Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7bca1860-3560-464c-85e1-1d7f609683cf.roa
File:                     7bca1860-3560-464c-85e1-1d7f609683cf.roa (raw, json)
Hash identifier:          bzaldoiAVgmb73LHYwjXrewYoo/zV0HzVhsvLEnSSKk=
Subject key identifier:   46:C3:A9:7E:73:2C:E5:C3:B4:C6:FC:2E:A3:81:4B:63:2C:06:32:AA
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       0E2840B53F0A83B96B405733F362B01181192F7D
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7bca1860-3560-464c-85e1-1d7f609683cf.roa
Signing time:             Thu 23 Mar 2023 00:00:00 +0000
ROA not before:           Thu 23 Mar 2023 00:00:00 +0000
ROA not after:            Sun 26 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:28:40:b5:3f:0a:83:b9:6b:40:57:33:f3:62:b0:11:81:19:2f:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 23 00:00:00 2023 GMT
            Not After : Mar 26 23:59:59 2023 GMT
        Subject: serialNumber=11e04af62678f0748ea3ac09b245a6c7d24760b9ece477a537592071929f2e20, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:55:b8:a2:18:e9:f0:9c:83:88:ac:4b:d2:d8:
                    26:b8:72:37:72:59:7c:27:de:72:f2:9d:3c:80:ee:
                    19:ac:69:9e:1f:cb:68:80:97:d1:54:13:7a:f6:2f:
                    36:ea:b3:c8:3b:a9:ce:eb:a8:3c:77:9a:14:62:5e:
                    ff:3d:44:7d:bf:37:1d:ae:c4:07:e1:4f:24:0a:c8:
                    f4:53:34:45:96:19:85:89:11:55:89:dc:0c:a4:78:
                    82:d2:08:f0:09:ba:02:55:35:0e:52:8a:81:1d:d9:
                    86:69:2c:f7:eb:1d:a9:80:17:50:72:87:64:83:08:
                    91:79:c3:94:4f:c4:c3:e9:9c:b7:3c:d8:cc:2f:10:
                    2e:9d:9b:83:ac:a5:db:b3:8d:d7:aa:e7:83:42:b0:
                    9a:d1:b7:b9:4d:5c:0f:1a:d5:8a:e0:04:1d:6f:4c:
                    7f:a1:a7:76:29:86:c3:5a:d5:a8:61:d0:1a:5c:d2:
                    66:31:78:64:c6:ad:85:59:dd:f4:a3:35:7c:d4:ad:
                    12:85:dc:91:03:99:f1:e5:62:e8:34:05:4e:ac:d5:
                    7e:e4:c2:4d:23:6e:d3:5c:d5:27:f9:04:2d:1f:c6:
                    00:d0:4d:12:56:3f:c0:95:a9:b1:96:fd:0e:4e:05:
                    7b:f1:7e:4c:e4:f5:51:40:1f:89:7e:8f:9e:c1:07:
                    25:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:C3:A9:7E:73:2C:E5:C3:B4:C6:FC:2E:A3:81:4B:63:2C:06:32:AA
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7bca1860-3560-464c-85e1-1d7f609683cf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:72:25:cb:cc:3d:49:26:87:50:3a:18:22:59:b6:20:71:52:
         7a:66:dd:e2:5d:79:7b:ff:64:ba:d6:77:56:65:ae:aa:82:f5:
         97:fa:d6:c8:95:91:9d:ce:97:55:33:29:5a:e6:20:e6:89:72:
         a6:fe:0f:e7:6e:3b:29:99:98:01:b1:31:6a:0a:70:7a:e4:f4:
         90:9f:a3:40:64:cf:73:76:1b:b3:e0:8d:84:cb:35:ee:34:58:
         01:ae:96:8d:93:14:04:70:d7:68:1d:da:6c:f1:3b:6b:f0:14:
         1d:3c:90:db:a1:07:46:92:ce:c9:72:3e:a7:65:6a:b0:18:ca:
         59:75:bb:bb:3d:fd:a7:0d:ec:d2:ab:9a:30:cd:bd:26:24:7b:
         d4:56:1a:b6:2f:45:1d:f3:70:a8:ed:46:41:53:95:9d:ee:eb:
         1b:34:1b:cd:e2:30:0c:e9:a2:af:80:68:45:28:49:ec:ec:a5:
         19:31:41:74:bf:44:bd:1d:e9:36:25:69:3c:09:5b:8e:31:44:
         6c:32:b1:28:75:60:80:93:d3:8f:e5:43:d0:ae:00:1c:31:b9:
         e7:a2:2c:a4:c1:b3:ef:8a:a0:4f:9a:30:46:36:ae:73:60:d2:
         96:84:8a:19:de:43:43:f4:7b:12:b1:fd:27:1f:30:2c:24:53:
         b6:e4:62:3b
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUDihAtT8Kg7lrQFcz82KwEYEZL30wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzIzMDAwMDAwWhcNMjMwMzI2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMTFlMDRhZjYyNjc4ZjA3NDhlYTNhYzA5YjI0NWE2Yzdk
MjQ3NjBiOWVjZTQ3N2E1Mzc1OTIwNzE5MjlmMmUyMDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMFVuKIY6fCcg4isS9LYJrhyN3JZfCfecvKdPIDuGaxpnh/LaICX
0VQTevYvNuqzyDupzuuoPHeaFGJe/z1Efb83Ha7EB+FPJArI9FM0RZYZhYkRVYnc
DKR4gtII8Am6AlU1DlKKgR3Zhmks9+sdqYAXUHKHZIMIkXnDlE/Ew+mctzzYzC8Q
Lp2bg6yl27ON16rng0KwmtG3uU1cDxrViuAEHW9Mf6GndimGw1rVqGHQGlzSZjF4
ZMathVnd9KM1fNStEoXckQOZ8eVi6DQFTqzVfuTCTSNu01zVJ/kELR/GANBNElY/
wJWpsZb9Dk4Fe/F+TOT1UUAfiX6PnsEHJWMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRGw6l+cyzlw7TG/C6jgUtjLAYyqjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvN2JjYTE4NjAtMzU2MC00NjRjLTg1ZTEtMWQ3ZjYwOTY4M2NmLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFZyJcvMPUkmh1A6
GCJZtiBxUnpm3eJdeXv/ZLrWd1ZlrqqC9Zf61siVkZ3Ol1UzKVrmIOaJcqb+D+du
OymZmAGxMWoKcHrk9JCfo0Bkz3N2G7PgjYTLNe40WAGulo2TFARw12gd2mzxO2vw
FB08kNuhB0aSzslyPqdlarAYyll1u7s9/acN7NKrmjDNvSYke9RWGrYvRR3zcKjt
RkFTlZ3u6xs0G83iMAzpoq+AaEUoSezspRkxQXS/RL0d6TYlaTwJW44xRGwysSh1
YICT04/lQ9CuABwxueeiLKTBs++KoE+aMEY2rnNg0paEihneQ0P0exKx/ScfMCwk
U7bkYjs=
-----END CERTIFICATE-----