Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/815fec25-1851-4925-9ff0-599408588e3b.roa
File:                     815fec25-1851-4925-9ff0-599408588e3b.roa (raw, json)
Hash identifier:          P+wlxBn4Uaf97mMfNgq0C+BFwk8Yoy9ZI0v0p/1d2/E=
Subject key identifier:   2D:15:BA:B2:78:DF:9D:60:E1:52:70:75:29:51:7C:44:4D:5F:12:95
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       5EA6F7B1CA163DB5A7798149785A4084B0B6496A
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/815fec25-1851-4925-9ff0-599408588e3b.roa
Signing time:             Fri 10 Mar 2023 00:00:00 +0000
ROA not before:           Fri 10 Mar 2023 00:00:00 +0000
ROA not after:            Mon 13 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:a6:f7:b1:ca:16:3d:b5:a7:79:81:49:78:5a:40:84:b0:b6:49:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 10 00:00:00 2023 GMT
            Not After : Mar 13 23:59:59 2023 GMT
        Subject: serialNumber=00f097d7e8e52840e4b1ecc354422f06f50fd5cf7047d0c39fc71be22db69f4a, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:a4:fc:5e:e6:d0:46:aa:2c:34:1b:88:32:f3:
                    d8:7b:e8:10:a4:0d:d0:e1:55:d6:5d:f7:8f:61:d7:
                    66:5e:30:7a:a3:5a:14:d9:6f:cb:83:e2:50:3b:7b:
                    78:d9:75:06:23:85:45:9e:75:3f:46:da:34:6a:58:
                    b3:4a:df:fe:48:b1:89:14:dc:11:9e:4e:7c:8b:5c:
                    bb:d3:be:6b:6a:e8:6a:b7:eb:e8:16:bb:f1:b3:95:
                    77:75:70:5b:08:3f:89:bc:ab:c2:85:ae:58:c8:b0:
                    07:b3:5d:aa:60:fe:24:3f:63:85:40:9f:78:27:2c:
                    f2:8e:db:b0:b6:64:e3:ba:b9:51:f4:2e:10:d2:1e:
                    73:1d:ec:e2:9b:2c:82:ee:a0:6f:93:f8:28:2b:c7:
                    90:76:78:1e:ff:7b:53:3e:28:0e:de:23:17:49:15:
                    8f:1b:07:8c:16:31:ef:e3:61:41:0f:26:49:d2:b4:
                    36:ab:57:8a:22:8d:4c:68:f6:7e:0b:fb:e1:a0:5b:
                    a6:c3:f7:f6:1f:5a:17:9a:ab:02:84:e2:21:55:65:
                    1e:78:60:4c:6c:d1:fd:b3:8e:af:dc:b5:16:10:9d:
                    c1:f8:46:53:0a:ee:12:ac:85:72:27:03:e5:a5:ec:
                    57:dd:be:ee:bb:11:b9:16:ad:92:7f:ec:08:e4:fd:
                    37:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:15:BA:B2:78:DF:9D:60:E1:52:70:75:29:51:7C:44:4D:5F:12:95
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/815fec25-1851-4925-9ff0-599408588e3b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:ee:58:5f:9d:ac:77:4a:48:f6:5c:ba:d5:0b:df:1b:37:92:
         f5:55:64:11:98:c4:ff:98:b6:43:f9:a9:ce:e3:3a:a6:a2:6a:
         89:12:f5:9f:28:9f:44:4b:14:ab:02:ee:e2:41:58:3d:2c:5d:
         ac:b3:04:2d:76:91:c4:5b:2c:95:14:20:a5:4d:b7:e3:30:88:
         26:12:a3:08:83:e9:b8:5a:27:b9:ed:3d:50:c3:0d:8a:ec:9b:
         73:04:92:0b:0b:ce:d6:c3:46:1a:02:19:01:7a:d1:58:67:8f:
         8d:d6:50:f9:d7:70:31:a6:c7:3b:4a:27:2a:4d:e9:b3:5b:ee:
         fb:24:c1:40:c2:da:31:52:e4:62:56:03:20:be:6a:54:a7:6b:
         29:ac:4f:d0:44:40:00:cf:69:be:6c:f7:d3:01:40:c3:23:e4:
         3d:0a:a2:3b:a4:00:05:96:64:bf:80:84:a6:29:56:9c:ce:b8:
         60:03:42:0d:61:ac:07:03:cb:e0:3b:de:46:f3:3a:24:2b:c0:
         43:4c:7d:01:6e:e6:52:0a:62:79:94:08:a6:ac:db:d9:aa:86:
         22:5e:7d:64:f8:25:95:54:1e:47:98:bd:ab:3b:ca:fd:33:99:
         6b:ec:61:84:98:a3:95:b4:aa:86:0d:61:f9:62:61:e8:97:30:
         e5:35:8f:06
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUXqb3scoWPbWneYFJeFpAhLC2SWowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzEwMDAwMDAwWhcNMjMwMzEzMjM1OTU5
WjCBpTFJMEcGA1UEBRNAMDBmMDk3ZDdlOGU1Mjg0MGU0YjFlY2MzNTQ0MjJmMDZm
NTBmZDVjZjcwNDdkMGMzOWZjNzFiZTIyZGI2OWY0YTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKek/F7m0EaqLDQbiDLz2HvoEKQN0OFV1l33j2HXZl4weqNaFNlv
y4PiUDt7eNl1BiOFRZ51P0baNGpYs0rf/kixiRTcEZ5OfItcu9O+a2roarfr6Ba7
8bOVd3VwWwg/ibyrwoWuWMiwB7NdqmD+JD9jhUCfeCcs8o7bsLZk47q5UfQuENIe
cx3s4pssgu6gb5P4KCvHkHZ4Hv97Uz4oDt4jF0kVjxsHjBYx7+NhQQ8mSdK0NqtX
iiKNTGj2fgv74aBbpsP39h9aF5qrAoTiIVVlHnhgTGzR/bOOr9y1FhCdwfhGUwru
EqyFcicD5aXsV92+7rsRuRatkn/sCOT9N30CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQtFbqyeN+dYOFScHUpUXxETV8SlTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvODE1ZmVjMjUtMTg1MS00OTI1LTlmZjAtNTk5NDA4NTg4ZTNiLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHfuWF+drHdKSPZc
utUL3xs3kvVVZBGYxP+YtkP5qc7jOqaiaokS9Z8on0RLFKsC7uJBWD0sXayzBC12
kcRbLJUUIKVNt+MwiCYSowiD6bhaJ7ntPVDDDYrsm3MEkgsLztbDRhoCGQF60Vhn
j43WUPnXcDGmxztKJypN6bNb7vskwUDC2jFS5GJWAyC+alSnaymsT9BEQADPab5s
99MBQMMj5D0KojukAAWWZL+AhKYpVpzOuGADQg1hrAcDy+A73kbzOiQrwENMfQFu
5lIKYnmUCKas29mqhiJefWT4JZVUHkeYvas7yv0zmWvsYYSYo5W0qoYNYfliYeiX
MOU1jwY=
-----END CERTIFICATE-----