Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7a21ab75-63e8-4b40-bada-d9b46363500c.roa
File:                     7a21ab75-63e8-4b40-bada-d9b46363500c.roa (raw, json)
Hash identifier:          +lLqhVdesYznvzz6EUjOuHXLDb0ZAQwP5SRc6gy4okA=
Subject key identifier:   4D:85:65:58:4C:73:63:FA:68:83:9A:C0:72:35:DE:F4:1B:9D:80:C1
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       32E0408FAB7DD95282621AAE90E7C7E2BC18D33B
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7a21ab75-63e8-4b40-bada-d9b46363500c.roa
Signing time:             Wed 12 Apr 2023 00:00:00 +0000
ROA not before:           Wed 12 Apr 2023 00:00:00 +0000
ROA not after:            Sat 15 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:e0:40:8f:ab:7d:d9:52:82:62:1a:ae:90:e7:c7:e2:bc:18:d3:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 12 00:00:00 2023 GMT
            Not After : Apr 15 23:59:59 2023 GMT
        Subject: serialNumber=6e0d46c74e6777b7fc3aaf22049c2fbea756532099ac8d85fa5fe5d47746f5e7, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:0a:94:79:d1:c2:ae:e8:61:f0:95:23:ed:07:
                    00:e1:9b:1e:e4:e2:da:cc:ab:9d:96:53:af:24:39:
                    7e:89:18:7b:47:7d:3e:86:e3:ec:4c:9d:c1:08:c1:
                    1c:1f:90:4a:f9:2f:74:d0:eb:37:63:18:c9:61:98:
                    87:ff:fd:1d:3b:0f:59:43:4c:d7:cc:ae:21:19:c5:
                    a4:3d:9b:3e:1f:80:1a:0b:e9:8c:18:64:50:0b:8c:
                    ad:74:ff:77:da:7e:51:97:40:87:78:bf:f4:d6:f7:
                    7e:72:ff:c4:36:b8:4d:a6:ca:b8:03:60:fc:70:09:
                    7d:66:72:f2:86:28:40:1b:1f:e8:27:4c:e5:1d:a5:
                    36:56:a5:30:c7:eb:e8:c3:97:42:d0:22:07:58:e8:
                    37:d8:b3:4d:f7:ab:c6:ad:82:35:60:65:a1:51:4e:
                    c9:a7:70:08:38:4e:f2:d0:aa:49:e3:f4:61:ff:eb:
                    b4:f9:37:2e:3e:4a:34:30:90:08:d1:e6:96:18:bc:
                    b7:4a:5c:7f:1f:34:65:27:0a:cc:00:7b:9e:68:6d:
                    51:fc:ed:14:43:52:e1:28:e9:bc:8d:bb:c4:29:fe:
                    11:6a:80:7e:a0:98:7e:3a:f9:d0:b7:d6:05:2b:91:
                    78:b1:2f:8a:80:59:7f:18:40:55:6f:1e:85:b3:6a:
                    e5:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:85:65:58:4C:73:63:FA:68:83:9A:C0:72:35:DE:F4:1B:9D:80:C1
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7a21ab75-63e8-4b40-bada-d9b46363500c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:f9:d4:32:25:43:c3:ef:9a:6a:30:56:9a:3f:4f:b3:9d:48:
         11:d8:7c:05:49:e8:33:e5:62:47:bf:99:43:99:8c:a4:cd:bc:
         da:08:fa:5e:39:59:ea:55:0f:2b:bb:f1:f0:d6:6a:b1:77:1e:
         bb:cf:f1:7a:9c:eb:b7:cc:7e:47:a8:e2:13:d5:4d:ea:a9:d8:
         31:c8:f8:a4:26:36:08:db:ed:ed:0a:b1:19:a0:cd:be:4e:33:
         19:77:11:9d:c9:ca:c4:ba:06:bd:3a:24:0c:30:6d:30:a7:b1:
         62:88:64:3b:38:c3:65:40:e0:fd:ad:b4:68:f2:bf:d9:e7:a7:
         22:24:3a:0d:7f:7a:b5:82:52:be:74:f3:9a:51:5e:35:8c:10:
         bf:ac:94:82:34:88:33:35:18:a7:f4:32:ef:25:5d:6b:2f:4c:
         78:4e:32:05:0a:f6:03:28:d5:cf:60:92:d3:cb:a2:f8:1f:8a:
         c5:5c:ac:05:96:2b:e8:98:e1:35:5e:e3:a6:9c:b7:f6:9c:e3:
         cf:be:be:2f:42:3c:23:df:2e:d3:1d:65:58:30:39:24:ac:aa:
         45:09:29:f2:82:ba:af:b5:fe:2e:26:74:b8:08:20:c5:3f:b5:
         f3:75:c3:d1:e7:ad:5a:93:00:d2:cf:a3:74:97:be:d0:31:f8:
         83:23:82:2a
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUMuBAj6t92VKCYhqukOfH4rwY0zswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDEyMDAwMDAwWhcNMjMwNDE1MjM1OTU5
WjCBpTFJMEcGA1UEBRNANmUwZDQ2Yzc0ZTY3NzdiN2ZjM2FhZjIyMDQ5YzJmYmVh
NzU2NTMyMDk5YWM4ZDg1ZmE1ZmU1ZDQ3NzQ2ZjVlNzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAL8KlHnRwq7oYfCVI+0HAOGbHuTi2syrnZZTryQ5fokYe0d9Pobj
7EydwQjBHB+QSvkvdNDrN2MYyWGYh//9HTsPWUNM18yuIRnFpD2bPh+AGgvpjBhk
UAuMrXT/d9p+UZdAh3i/9Nb3fnL/xDa4TabKuANg/HAJfWZy8oYoQBsf6CdM5R2l
NlalMMfr6MOXQtAiB1joN9izTferxq2CNWBloVFOyadwCDhO8tCqSeP0Yf/rtPk3
Lj5KNDCQCNHmlhi8t0pcfx80ZScKzAB7nmhtUfztFENS4SjpvI27xCn+EWqAfqCY
fjr50LfWBSuReLEvioBZfxhAVW8ehbNq5ckCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRNhWVYTHNj+miDmsByNd70G52AwTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvN2EyMWFiNzUtNjNlOC00YjQwLWJhZGEtZDliNDYzNjM1MDBjLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKL51DIlQ8Pvmmow
Vpo/T7OdSBHYfAVJ6DPlYke/mUOZjKTNvNoI+l45WepVDyu78fDWarF3HrvP8Xqc
67fMfkeo4hPVTeqp2DHI+KQmNgjb7e0KsRmgzb5OMxl3EZ3JysS6Br06JAwwbTCn
sWKIZDs4w2VA4P2ttGjyv9nnpyIkOg1/erWCUr5085pRXjWMEL+slII0iDM1GKf0
Mu8lXWsvTHhOMgUK9gMo1c9gktPLovgfisVcrAWWK+iY4TVe46act/ac48++vi9C
PCPfLtMdZVgwOSSsqkUJKfKCuq+1/i4mdLgIIMU/tfN1w9HnrVqTANLPo3SXvtAx
+IMjgio=
-----END CERTIFICATE-----