Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7c943b17-8ad7-4f9e-b95d-2971c8b06470.roa
File:                     7c943b17-8ad7-4f9e-b95d-2971c8b06470.roa (raw, json)
Hash identifier:          SwDf+L2s+eYDvG3V44Rteg4PDLBvSoJE+Y360wDOeBc=
Subject key identifier:   8C:0B:9D:84:79:3E:2F:21:43:92:1C:37:32:C9:CE:75:F8:88:72:B8
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       4586B4EC6F4D5628A83A25EE8649332C764750DA
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7c943b17-8ad7-4f9e-b95d-2971c8b06470.roa
Signing time:             Mon 17 Apr 2023 00:00:00 +0000
ROA not before:           Mon 17 Apr 2023 00:00:00 +0000
ROA not after:            Thu 20 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:86:b4:ec:6f:4d:56:28:a8:3a:25:ee:86:49:33:2c:76:47:50:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 17 00:00:00 2023 GMT
            Not After : Apr 20 23:59:59 2023 GMT
        Subject: serialNumber=058ba575e7110f46c4064080fa0c28f1b0c3c66b7802723268c533636e2b6cc7, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:5c:bd:da:63:44:19:be:fb:f1:67:f2:77:2b:
                    ee:e8:a0:9d:ec:8c:2b:0e:10:b3:c8:f0:a2:d0:5b:
                    4f:3b:81:48:fc:20:0c:46:82:d1:1d:77:bf:6d:e2:
                    52:52:b7:49:70:b1:e7:70:5b:81:ae:75:f9:2a:78:
                    9c:e7:73:a7:78:2f:f4:6f:2b:d8:6e:91:9f:e0:69:
                    17:7b:36:85:84:17:38:4b:84:dd:db:ca:9f:8a:07:
                    a2:29:8d:91:43:97:4e:c5:3b:3e:3b:fb:b5:a1:18:
                    89:4a:f9:66:45:e6:dc:08:65:db:2a:df:3d:fa:84:
                    22:51:c1:a3:a0:0a:70:7b:ea:26:0e:c7:45:59:ad:
                    c7:8c:6a:3f:b0:e7:34:66:41:24:2a:3a:ae:cb:1d:
                    38:dc:50:fe:79:b2:09:8f:29:0f:96:f1:1d:b8:2b:
                    7c:d9:9b:c5:59:35:a6:a0:14:8c:6f:a5:1c:41:41:
                    c9:db:0c:9b:90:b2:24:13:ed:aa:e1:ae:f6:7e:8e:
                    31:a3:01:76:e6:2f:35:bc:fb:9e:04:3e:9d:98:6e:
                    05:db:e5:a6:80:e8:a3:16:c3:b8:84:ee:6d:39:ed:
                    8a:c3:57:fd:36:87:08:f8:18:34:b4:f6:4d:fd:03:
                    3d:3b:0c:0f:3b:f1:0b:72:c4:cb:48:37:04:60:f3:
                    5d:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:0B:9D:84:79:3E:2F:21:43:92:1C:37:32:C9:CE:75:F8:88:72:B8
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7c943b17-8ad7-4f9e-b95d-2971c8b06470.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:cd:e0:47:51:9a:e4:9f:b7:37:db:35:07:4e:fb:e9:d6:47:
         90:97:ed:bf:77:70:8e:5a:da:74:ee:e6:af:7e:07:75:59:aa:
         b1:09:45:63:9e:58:ca:27:f3:a3:fa:8b:69:70:86:5a:68:c5:
         a8:be:96:2b:02:2c:22:6a:49:9c:b2:13:2b:67:8b:75:3a:0c:
         26:a4:ac:a8:36:40:17:15:85:cf:3c:68:c9:08:96:0c:9c:4b:
         af:a8:1c:54:bd:05:2e:90:74:5e:ee:5c:62:69:db:57:c8:6d:
         fc:09:ee:b5:68:10:96:13:3c:45:b3:2c:f5:fd:e6:d4:fe:9c:
         4b:19:f9:4f:66:97:2b:40:04:bd:8c:90:a9:ec:fa:96:bb:2c:
         94:0f:c4:db:5b:d2:8a:57:16:97:0f:a2:36:f1:99:9c:27:9c:
         55:38:b6:93:87:2e:63:f2:a8:fa:51:a6:15:08:37:73:8a:4d:
         78:7e:90:97:c1:d9:cd:b0:6a:ef:88:c6:e9:4a:76:8f:66:b2:
         37:b1:fb:b4:7d:c2:9a:a6:f3:60:68:ce:37:98:02:3d:3f:2a:
         b7:35:9c:e3:cb:89:1d:ed:b5:b6:b3:f9:c9:d3:4c:6a:c8:f2:
         3a:ae:16:6d:39:61:d8:cf:a6:f2:8a:9b:71:ea:f4:63:6c:f0:
         b6:04:df:c1
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIURYa07G9NViioOiXuhkkzLHZHUNowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDE3MDAwMDAwWhcNMjMwNDIwMjM1OTU5
WjCBpTFJMEcGA1UEBRNAMDU4YmE1NzVlNzExMGY0NmM0MDY0MDgwZmEwYzI4ZjFi
MGMzYzY2Yjc4MDI3MjMyNjhjNTMzNjM2ZTJiNmNjNzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKpcvdpjRBm++/Fn8ncr7uigneyMKw4Qs8jwotBbTzuBSPwgDEaC
0R13v23iUlK3SXCx53Bbga51+Sp4nOdzp3gv9G8r2G6Rn+BpF3s2hYQXOEuE3dvK
n4oHoimNkUOXTsU7Pjv7taEYiUr5ZkXm3Ahl2yrfPfqEIlHBo6AKcHvqJg7HRVmt
x4xqP7DnNGZBJCo6rssdONxQ/nmyCY8pD5bxHbgrfNmbxVk1pqAUjG+lHEFBydsM
m5CyJBPtquGu9n6OMaMBduYvNbz7ngQ+nZhuBdvlpoDooxbDuITubTntisNX/TaH
CPgYNLT2Tf0DPTsMDzvxC3LEy0g3BGDzXYkCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSMC52EeT4vIUOSHDcyyc51+IhyuDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvN2M5NDNiMTctOGFkNy00ZjllLWI5NWQtMjk3MWM4YjA2NDcwLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAC7N4EdRmuSftzfb
NQdO++nWR5CX7b93cI5a2nTu5q9+B3VZqrEJRWOeWMon86P6i2lwhlpoxai+lisC
LCJqSZyyEytni3U6DCakrKg2QBcVhc88aMkIlgycS6+oHFS9BS6QdF7uXGJp21fI
bfwJ7rVoEJYTPEWzLPX95tT+nEsZ+U9mlytABL2MkKns+pa7LJQPxNtb0opXFpcP
ojbxmZwnnFU4tpOHLmPyqPpRphUIN3OKTXh+kJfB2c2wau+IxulKdo9msjex+7R9
wpqm82BozjeYAj0/Krc1nOPLiR3ttbaz+cnTTGrI8jquFm05YdjPpvKKm3Hq9GNs
8LYE38E=
-----END CERTIFICATE-----