Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7d48d64b-227f-437d-8ca7-6da88a00e120.roa
File:                     7d48d64b-227f-437d-8ca7-6da88a00e120.roa (raw, json)
Hash identifier:          MD88dRJm2/XtlQNDRY+RPIuK6RFe4oktxhzGDFy5hH8=
Subject key identifier:   EE:91:A8:8A:29:BC:93:C8:55:2B:D3:71:C8:8C:73:10:92:DA:5D:0E
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       0DF0D9B6014920812576336D9E3F90576D819D49
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7d48d64b-227f-437d-8ca7-6da88a00e120.roa
Signing time:             Fri 07 Apr 2023 00:00:00 +0000
ROA not before:           Fri 07 Apr 2023 00:00:00 +0000
ROA not after:            Mon 10 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:f0:d9:b6:01:49:20:81:25:76:33:6d:9e:3f:90:57:6d:81:9d:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr  7 00:00:00 2023 GMT
            Not After : Apr 10 23:59:59 2023 GMT
        Subject: serialNumber=bc2e19f32dc24f33a6a08a65462ec6852d5d77f46a0fe9c8c072ce93db2ca84d, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:f7:5d:7c:74:ce:b3:df:51:3a:f3:cf:ff:1f:
                    82:a7:05:e8:d4:1d:57:7f:4f:43:98:74:9b:80:fa:
                    6b:c4:b5:6b:7c:c2:82:9c:a7:67:9b:82:15:ce:29:
                    04:c1:12:b9:25:96:6e:f8:97:11:f4:92:32:fd:29:
                    e8:7d:45:53:2c:d4:ae:8a:da:4d:6f:37:e9:5b:6a:
                    e2:05:82:22:b2:e8:88:8e:82:e4:1c:3c:aa:81:2a:
                    da:ca:64:19:3a:ed:bb:db:47:ef:e9:0b:e6:2a:be:
                    a2:f7:26:30:ca:1a:7e:71:84:5c:03:b7:10:79:fb:
                    06:5c:40:07:8f:82:f8:b5:e9:60:49:52:eb:ae:5c:
                    6e:05:36:74:b2:30:aa:0e:09:9b:6d:18:7a:96:a2:
                    f6:2d:b1:14:4f:93:4c:bd:dd:5d:ef:a5:b2:2b:8e:
                    b1:26:76:b9:55:f8:d6:ad:66:dc:43:56:f4:40:6f:
                    be:b5:de:8f:e4:25:f4:b9:89:43:9c:88:2f:1e:79:
                    c1:61:be:57:c9:6c:dd:05:7b:ea:fd:35:75:f2:e3:
                    52:af:a2:8a:31:e2:c7:26:29:1c:36:78:06:2d:cf:
                    05:12:03:c5:63:b3:06:90:89:31:c1:1a:cc:d2:e7:
                    5e:3e:b1:0b:85:09:87:26:58:0a:1d:a2:04:b2:5d:
                    53:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:91:A8:8A:29:BC:93:C8:55:2B:D3:71:C8:8C:73:10:92:DA:5D:0E
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7d48d64b-227f-437d-8ca7-6da88a00e120.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:c2:23:ba:bc:7f:97:66:1e:82:ad:1d:d2:f9:07:27:e8:fb:
         89:b3:30:8b:89:d0:d8:b5:62:e3:2b:6c:ad:b3:bb:09:a4:53:
         ef:7b:f0:3c:52:92:b3:5a:25:cc:66:5a:99:9f:0c:3a:92:a3:
         e5:70:1d:2d:dd:dc:28:c6:1b:36:3a:31:52:fd:9c:5a:f1:9e:
         2b:f1:9b:35:5b:11:58:76:64:3d:cc:2b:5b:03:2f:49:e3:d7:
         17:45:5f:44:92:a9:ff:87:be:18:30:d9:76:d6:e1:63:b0:fc:
         6d:75:06:92:7d:d3:0d:6e:41:68:e0:75:52:5c:1d:60:f3:70:
         5a:e7:0d:c2:c7:6d:42:c5:0e:cc:f5:8f:9e:67:ed:a3:1e:13:
         90:26:fa:2d:33:cd:78:5d:98:8b:13:d0:cd:b5:e8:13:9a:be:
         7d:56:13:80:d0:09:a2:2a:4d:02:76:18:5b:10:6e:cd:7e:d0:
         25:b2:7d:f7:ee:6c:ac:e6:6d:1d:ca:24:dc:77:45:13:66:64:
         d1:2a:01:37:34:52:bc:c5:27:c9:f9:5f:99:a8:4d:d8:f6:76:
         7f:5b:8c:0e:7b:d1:20:05:c9:77:c4:47:c3:52:d1:56:cd:c6:
         49:c4:be:c3:0a:47:dd:a9:10:b3:a0:7e:c1:2b:99:6a:ab:a4:
         da:63:29:44
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUDfDZtgFJIIEldjNtnj+QV22BnUkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDA3MDAwMDAwWhcNMjMwNDEwMjM1OTU5
WjCBpTFJMEcGA1UEBRNAYmMyZTE5ZjMyZGMyNGYzM2E2YTA4YTY1NDYyZWM2ODUy
ZDVkNzdmNDZhMGZlOWM4YzA3MmNlOTNkYjJjYTg0ZDEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKP3XXx0zrPfUTrzz/8fgqcF6NQdV39PQ5h0m4D6a8S1a3zCgpyn
Z5uCFc4pBMESuSWWbviXEfSSMv0p6H1FUyzUroraTW836Vtq4gWCIrLoiI6C5Bw8
qoEq2spkGTrtu9tH7+kL5iq+ovcmMMoafnGEXAO3EHn7BlxAB4+C+LXpYElS665c
bgU2dLIwqg4Jm20Yepai9i2xFE+TTL3dXe+lsiuOsSZ2uVX41q1m3ENW9EBvvrXe
j+Ql9LmJQ5yILx55wWG+V8ls3QV76v01dfLjUq+iijHixyYpHDZ4Bi3PBRIDxWOz
BpCJMcEazNLnXj6xC4UJhyZYCh2iBLJdUxMCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTukaiKKbyTyFUr03HIjHMQktpdDjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvN2Q0OGQ2NGItMjI3Zi00MzdkLThjYTctNmRhODhhMDBlMTIwLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABbCI7q8f5dmHoKt
HdL5Byfo+4mzMIuJ0Ni1YuMrbK2zuwmkU+978DxSkrNaJcxmWpmfDDqSo+VwHS3d
3CjGGzY6MVL9nFrxnivxmzVbEVh2ZD3MK1sDL0nj1xdFX0SSqf+Hvhgw2XbW4WOw
/G11BpJ90w1uQWjgdVJcHWDzcFrnDcLHbULFDsz1j55n7aMeE5Am+i0zzXhdmIsT
0M216BOavn1WE4DQCaIqTQJ2GFsQbs1+0CWyfffubKzmbR3KJNx3RRNmZNEqATc0
UrzFJ8n5X5moTdj2dn9bjA570SAFyXfER8NS0VbNxknEvsMKR92pELOgfsErmWqr
pNpjKUQ=
-----END CERTIFICATE-----