Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/71a7244a-1bab-49a9-8760-b9762d2787c5.roa
File:                     71a7244a-1bab-49a9-8760-b9762d2787c5.roa (raw, json)
Hash identifier:          CvOW5uJ1vD3/xg3F4wpWe3nwaWoVzVVNKBy2cY/X5wI=
Subject key identifier:   33:5A:45:0E:36:FA:33:E2:28:1C:CF:1B:A4:CD:AD:A9:66:AF:8D:64
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       514CB2F983627F611FB58D51CC6CAC644D266A7D
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/71a7244a-1bab-49a9-8760-b9762d2787c5.roa
Signing time:             Fri 17 Mar 2023 00:00:00 +0000
ROA not before:           Fri 17 Mar 2023 00:00:00 +0000
ROA not after:            Mon 20 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:4c:b2:f9:83:62:7f:61:1f:b5:8d:51:cc:6c:ac:64:4d:26:6a:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 17 00:00:00 2023 GMT
            Not After : Mar 20 23:59:59 2023 GMT
        Subject: serialNumber=f8d66c5cc47bff051bb24f2509c8360f37d2372038896b53d3d986827169aefb, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:30:0d:c1:0a:2f:5d:f7:91:ae:52:38:40:0c:
                    64:6b:72:a9:ac:3d:84:92:2a:0b:70:48:bb:38:b5:
                    42:2d:f2:33:91:95:46:7f:7e:1e:3f:04:6c:01:88:
                    21:b3:da:fa:cb:84:2e:51:04:c1:df:f0:b9:66:97:
                    dd:dd:d7:d9:40:09:78:4c:57:db:92:ca:3d:08:ff:
                    6a:f3:eb:2d:75:cc:96:e0:a3:e5:5f:40:8a:fb:7d:
                    17:1a:a6:07:a4:6d:7c:2b:1b:7f:ad:f8:4b:a7:c1:
                    26:9f:38:76:0c:3e:c8:9d:b6:66:0e:00:70:e1:13:
                    e6:69:65:cb:72:23:00:a8:7c:f3:29:ce:24:1e:69:
                    3d:cb:00:1f:79:99:b4:47:99:f5:68:f0:4f:e3:e5:
                    a3:78:ed:fc:93:b4:00:fa:54:fd:6d:82:ad:bd:97:
                    9c:bb:38:d3:7b:38:22:d3:a7:bb:e0:07:b4:a5:71:
                    fa:dd:af:2c:f3:33:6d:d9:f2:bc:e1:22:d1:20:7f:
                    31:1e:46:40:48:6a:d7:0e:03:b6:6f:05:ed:e2:0e:
                    a2:03:c6:79:d7:21:28:6e:67:d7:c5:4a:29:10:04:
                    40:78:ac:3c:dd:5f:7f:f5:2a:e1:0e:18:ee:c1:15:
                    02:c4:e1:1d:8f:5c:50:bf:eb:cc:27:27:f2:64:34:
                    b0:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:5A:45:0E:36:FA:33:E2:28:1C:CF:1B:A4:CD:AD:A9:66:AF:8D:64
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/71a7244a-1bab-49a9-8760-b9762d2787c5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:c8:2f:fb:70:15:8d:33:5d:13:06:86:81:fe:23:68:a1:ce:
         b7:5f:84:5f:a5:ae:61:55:e9:3e:17:f8:01:bf:9f:4c:28:14:
         c6:05:a6:49:b8:39:3c:6d:b7:84:7e:1c:b7:2f:a6:a6:27:bb:
         9b:10:c6:db:61:58:df:91:ed:11:48:99:d5:bb:c9:b8:59:64:
         28:f1:ea:89:43:70:55:b2:27:c7:2e:d7:30:7b:3e:19:1c:0b:
         c5:fb:1e:2f:b9:26:e1:3c:bc:55:e9:2d:ba:fe:9a:36:9b:5b:
         9b:87:51:b1:84:f6:65:3c:58:2c:a5:f2:52:4b:dd:10:52:1f:
         14:36:98:a9:a1:e5:97:c2:c8:b5:32:fd:1d:4c:a4:0a:94:22:
         6c:2b:6b:fe:8c:cc:b3:5e:ac:92:73:7b:44:2e:64:d1:ae:f2:
         5f:72:24:e8:b9:3c:b0:14:d4:ab:b6:ab:22:8c:1b:0d:4a:73:
         b6:a2:a2:81:0e:d9:d3:81:90:d4:54:9e:64:29:7a:f6:40:fa:
         26:f9:4b:1a:b2:91:e5:c9:ab:e4:b6:b2:a5:e9:78:ba:10:de:
         bc:7d:94:2e:39:68:f9:e4:3d:05:1d:38:86:ce:40:e8:73:a9:
         9c:53:02:82:4d:3d:ca:19:b5:ae:92:68:26:4d:f3:0b:06:d5:
         c1:f8:92:41
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUUUyy+YNif2EftY1RzGysZE0man0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzE3MDAwMDAwWhcNMjMwMzIwMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZjhkNjZjNWNjNDdiZmYwNTFiYjI0ZjI1MDljODM2MGYz
N2QyMzcyMDM4ODk2YjUzZDNkOTg2ODI3MTY5YWVmYjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALUwDcEKL133ka5SOEAMZGtyqaw9hJIqC3BIuzi1Qi3yM5GVRn9+
Hj8EbAGIIbPa+suELlEEwd/wuWaX3d3X2UAJeExX25LKPQj/avPrLXXMluCj5V9A
ivt9FxqmB6RtfCsbf634S6fBJp84dgw+yJ22Zg4AcOET5mlly3IjAKh88ynOJB5p
PcsAH3mZtEeZ9WjwT+Plo3jt/JO0APpU/W2Crb2XnLs403s4ItOnu+AHtKVx+t2v
LPMzbdnyvOEi0SB/MR5GQEhq1w4Dtm8F7eIOogPGedchKG5n18VKKRAEQHisPN1f
f/Uq4Q4Y7sEVAsThHY9cUL/rzCcn8mQ0sM0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQzWkUONvoz4igczxukza2pZq+NZDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNzFhNzI0NGEtMWJhYi00OWE5LTg3NjAtYjk3NjJkMjc4N2M1LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAArIL/twFY0zXRMG
hoH+I2ihzrdfhF+lrmFV6T4X+AG/n0woFMYFpkm4OTxtt4R+HLcvpqYnu5sQxtth
WN+R7RFImdW7ybhZZCjx6olDcFWyJ8cu1zB7PhkcC8X7Hi+5JuE8vFXpLbr+mjab
W5uHUbGE9mU8WCyl8lJL3RBSHxQ2mKmh5ZfCyLUy/R1MpAqUImwra/6MzLNerJJz
e0QuZNGu8l9yJOi5PLAU1Ku2qyKMGw1Kc7aiooEO2dOBkNRUnmQpevZA+ib5Sxqy
keXJq+S2sqXpeLoQ3rx9lC45aPnkPQUdOIbOQOhzqZxTAoJNPcoZta6SaCZN8wsG
1cH4kkE=
-----END CERTIFICATE-----