Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/73fe808c-a6cf-4735-82d2-7bd97541f917.roa
File:                     73fe808c-a6cf-4735-82d2-7bd97541f917.roa (raw, json)
Hash identifier:          B3hNxEB2GjB8dksAYzB3p0CIgz7W1JZbEkheU2I3/qU=
Subject key identifier:   1F:33:F2:65:7B:C0:06:B0:E3:78:85:DB:7D:86:43:57:4C:AE:D1:31
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       2109DE6108D40C5EE885293ABAC33F0A8FC1C15F
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/73fe808c-a6cf-4735-82d2-7bd97541f917.roa
Signing time:             Mon 24 Apr 2023 00:00:00 +0000
ROA not before:           Mon 24 Apr 2023 00:00:00 +0000
ROA not after:            Thu 27 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:09:de:61:08:d4:0c:5e:e8:85:29:3a:ba:c3:3f:0a:8f:c1:c1:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 24 00:00:00 2023 GMT
            Not After : Apr 27 23:59:59 2023 GMT
        Subject: serialNumber=5b6980d8edebe1094eaae0918c5a32365b83f4715680db8a501eb1b914e86188, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:aa:6b:d4:e2:03:73:bb:5c:5b:40:04:41:c4:
                    1c:31:20:b0:7b:d0:26:b2:d8:25:ea:e1:88:d7:58:
                    ad:a4:38:c0:79:72:38:ca:a0:e0:38:7c:fe:9c:2b:
                    af:a0:3f:88:09:50:65:58:e3:e7:39:fa:8a:4e:01:
                    a9:0d:47:dc:7d:c4:e2:6b:d0:67:93:0a:53:bd:7c:
                    8f:93:d5:c1:4f:e8:fc:4f:13:2d:43:50:00:f7:f3:
                    5c:96:7d:a3:87:49:ca:5d:e0:4a:df:7c:a9:cc:20:
                    b1:a9:0f:26:d1:a3:56:84:6a:a1:02:f0:03:c7:d7:
                    99:8c:b6:70:4c:75:f3:de:41:17:52:cd:d2:2a:ed:
                    a0:22:c8:3e:c9:4c:f1:e7:5d:63:f9:27:e6:70:8a:
                    dd:52:af:ee:f2:fe:b3:c3:52:c0:33:2e:1c:84:0c:
                    fb:20:df:4b:e3:a9:9b:97:b7:b4:bc:94:2c:9b:ff:
                    0f:fd:81:03:d3:b3:63:13:b6:c1:06:f6:e7:ef:e6:
                    b8:03:ff:03:ae:d6:d1:a8:06:c7:c3:d1:f5:6f:d1:
                    a6:42:c8:14:27:6e:79:4c:09:5b:ae:25:5d:bc:82:
                    9a:66:13:4d:11:f7:96:89:ec:90:49:b5:4b:7e:a6:
                    02:f6:f7:ae:3c:ed:f3:38:6b:f9:23:58:99:6e:2c:
                    12:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:33:F2:65:7B:C0:06:B0:E3:78:85:DB:7D:86:43:57:4C:AE:D1:31
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/73fe808c-a6cf-4735-82d2-7bd97541f917.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c5:fa:60:ab:42:33:fd:9f:fb:64:af:31:b3:36:52:97:e4:38:
         8e:51:c4:dd:0b:8d:bd:74:11:62:cb:ba:d3:f5:09:82:90:86:
         6a:68:bd:3e:03:df:25:a1:5a:3d:d8:cf:59:5b:fc:c0:07:4a:
         ea:eb:64:60:5b:36:34:5e:93:38:77:5d:55:96:9e:b8:d8:ef:
         9a:76:bf:48:b4:a9:92:e0:c2:78:2f:64:c3:1e:39:bc:3f:22:
         2c:f2:44:42:3e:46:31:f8:b1:15:07:27:89:0c:ad:cb:41:54:
         57:be:ca:64:20:44:33:c2:3f:19:3b:ba:cd:45:68:8f:60:a1:
         05:7e:30:25:9e:69:c4:6d:4a:ca:50:15:06:03:02:19:2b:26:
         f0:b7:6b:fa:f7:78:64:0d:8d:91:5d:e4:0b:12:85:61:02:42:
         77:f0:f8:4e:bc:88:eb:63:8a:67:b2:36:69:fc:47:41:16:cd:
         1a:48:0b:53:bf:6d:e3:04:0f:75:af:59:a8:da:ba:f1:86:57:
         ea:ce:c3:34:8d:f6:c3:31:d2:1a:c0:eb:ca:69:29:34:8b:04:
         e8:bc:69:0c:71:35:18:45:ec:af:4c:54:2e:68:eb:eb:16:de:
         00:94:70:d0:4f:17:95:80:b0:f6:bd:83:49:43:ce:d9:46:7a:
         ae:b7:88:28
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUIQneYQjUDF7ohSk6usM/Co/BwV8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDI0MDAwMDAwWhcNMjMwNDI3MjM1OTU5
WjCBpTFJMEcGA1UEBRNANWI2OTgwZDhlZGViZTEwOTRlYWFlMDkxOGM1YTMyMzY1
YjgzZjQ3MTU2ODBkYjhhNTAxZWIxYjkxNGU4NjE4ODEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAOyqa9TiA3O7XFtABEHEHDEgsHvQJrLYJerhiNdYraQ4wHlyOMqg
4Dh8/pwrr6A/iAlQZVjj5zn6ik4BqQ1H3H3E4mvQZ5MKU718j5PVwU/o/E8TLUNQ
APfzXJZ9o4dJyl3gSt98qcwgsakPJtGjVoRqoQLwA8fXmYy2cEx1895BF1LN0irt
oCLIPslM8eddY/kn5nCK3VKv7vL+s8NSwDMuHIQM+yDfS+Opm5e3tLyULJv/D/2B
A9OzYxO2wQb25+/muAP/A67W0agGx8PR9W/RpkLIFCdueUwJW64lXbyCmmYTTRH3
lonskEm1S36mAvb3rjzt8zhr+SNYmW4sEjUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQfM/Jle8AGsON4hdt9hkNXTK7RMTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNzNmZTgwOGMtYTZjZi00NzM1LTgyZDItN2JkOTc1NDFmOTE3LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAMX6YKtCM/2f+2Sv
MbM2UpfkOI5RxN0Ljb10EWLLutP1CYKQhmpovT4D3yWhWj3Yz1lb/MAHSurrZGBb
NjRekzh3XVWWnrjY75p2v0i0qZLgwngvZMMeObw/IizyREI+RjH4sRUHJ4kMrctB
VFe+ymQgRDPCPxk7us1FaI9goQV+MCWeacRtSspQFQYDAhkrJvC3a/r3eGQNjZFd
5AsShWECQnfw+E68iOtjimeyNmn8R0EWzRpIC1O/beMED3WvWajauvGGV+rOwzSN
9sMx0hrA68ppKTSLBOi8aQxxNRhF7K9MVC5o6+sW3gCUcNBPF5WAsPa9g0lDztlG
eq63iCg=
-----END CERTIFICATE-----