Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/804d5c1f-4faf-4846-b016-2d7877f49036.roa
File:                     804d5c1f-4faf-4846-b016-2d7877f49036.roa (raw, json)
Hash identifier:          nRo3v/m6tQlFa10nm5Y9dIqLGbDIV+gjf6WQc4liu0M=
Subject key identifier:   DC:39:0B:33:78:A8:5D:FF:E3:84:41:CA:C0:53:EA:14:52:4E:E0:22
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       2FAFB3155FD5FE3E5D84BD740BCC3C55486D62CD
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/804d5c1f-4faf-4846-b016-2d7877f49036.roa
Signing time:             Wed 05 Apr 2023 00:00:00 +0000
ROA not before:           Wed 05 Apr 2023 00:00:00 +0000
ROA not after:            Sat 08 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:af:b3:15:5f:d5:fe:3e:5d:84:bd:74:0b:cc:3c:55:48:6d:62:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr  5 00:00:00 2023 GMT
            Not After : Apr  8 23:59:59 2023 GMT
        Subject: serialNumber=124937a2563a4811b4718e5cb8b2ba1add4e3155059ce1b56270a80e0575b9d1, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:d2:b7:03:9d:12:1a:d9:36:00:44:6b:28:88:
                    c2:0c:48:c4:18:8b:37:93:76:be:e9:fb:5f:31:91:
                    0f:1b:46:b9:19:62:49:a1:13:7c:f5:6e:ad:ae:ab:
                    9b:10:02:38:de:2d:77:e3:c1:e7:23:8a:d0:2d:bb:
                    32:74:6a:91:de:06:e1:39:ae:41:04:a4:60:9c:81:
                    b4:12:28:23:db:cb:30:bb:c6:ac:31:0e:fe:12:e3:
                    17:3a:55:8f:b4:49:e2:4f:d1:13:16:2f:d9:c2:62:
                    13:0f:89:f1:5b:95:2a:5c:10:db:43:ec:3f:2d:bc:
                    4c:2d:4b:c4:13:8a:f7:55:9d:77:51:04:66:3d:90:
                    d1:ec:b2:12:70:e1:8a:99:77:37:9a:8a:a4:f5:75:
                    98:e5:99:1e:29:1c:0f:f2:fe:ea:4e:74:e7:d9:35:
                    78:68:1f:78:e0:f2:79:30:5b:72:c8:e4:b8:65:19:
                    d2:5b:6b:14:a3:14:db:86:18:5c:25:85:1c:17:d3:
                    6d:c4:8f:9b:5c:d0:9f:5b:53:9e:bc:31:6d:4c:c9:
                    cf:bc:4e:c2:e5:f5:a4:88:a7:b6:ac:74:9e:c4:64:
                    ef:10:f4:fc:cd:53:73:82:35:0f:53:60:a2:5f:d5:
                    9e:d8:65:6c:07:03:c2:f1:15:2d:dd:e0:ca:68:34:
                    d8:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:39:0B:33:78:A8:5D:FF:E3:84:41:CA:C0:53:EA:14:52:4E:E0:22
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/804d5c1f-4faf-4846-b016-2d7877f49036.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:7a:35:06:f6:03:b0:49:1b:d6:76:40:be:da:5c:da:88:69:
         d8:40:81:0b:ba:75:19:13:09:3d:ab:ef:f2:9d:56:34:ff:ab:
         17:41:6d:c2:e5:37:da:e0:3f:b9:e1:98:4c:24:c9:42:6a:7a:
         a6:9d:b4:01:54:ef:24:8b:1f:28:ea:85:e2:74:bb:2a:7b:63:
         cc:58:f2:6d:44:86:49:35:61:23:36:62:48:bb:fa:68:83:72:
         bd:39:ce:91:2b:82:ef:9c:c6:f4:dc:a3:d6:d8:25:bf:dc:7e:
         de:43:1a:40:8c:27:56:99:37:b3:a9:35:f1:d5:33:fb:f6:84:
         f2:d6:45:3d:a4:bf:94:5e:0b:91:77:53:87:9d:16:e1:64:76:
         b3:04:e2:fc:51:d8:bb:87:a0:f7:95:40:9c:e7:13:7e:2b:d8:
         e6:e5:98:52:af:5a:ab:21:c7:80:67:a7:b0:f8:08:63:8e:a8:
         b4:8c:42:e4:35:4e:69:38:6b:3a:a2:af:eb:4e:05:65:b6:43:
         7f:29:49:77:cf:68:b0:b0:b3:76:38:2f:95:cd:f9:46:5d:54:
         f6:11:91:66:1a:4c:a0:3e:66:69:e1:e4:f2:81:a4:56:53:62:
         05:b1:87:2b:53:5b:70:01:d8:e7:ef:94:6b:5c:49:64:46:93:
         db:59:be:10
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUL6+zFV/V/j5dhL10C8w8VUhtYs0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDA1MDAwMDAwWhcNMjMwNDA4MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMTI0OTM3YTI1NjNhNDgxMWI0NzE4ZTVjYjhiMmJhMWFk
ZDRlMzE1NTA1OWNlMWI1NjI3MGE4MGUwNTc1YjlkMTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMHStwOdEhrZNgBEayiIwgxIxBiLN5N2vun7XzGRDxtGuRliSaET
fPVura6rmxACON4td+PB5yOK0C27MnRqkd4G4TmuQQSkYJyBtBIoI9vLMLvGrDEO
/hLjFzpVj7RJ4k/RExYv2cJiEw+J8VuVKlwQ20PsPy28TC1LxBOK91Wdd1EEZj2Q
0eyyEnDhipl3N5qKpPV1mOWZHikcD/L+6k5059k1eGgfeODyeTBbcsjkuGUZ0ltr
FKMU24YYXCWFHBfTbcSPm1zQn1tTnrwxbUzJz7xOwuX1pIintqx0nsRk7xD0/M1T
c4I1D1Ngol/VnthlbAcDwvEVLd3gymg02KUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTcOQszeKhd/+OEQcrAU+oUUk7gIjAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvODA0ZDVjMWYtNGZhZi00ODQ2LWIwMTYtMmQ3ODc3ZjQ5MDM2LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACt6NQb2A7BJG9Z2
QL7aXNqIadhAgQu6dRkTCT2r7/KdVjT/qxdBbcLlN9rgP7nhmEwkyUJqeqadtAFU
7ySLHyjqheJ0uyp7Y8xY8m1Ehkk1YSM2Yki7+miDcr05zpErgu+cxvTco9bYJb/c
ft5DGkCMJ1aZN7OpNfHVM/v2hPLWRT2kv5ReC5F3U4edFuFkdrME4vxR2LuHoPeV
QJznE34r2OblmFKvWqshx4Bnp7D4CGOOqLSMQuQ1Tmk4azqir+tOBWW2Q38pSXfP
aLCws3Y4L5XN+UZdVPYRkWYaTKA+Zmnh5PKBpFZTYgWxhytTW3AB2OfvlGtcSWRG
k9tZvhA=
-----END CERTIFICATE-----