Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/73220170-be54-480a-9099-c78c2eeccfc7.roa
File:                     73220170-be54-480a-9099-c78c2eeccfc7.roa (raw, json)
Hash identifier:          MgOEYLxQQLgUfh7dCr6hSAlwAU+cCAE80QmlIqFcwdA=
Subject key identifier:   90:CB:79:74:AF:F4:DE:56:63:09:2D:43:01:C7:52:16:BA:EE:BA:66
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       4BBBCC881264D974688BBFB86A871170538AAE87
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/73220170-be54-480a-9099-c78c2eeccfc7.roa
Signing time:             Fri 21 Apr 2023 00:00:00 +0000
ROA not before:           Fri 21 Apr 2023 00:00:00 +0000
ROA not after:            Mon 24 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:bb:cc:88:12:64:d9:74:68:8b:bf:b8:6a:87:11:70:53:8a:ae:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 21 00:00:00 2023 GMT
            Not After : Apr 24 23:59:59 2023 GMT
        Subject: serialNumber=0a8af0787ac783a649e1890b7fb1038c0d50ad514b08b19f783faa1b342aecfb, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:d5:e2:be:5e:00:ad:3a:72:92:2f:fe:68:2b:
                    97:1a:59:2b:17:f1:ff:d3:29:06:ef:a6:66:31:79:
                    42:c0:fb:af:fe:d6:76:05:98:63:2d:ce:82:b8:f6:
                    12:48:b0:6b:97:65:f1:22:ef:d4:f7:38:7b:d8:f4:
                    06:f9:00:ff:1f:25:08:7c:4a:9c:a5:0c:fa:8e:e2:
                    48:ea:90:26:94:eb:6c:23:b0:ae:aa:b6:fd:31:79:
                    89:64:e4:ba:36:cd:6b:9a:ea:8c:19:09:6d:ae:bf:
                    5a:3e:a7:fd:e1:4b:67:a2:1c:88:3b:67:e1:84:78:
                    da:60:a3:98:da:25:f6:88:0f:9f:79:d4:db:3e:0f:
                    9f:96:b7:96:53:60:40:28:c7:e4:3c:6b:a8:05:73:
                    db:9e:12:12:8e:39:03:ed:cd:10:b6:6b:a8:0b:54:
                    73:8d:7a:60:7e:71:73:d4:40:5d:65:a6:2d:7e:6d:
                    44:17:b9:e7:e6:b2:c7:92:07:7e:ab:c2:de:85:59:
                    50:04:01:dc:42:e3:8d:86:51:48:a0:39:cd:74:9c:
                    33:42:9d:d1:4a:ff:88:5a:c1:c1:59:9c:5f:2d:76:
                    12:ed:5d:e3:bd:7f:65:29:cc:d9:66:f1:80:aa:ec:
                    65:87:1c:9a:2e:bd:5a:9d:a4:26:e1:e1:36:c5:74:
                    f9:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:CB:79:74:AF:F4:DE:56:63:09:2D:43:01:C7:52:16:BA:EE:BA:66
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/73220170-be54-480a-9099-c78c2eeccfc7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:4c:16:56:83:2f:c1:39:6e:24:bc:4a:68:d4:a1:67:10:cb:
         98:43:fa:fc:f7:f3:2e:8b:10:24:92:75:69:20:1a:ca:b5:73:
         2d:80:f6:dd:8e:76:57:02:28:c8:bc:37:90:eb:af:f4:39:69:
         f5:b3:1d:b2:37:c5:a2:9d:c0:d9:cd:6e:76:96:87:4c:fb:dc:
         40:8b:76:14:f7:84:48:e9:b7:06:a7:c0:3a:33:ad:e7:fa:d5:
         ba:b9:37:a2:64:97:6f:0e:0a:c8:8e:4c:4a:36:6e:43:44:a0:
         e5:1c:70:d0:e4:ef:88:c4:ec:85:86:ef:24:6e:dc:85:e7:1d:
         6f:a1:2b:72:26:94:04:63:0b:33:ca:39:bd:eb:6e:d6:3b:bf:
         b0:7d:5e:2d:04:41:eb:16:64:d9:b9:b4:16:f6:65:9b:88:4d:
         ef:df:6f:3e:58:91:42:ee:4d:ee:82:9c:73:0d:e6:56:a4:2f:
         9b:64:61:3d:33:d7:61:db:10:0a:62:91:4d:fb:ef:16:59:f7:
         50:5a:8e:45:31:cc:e6:db:05:bc:50:4d:56:54:7d:af:8d:0f:
         ba:e8:4e:05:8a:f2:d0:e8:12:4d:ac:ba:02:4f:d2:88:d0:c0:
         d3:9e:36:4b:25:7a:c0:8e:38:f7:1a:6d:89:0a:fe:3b:1c:88:
         de:11:84:ae
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUS7vMiBJk2XRoi7+4aocRcFOKrocwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDIxMDAwMDAwWhcNMjMwNDI0MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMGE4YWYwNzg3YWM3ODNhNjQ5ZTE4OTBiN2ZiMTAzOGMw
ZDUwYWQ1MTRiMDhiMTlmNzgzZmFhMWIzNDJhZWNmYjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANfV4r5eAK06cpIv/mgrlxpZKxfx/9MpBu+mZjF5QsD7r/7WdgWY
Yy3Ogrj2Ekiwa5dl8SLv1Pc4e9j0BvkA/x8lCHxKnKUM+o7iSOqQJpTrbCOwrqq2
/TF5iWTkujbNa5rqjBkJba6/Wj6n/eFLZ6IciDtn4YR42mCjmNol9ogPn3nU2z4P
n5a3llNgQCjH5DxrqAVz254SEo45A+3NELZrqAtUc416YH5xc9RAXWWmLX5tRBe5
5+ayx5IHfqvC3oVZUAQB3ELjjYZRSKA5zXScM0Kd0Ur/iFrBwVmcXy12Eu1d471/
ZSnM2WbxgKrsZYccmi69Wp2kJuHhNsV0+b0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSQy3l0r/TeVmMJLUMBx1IWuu66ZjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNzMyMjAxNzAtYmU1NC00ODBhLTkwOTktYzc4YzJlZWNjZmM3LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIRMFlaDL8E5biS8
SmjUoWcQy5hD+vz38y6LECSSdWkgGsq1cy2A9t2OdlcCKMi8N5Drr/Q5afWzHbI3
xaKdwNnNbnaWh0z73ECLdhT3hEjptwanwDozref61bq5N6Jkl28OCsiOTEo2bkNE
oOUccNDk74jE7IWG7yRu3IXnHW+hK3ImlARjCzPKOb3rbtY7v7B9Xi0EQesWZNm5
tBb2ZZuITe/fbz5YkULuTe6CnHMN5lakL5tkYT0z12HbEApikU377xZZ91BajkUx
zObbBbxQTVZUfa+ND7roTgWK8tDoEk2sugJP0ojQwNOeNkslesCOOPcabYkK/jsc
iN4RhK4=
-----END CERTIFICATE-----