Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7c065854-c363-4776-bcaf-598b60dc8743.roa
File:                     7c065854-c363-4776-bcaf-598b60dc8743.roa (raw, json)
Hash identifier:          bJxeqCteoldqzgXkbD0twVfqtuPDk9LUcpH0P+2wso0=
Subject key identifier:   58:2D:B3:62:27:B6:FC:4E:19:EB:43:A2:72:E3:44:70:94:A8:44:A1
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       6E74FA8007A145772C051F17C2108C473C2C001C
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7c065854-c363-4776-bcaf-598b60dc8743.roa
Signing time:             Fri 14 Apr 2023 00:00:00 +0000
ROA not before:           Fri 14 Apr 2023 00:00:00 +0000
ROA not after:            Mon 17 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:74:fa:80:07:a1:45:77:2c:05:1f:17:c2:10:8c:47:3c:2c:00:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 14 00:00:00 2023 GMT
            Not After : Apr 17 23:59:59 2023 GMT
        Subject: serialNumber=bf64785a85d53a3178669615745b7c819e6f44a27f2b7b221338391fe6a05ad1, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:36:9a:50:4f:de:73:f6:3a:66:39:0f:c2:d9:
                    e8:91:0d:17:42:71:3b:1a:48:f5:b5:e9:60:58:7f:
                    26:63:aa:da:fc:47:69:17:0d:58:b0:90:55:91:b9:
                    d3:ab:c6:4b:70:4e:39:58:ce:49:4b:a7:c1:da:d3:
                    3a:25:b0:7d:e6:44:4a:e9:e1:df:72:e4:2b:eb:cd:
                    cc:45:8f:0e:69:22:bf:ee:9b:ac:50:be:b9:e2:21:
                    6d:75:64:dc:ef:a1:41:59:ba:e6:ca:8b:1d:f1:06:
                    09:f7:5d:28:f2:f6:ea:d3:59:ba:ae:26:54:a7:01:
                    57:1f:55:71:39:1f:58:4c:8b:1c:98:d9:45:4f:2c:
                    31:2a:36:91:42:98:26:1c:86:90:1b:5a:cf:a0:9a:
                    8e:02:01:d5:42:a1:df:58:50:76:0d:c4:53:2c:1f:
                    ea:99:d5:7a:30:49:d1:d2:cb:2e:39:00:3b:80:ef:
                    64:da:e1:b1:a9:ab:14:ec:1b:c7:26:c3:f3:4f:f6:
                    f5:85:bb:02:7c:40:90:5b:09:52:54:2b:64:19:d2:
                    6f:65:61:65:9c:cb:f4:80:32:3a:93:fd:4b:a6:8f:
                    b0:a8:f9:21:d7:1d:61:98:d4:9e:50:75:1e:cb:a8:
                    c1:e4:10:03:8a:f4:06:a4:5b:89:4f:bb:2f:12:25:
                    76:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:2D:B3:62:27:B6:FC:4E:19:EB:43:A2:72:E3:44:70:94:A8:44:A1
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7c065854-c363-4776-bcaf-598b60dc8743.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:7f:4f:f2:d0:03:b1:eb:f9:82:e4:1a:76:d2:f6:c6:91:a3:
         f7:7a:6b:12:05:d6:9b:75:dc:f9:87:65:3e:3f:7c:f2:04:67:
         28:86:11:9c:a2:54:a3:2e:73:10:30:83:6a:32:c4:8a:5e:4b:
         91:69:18:2a:2e:b9:2e:37:7c:ff:46:a0:d2:fb:7e:a9:b7:ed:
         74:c4:d1:2a:02:d5:66:42:6b:16:15:82:13:13:3b:3d:e0:cf:
         73:1c:52:49:ce:fc:52:7d:d8:94:79:99:5f:67:c0:83:a7:7f:
         81:c0:98:b5:f3:4b:46:12:29:49:2f:fc:e1:75:2e:6c:0f:db:
         5d:7c:49:e9:bd:25:0e:69:ad:37:e4:35:09:d0:9b:75:21:da:
         a8:96:77:77:6a:8d:f1:7f:d5:c4:f3:99:7c:76:ca:9d:53:3b:
         c7:58:07:0c:0d:c2:dc:02:1d:04:4a:b1:8a:73:4a:74:e0:76:
         b7:f9:4a:e3:db:a4:50:31:45:29:6a:e8:dc:ae:37:bb:e0:5e:
         0e:64:b1:1e:57:51:98:b1:bc:d7:92:5a:71:c0:49:93:48:98:
         3c:3f:78:be:17:a0:82:34:d6:5b:eb:cd:98:92:9c:1d:63:9f:
         37:f9:d3:ae:9b:44:04:94:fb:10:90:ff:90:46:3d:05:63:6f:
         ad:e2:60:4e
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUbnT6gAehRXcsBR8XwhCMRzwsABwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDE0MDAwMDAwWhcNMjMwNDE3MjM1OTU5
WjCBpTFJMEcGA1UEBRNAYmY2NDc4NWE4NWQ1M2EzMTc4NjY5NjE1NzQ1YjdjODE5
ZTZmNDRhMjdmMmI3YjIyMTMzODM5MWZlNmEwNWFkMTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMM2mlBP3nP2OmY5D8LZ6JENF0JxOxpI9bXpYFh/JmOq2vxHaRcN
WLCQVZG506vGS3BOOVjOSUunwdrTOiWwfeZESunh33LkK+vNzEWPDmkiv+6brFC+
ueIhbXVk3O+hQVm65sqLHfEGCfddKPL26tNZuq4mVKcBVx9VcTkfWEyLHJjZRU8s
MSo2kUKYJhyGkBtaz6CajgIB1UKh31hQdg3EUywf6pnVejBJ0dLLLjkAO4DvZNrh
samrFOwbxybD80/29YW7AnxAkFsJUlQrZBnSb2VhZZzL9IAyOpP9S6aPsKj5Idcd
YZjUnlB1HsuoweQQA4r0BqRbiU+7LxIldjkCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRYLbNiJ7b8ThnrQ6Jy40RwlKhEoTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvN2MwNjU4NTQtYzM2My00Nzc2LWJjYWYtNTk4YjYwZGM4NzQzLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGB/T/LQA7Hr+YLk
GnbS9saRo/d6axIF1pt13PmHZT4/fPIEZyiGEZyiVKMucxAwg2oyxIpeS5FpGCou
uS43fP9GoNL7fqm37XTE0SoC1WZCaxYVghMTOz3gz3McUknO/FJ92JR5mV9nwIOn
f4HAmLXzS0YSKUkv/OF1LmwP2118Sem9JQ5prTfkNQnQm3Uh2qiWd3dqjfF/1cTz
mXx2yp1TO8dYBwwNwtwCHQRKsYpzSnTgdrf5SuPbpFAxRSlq6NyuN7vgXg5ksR5X
UZixvNeSWnHASZNImDw/eL4XoII01lvrzZiSnB1jnzf5066bRASU+xCQ/5BGPQVj
b63iYE4=
-----END CERTIFICATE-----