Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/75f1ecaf-d060-40bf-a942-f780991530eb.roa
File:                     75f1ecaf-d060-40bf-a942-f780991530eb.roa (raw, json)
Hash identifier:          QUi1MFHz5MpE8oD4hje0wGh/mTYjqpmdvxOUjwk7HLI=
Subject key identifier:   10:7E:42:BB:52:DC:CF:82:22:65:18:02:83:C2:71:F8:8B:5A:84:1F
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       795D2FBB06CABAD8FAC881DC152D77EAD73968D3
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/75f1ecaf-d060-40bf-a942-f780991530eb.roa
Signing time:             Wed 22 Mar 2023 00:00:00 +0000
ROA not before:           Wed 22 Mar 2023 00:00:00 +0000
ROA not after:            Sat 25 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:5d:2f:bb:06:ca:ba:d8:fa:c8:81:dc:15:2d:77:ea:d7:39:68:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 22 00:00:00 2023 GMT
            Not After : Mar 25 23:59:59 2023 GMT
        Subject: serialNumber=fac5f20c876dbc35a13bcbb19dac84acead15da607d8cbafc3b4d50f99f0f3bf, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:d1:70:bf:15:62:05:a0:73:ce:2d:f9:07:b2:
                    94:41:f0:de:aa:bd:2b:1d:35:98:9c:5f:dc:4a:67:
                    65:af:ee:99:52:b0:c9:1a:c5:86:91:3a:0e:39:8e:
                    ac:83:46:04:25:8e:e9:c7:0f:39:61:b0:a3:d4:6a:
                    23:09:e1:08:65:f3:82:6c:c2:9f:8f:af:63:9f:a2:
                    cb:4b:92:d7:ca:3b:b6:82:a1:99:a4:7d:82:31:8e:
                    d5:11:b3:4d:2b:94:6a:a1:59:ee:7b:e6:73:f9:a5:
                    f7:86:84:d5:35:b9:79:1b:01:f0:84:3e:da:b9:9c:
                    6e:ae:6f:59:24:4b:22:49:12:d5:e6:9b:ac:f4:6f:
                    9d:e7:cd:57:34:2b:e7:ec:85:52:89:e9:3e:af:df:
                    e4:70:5c:fb:db:34:5d:73:96:0a:1f:1c:8b:7b:51:
                    2f:11:2d:3d:dc:7e:28:a9:3b:6c:43:a2:83:40:fe:
                    3f:df:6e:eb:15:96:6a:e4:19:60:5f:25:ef:4a:21:
                    eb:95:7b:64:cf:9f:dc:6b:4b:f8:44:c0:8e:42:be:
                    4e:19:f1:43:6e:d7:0a:bc:b4:08:78:93:53:e0:a9:
                    6a:8c:ff:4d:92:e6:ad:2c:7f:54:c1:5f:17:2b:1b:
                    dd:cc:99:a9:f4:b8:17:d7:f4:cb:c4:29:b6:ad:58:
                    02:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:7E:42:BB:52:DC:CF:82:22:65:18:02:83:C2:71:F8:8B:5A:84:1F
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/75f1ecaf-d060-40bf-a942-f780991530eb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:8e:ed:58:49:53:45:d3:7c:b5:99:06:c7:bc:2a:73:7d:ba:
         c7:69:01:65:f8:d3:51:c7:79:52:e8:21:2b:dd:0d:b9:62:f6:
         2d:00:0b:7b:3f:dc:ba:e0:82:4a:8e:70:ad:3c:0a:b8:2d:2a:
         64:01:b2:24:30:21:fd:a9:31:01:fe:8f:59:90:80:79:83:5f:
         92:38:df:8e:32:6e:28:80:62:10:e9:54:05:f6:bf:a1:e5:0e:
         53:d0:22:c4:b4:c7:2a:c2:ca:d7:76:60:0b:29:93:08:00:22:
         3a:91:e8:b4:d0:74:80:2b:21:8c:ee:b1:57:d0:8a:36:87:1b:
         30:aa:1f:fc:bc:15:49:1f:50:59:08:95:4e:ff:00:08:82:cd:
         7f:fa:4a:63:20:8b:e6:c3:15:ba:8c:0f:1b:4e:5d:c1:2c:e7:
         e6:69:ca:f6:98:c8:c9:5c:36:9b:2c:47:ad:a0:f8:fd:44:2b:
         bf:04:85:b4:7e:a1:bc:c4:c1:8f:9a:51:9e:6f:0a:ab:1d:a6:
         92:32:db:b3:58:04:62:0c:bd:fa:22:50:68:12:33:0c:c2:e8:
         c1:6c:48:05:ea:49:c1:e8:29:95:0f:4a:d5:b2:17:c0:bd:8e:
         c7:b3:fb:ca:4e:c0:92:36:cd:3a:a8:dc:c1:6f:1b:8c:69:d1:
         e1:5d:29:ff
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUeV0vuwbKutj6yIHcFS136tc5aNMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzIyMDAwMDAwWhcNMjMwMzI1MjM1OTU5
WjCBpTFJMEcGA1UEBRNAZmFjNWYyMGM4NzZkYmMzNWExM2JjYmIxOWRhYzg0YWNl
YWQxNWRhNjA3ZDhjYmFmYzNiNGQ1MGY5OWYwZjNiZjEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAL7RcL8VYgWgc84t+QeylEHw3qq9Kx01mJxf3EpnZa/umVKwyRrF
hpE6DjmOrINGBCWO6ccPOWGwo9RqIwnhCGXzgmzCn4+vY5+iy0uS18o7toKhmaR9
gjGO1RGzTSuUaqFZ7nvmc/ml94aE1TW5eRsB8IQ+2rmcbq5vWSRLIkkS1eabrPRv
nefNVzQr5+yFUonpPq/f5HBc+9s0XXOWCh8ci3tRLxEtPdx+KKk7bEOig0D+P99u
6xWWauQZYF8l70oh65V7ZM+f3GtL+ETAjkK+ThnxQ27XCry0CHiTU+Cpaoz/TZLm
rSx/VMFfFysb3cyZqfS4F9f0y8Qptq1YAs8CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQQfkK7UtzPgiJlGAKDwnH4i1qEHzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvNzVmMWVjYWYtZDA2MC00MGJmLWE5NDItZjc4MDk5MTUzMGViLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACaO7VhJU0XTfLWZ
Bse8KnN9usdpAWX401HHeVLoISvdDbli9i0AC3s/3LrggkqOcK08CrgtKmQBsiQw
If2pMQH+j1mQgHmDX5I4344ybiiAYhDpVAX2v6HlDlPQIsS0xyrCytd2YAspkwgA
IjqR6LTQdIArIYzusVfQijaHGzCqH/y8FUkfUFkIlU7/AAiCzX/6SmMgi+bDFbqM
DxtOXcEs5+ZpyvaYyMlcNpssR62g+P1EK78EhbR+obzEwY+aUZ5vCqsdppIy27NY
BGIMvfoiUGgSMwzC6MFsSAXqScHoKZUPStWyF8C9jsez+8pOwJI2zTqo3MFvG4xp
0eFdKf8=
-----END CERTIFICATE-----