Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6f788779-6509-4107-8315-6eda66dcaa13.roa
File:                     6f788779-6509-4107-8315-6eda66dcaa13.roa (raw, json)
Hash identifier:          0G2OnxzbA1uB3WQr7Ong6bfx/CQV0pVa05TQUvBhXy4=
Subject key identifier:   0C:81:32:BB:83:33:4B:DB:23:66:DA:CD:D9:5E:47:8B:F9:25:69:31
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       7E8299AF9880FDE7D295F38318D565D2512739BC
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6f788779-6509-4107-8315-6eda66dcaa13.roa
Signing time:             Thu 18 May 2023 00:00:00 +0000
ROA not before:           Thu 18 May 2023 00:00:00 +0000
ROA not after:            Sun 21 May 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:82:99:af:98:80:fd:e7:d2:95:f3:83:18:d5:65:d2:51:27:39:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: May 18 00:00:00 2023 GMT
            Not After : May 21 23:59:59 2023 GMT
        Subject: serialNumber=17ca6ed538f871d6d2961ec78fcdf3c15a5e44656a78aab93e7ba3746edacea4, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:12:13:fb:b8:a4:45:b6:49:00:33:1c:e4:bc:
                    11:1b:1d:01:77:4a:5c:fe:e4:49:86:81:b3:41:a0:
                    02:6a:ef:e0:0b:1b:37:a9:12:8a:2f:4e:91:07:da:
                    f1:54:7c:8b:7f:19:a7:d9:06:e6:b3:21:8b:16:cc:
                    8d:99:e7:87:d8:38:f7:bd:3c:1b:9a:b5:cc:93:cf:
                    3b:44:19:9a:c1:c9:dc:57:22:b3:98:4f:76:7b:f0:
                    69:d1:1c:ce:b4:68:50:19:f8:46:27:8e:81:87:11:
                    05:43:d0:d3:19:ce:cc:46:ce:c3:b9:ae:25:80:1f:
                    26:b1:88:ae:22:c7:95:9f:d4:48:e5:98:f4:1d:75:
                    91:84:52:5b:c6:42:72:b7:30:42:53:6c:5f:83:f6:
                    0d:77:f2:6e:c4:46:82:79:d8:ee:ef:45:b0:1c:d8:
                    a1:cf:51:9b:38:0d:10:a3:35:47:90:87:e9:35:2a:
                    98:e4:aa:75:24:5b:8f:52:4c:92:19:4d:fc:b7:26:
                    43:1c:a5:be:45:a0:20:33:f4:d7:b4:bc:51:1e:a9:
                    b3:2d:dd:e1:e4:24:9e:8f:92:b6:07:85:86:6d:05:
                    09:9e:1e:0b:3c:d8:98:58:33:86:9d:6d:66:fa:fb:
                    36:f1:6c:f3:98:94:4c:28:62:bf:94:ec:af:8e:94:
                    9a:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:81:32:BB:83:33:4B:DB:23:66:DA:CD:D9:5E:47:8B:F9:25:69:31
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/6f788779-6509-4107-8315-6eda66dcaa13.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cb:63:56:56:ba:11:1d:67:62:03:1c:92:d5:d2:a4:98:a2:61:
         47:2c:8c:26:ea:c5:39:0a:9a:00:81:88:49:8b:cd:df:68:35:
         fd:9e:6c:ae:14:66:f6:e0:29:5a:c5:8d:ec:d6:b2:09:52:c8:
         22:20:d8:48:38:df:fd:ee:76:b8:c9:e0:69:1c:c2:4c:37:5d:
         38:6b:a9:96:7b:65:c1:7d:3e:04:60:7c:cb:c5:17:c7:ec:86:
         fa:6a:1a:62:03:2b:55:a4:2d:db:61:d7:a5:69:1c:04:85:84:
         c5:86:e6:46:40:e5:61:a1:56:a7:41:f6:12:27:61:d7:d2:d6:
         6f:70:8b:41:eb:36:15:a6:70:9f:05:d0:9a:a1:18:62:0c:ec:
         61:3d:dd:2e:85:bc:ce:81:9f:bb:05:4a:a9:7f:95:bf:73:e5:
         aa:c2:e7:1e:ee:04:87:b2:03:9a:8d:6d:9b:1b:7a:2f:b6:b3:
         20:3f:d9:c7:de:56:b8:5d:69:33:c8:c8:f3:28:43:b6:64:10:
         5c:a3:e9:45:de:a9:f6:9a:ac:7a:b1:2d:ec:38:41:7e:ec:de:
         09:80:6c:a7:5d:a5:e7:1a:38:90:76:ef:8e:cf:93:fc:03:08:
         e7:5d:4d:f0:fa:54:52:31:f7:07:91:96:96:3a:a2:8b:c1:71:
         92:ef:87:e4
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUfoKZr5iA/efSlfODGNVl0lEnObwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNTE4MDAwMDAwWhcNMjMwNTIxMjM1OTU5
WjCBpTFJMEcGA1UEBRNAMTdjYTZlZDUzOGY4NzFkNmQyOTYxZWM3OGZjZGYzYzE1
YTVlNDQ2NTZhNzhhYWI5M2U3YmEzNzQ2ZWRhY2VhNDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKwSE/u4pEW2SQAzHOS8ERsdAXdKXP7kSYaBs0GgAmrv4AsbN6kS
ii9OkQfa8VR8i38Zp9kG5rMhixbMjZnnh9g49708G5q1zJPPO0QZmsHJ3Fcis5hP
dnvwadEczrRoUBn4RieOgYcRBUPQ0xnOzEbOw7muJYAfJrGIriLHlZ/USOWY9B11
kYRSW8ZCcrcwQlNsX4P2DXfybsRGgnnY7u9FsBzYoc9RmzgNEKM1R5CH6TUqmOSq
dSRbj1JMkhlN/LcmQxylvkWgIDP017S8UR6psy3d4eQkno+StgeFhm0FCZ4eCzzY
mFgzhp1tZvr7NvFs85iUTChiv5Tsr46Uml0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQMgTK7gzNL2yNm2s3ZXkeL+SVpMTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNmY3ODg3NzktNjUwOS00MTA3LTgzMTUtNmVkYTY2ZGNhYTEzLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAMtjVla6ER1nYgMc
ktXSpJiiYUcsjCbqxTkKmgCBiEmLzd9oNf2ebK4UZvbgKVrFjezWsglSyCIg2Eg4
3/3udrjJ4Gkcwkw3XThrqZZ7ZcF9PgRgfMvFF8fshvpqGmIDK1WkLdth16VpHASF
hMWG5kZA5WGhVqdB9hInYdfS1m9wi0HrNhWmcJ8F0JqhGGIM7GE93S6FvM6Bn7sF
Sql/lb9z5arC5x7uBIeyA5qNbZsbei+2syA/2cfeVrhdaTPIyPMoQ7ZkEFyj6UXe
qfaarHqxLew4QX7s3gmAbKddpecaOJB2747Pk/wDCOddTfD6VFIx9weRlpY6oovB
cZLvh+Q=
-----END CERTIFICATE-----