMD5BOHn1oGhGBBrCs3SNK14ztV13pfchJlk
8o2yQiq9J/h2MmHxSb0GgtuYUW9VsdTNxJz+U8sFwgJavIIxPGxxsl1MhC5iNDiW
tPE4ZU2cKDlgK9Ml4yBSMwyBOmL9ig+MQk0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBR7JQoxC9ofuOqTh4wEpfXclFT7czAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNmJhYTEyZGYtMjM2OC00NjA4LTgyNTUtODNlZGEyMGJiZmJkLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAE4sra567ULyXx9H
hFg4qfOXSS3jadkt4Kp5Qh8z9AKRJoGrivl/ku47zpwhzG5eqMe19TZ/Ki7f5RRS
3mpGSMeN5fK4aEh90EtOb8j2RH6O/AKzdR60Xn2grunYyENU0r5wUQVFiM3zWHQ/
eu+qmIds0ErtcZ0Xf+vWmhruhYwfDJ77pkEmnLlEcKlIRhxWdtvf2xfR201P/Yd4
Snh2q28j2cPG/honWGw60f1uVQYp2N6yetTUz6DrnHLmkwK5l4SMHXwKRXrtBtFq
qTQ0iU8dHt1KZEc4HLf1E2pxf6gElXfz4sakzz2xX0goyqkGq8W42L9sHLkJvqFn
TAjWAq4=
-----END CERTIFICATE-----