Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7fb7724b-d001-4808-bd97-572582e156b8.roa
File:                     7fb7724b-d001-4808-bd97-572582e156b8.roa (raw, json)
Hash identifier:          r/gSex4Mvt3cTGm5Qi/6Iu58LoMKKrDlB/IswFn1KZs=
Subject key identifier:   58:DD:D5:C4:22:A5:3D:FC:EB:D7:F5:A4:05:5D:F9:56:FA:77:D6:45
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       18185BC289B859C4C89691F084C829CCC614625D
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7fb7724b-d001-4808-bd97-572582e156b8.roa
Signing time:             Fri 17 Feb 2023 00:00:00 +0000
ROA not before:           Fri 17 Feb 2023 00:00:00 +0000
ROA not after:            Mon 20 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:18:5b:c2:89:b8:59:c4:c8:96:91:f0:84:c8:29:cc:c6:14:62:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 17 00:00:00 2023 GMT
            Not After : Feb 20 23:59:59 2023 GMT
        Subject: serialNumber=edea8bf677787dc5c234afc233d160d400f956d58fb4d99e350f268ec1a0ef69, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:9b:a5:fd:ba:62:dd:80:cc:6b:1e:c2:1e:1a:
                    86:a4:97:25:45:c8:f5:fd:2e:d7:d5:52:ea:91:ed:
                    47:70:8f:be:dc:5e:90:12:7f:b9:ab:78:b3:ce:ec:
                    2c:ff:26:01:97:57:f0:49:84:ea:e8:12:e6:b7:12:
                    c4:4b:4d:04:df:0d:55:2c:d2:a7:6d:a7:74:d0:6c:
                    ee:a9:e3:c8:9b:94:0b:c1:b1:de:50:73:98:2e:98:
                    35:f3:ea:bd:f1:a1:ee:aa:9a:2b:5c:1a:7c:2b:e7:
                    44:68:b2:72:00:08:47:4e:52:e7:d6:40:43:ea:0c:
                    62:ff:c6:25:d6:de:31:90:84:34:a1:9a:56:39:fe:
                    73:58:6f:64:8f:b0:5e:7f:93:93:99:87:8a:5a:36:
                    d8:fa:44:70:a3:bb:3b:bb:68:bc:d9:92:ca:14:74:
                    14:0f:93:ce:39:0e:0f:c5:07:07:06:5a:c4:e8:24:
                    41:9f:e4:c3:1b:b7:33:26:c9:62:c0:f4:8f:9a:b8:
                    72:5f:f6:76:fc:d4:b4:74:41:dc:4d:46:c3:ce:b8:
                    ca:7d:42:82:c5:59:f2:87:51:2c:eb:5c:11:c4:04:
                    b6:a2:14:ae:93:ef:fd:a4:94:66:93:08:93:b5:61:
                    8b:22:a9:35:08:24:c4:4a:2f:92:c5:27:6f:9b:66:
                    f4:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:DD:D5:C4:22:A5:3D:FC:EB:D7:F5:A4:05:5D:F9:56:FA:77:D6:45
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7fb7724b-d001-4808-bd97-572582e156b8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c3:1d:b7:3f:6b:1d:18:6b:f9:f5:db:d1:7e:76:d6:ef:29:b0:
         1d:2a:a9:2d:33:08:d7:be:2c:a6:aa:12:e3:98:12:10:49:e1:
         f9:4b:67:26:ce:86:29:02:74:b7:08:f2:6d:29:53:3a:c1:3f:
         9f:14:47:ed:7a:68:d8:25:8a:64:ad:f7:02:ad:ae:75:c9:c1:
         31:52:43:e5:09:ad:1a:fc:ee:b9:fb:54:96:b4:4d:58:77:d8:
         b1:a6:39:51:0d:0e:56:ed:b2:6e:c6:a2:6d:2d:72:9b:57:08:
         68:3e:17:49:c1:ed:78:af:69:db:ef:58:3a:98:3a:5d:14:5a:
         f4:97:aa:1a:9a:d0:46:54:74:e9:bd:cf:20:82:db:35:c1:57:
         f0:c0:12:d0:3c:bd:27:43:d9:85:2a:7a:95:82:0c:63:cb:a9:
         36:43:40:12:86:b0:8a:72:2d:80:e1:69:38:12:20:03:8d:32:
         a9:16:85:14:fc:8f:a6:98:33:e4:e3:9e:0e:e5:03:76:3f:82:
         bf:fc:c9:21:df:5d:73:d6:1b:9f:0b:e1:24:10:d2:31:3a:61:
         bc:21:ff:0c:cb:78:99:b5:90:86:29:05:ba:8f:4f:19:07:b9:
         7f:39:98:02:ff:8e:a6:02:78:fc:da:b6:bb:67:bc:7e:02:cc:
         23:ab:e4:72
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUGBhbwom4WcTIlpHwhMgpzMYUYl0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjE3MDAwMDAwWhcNMjMwMjIwMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZWRlYThiZjY3Nzc4N2RjNWMyMzRhZmMyMzNkMTYwZDQw
MGY5NTZkNThmYjRkOTllMzUwZjI2OGVjMWEwZWY2OTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANqbpf26Yt2AzGsewh4ahqSXJUXI9f0u19VS6pHtR3CPvtxekBJ/
uat4s87sLP8mAZdX8EmE6ugS5rcSxEtNBN8NVSzSp22ndNBs7qnjyJuUC8Gx3lBz
mC6YNfPqvfGh7qqaK1wafCvnRGiycgAIR05S59ZAQ+oMYv/GJdbeMZCENKGaVjn+
c1hvZI+wXn+Tk5mHilo22PpEcKO7O7tovNmSyhR0FA+TzjkOD8UHBwZaxOgkQZ/k
wxu3MybJYsD0j5q4cl/2dvzUtHRB3E1Gw864yn1CgsVZ8odRLOtcEcQEtqIUrpPv
/aSUZpMIk7VhiyKpNQgkxEovksUnb5tm9O0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRY3dXEIqU9/OvX9aQFXflW+nfWRTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvN2ZiNzcyNGItZDAwMS00ODA4LWJkOTctNTcyNTgyZTE1NmI4LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAMMdtz9rHRhr+fXb
0X521u8psB0qqS0zCNe+LKaqEuOYEhBJ4flLZybOhikCdLcI8m0pUzrBP58UR+16
aNglimSt9wKtrnXJwTFSQ+UJrRr87rn7VJa0TVh32LGmOVENDlbtsm7Gom0tcptX
CGg+F0nB7XivadvvWDqYOl0UWvSXqhqa0EZUdOm9zyCC2zXBV/DAEtA8vSdD2YUq
epWCDGPLqTZDQBKGsIpyLYDhaTgSIAONMqkWhRT8j6aYM+Tjng7lA3Y/gr/8ySHf
XXPWG58L4SQQ0jE6Ybwh/wzLeJm1kIYpBbqPTxkHuX85mAL/jqYCePzatrtnvH4C
zCOr5HI=
-----END CERTIFICATE-----