Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/837d307a-aa55-4a06-b72e-a40092d23025.roa
File:                     837d307a-aa55-4a06-b72e-a40092d23025.roa (raw, json)
Hash identifier:          FoqoXj3FG6z/S+jW+yzI0cCKQZrPzVEXLp3fu3r3ycY=
Subject key identifier:   56:F3:75:B5:6E:90:2D:57:60:39:2C:E2:35:20:C1:4D:11:19:48:87
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       0279720B6A3596EAC7C5E182E8AA176B2FB5C39E
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/837d307a-aa55-4a06-b72e-a40092d23025.roa
Signing time:             Mon 13 Mar 2023 00:00:00 +0000
ROA not before:           Mon 13 Mar 2023 00:00:00 +0000
ROA not after:            Thu 16 Mar 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:79:72:0b:6a:35:96:ea:c7:c5:e1:82:e8:aa:17:6b:2f:b5:c3:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Mar 13 00:00:00 2023 GMT
            Not After : Mar 16 23:59:59 2023 GMT
        Subject: serialNumber=558a46719aaa6c07632936accef6f241de0c46edda0be8bb30e40de04151beee, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:8a:18:06:c1:6f:74:fc:0a:a4:c5:57:a7:66:
                    72:df:df:bc:b1:2c:97:83:94:87:ac:ab:e9:e0:2c:
                    2c:55:74:98:ec:3e:32:6c:2c:bc:62:d4:03:43:2e:
                    a4:7a:ae:20:8c:74:44:ec:e4:7f:a8:e2:90:02:da:
                    0b:93:cb:07:62:1c:97:5e:bb:89:dc:a7:53:f4:56:
                    65:b0:c9:56:9f:12:97:d3:9a:9f:db:cb:31:56:82:
                    aa:94:c9:3e:6b:3b:07:f8:30:fc:04:95:1f:79:14:
                    4c:91:82:25:6a:c2:7f:b7:a4:20:8c:84:7b:6c:f1:
                    04:22:fa:60:c7:c7:0e:a1:94:d0:d4:b5:70:ff:16:
                    0c:33:c6:b0:a2:9b:64:88:b6:76:4e:27:4b:d5:24:
                    c5:6b:04:f1:cd:f8:21:a2:3d:6a:4f:08:ea:65:a1:
                    03:e9:db:e2:f3:21:b6:54:d5:c4:b3:31:73:9c:2b:
                    c4:51:bd:72:26:e8:5b:ba:3d:0a:4a:6f:46:a5:fe:
                    fc:91:41:96:29:a9:b9:70:2c:b0:39:7e:84:40:43:
                    7e:04:7c:bf:4c:e5:21:97:f3:d0:2d:91:a3:39:1d:
                    55:5d:be:18:b9:19:3a:07:f6:a3:29:5f:46:4f:58:
                    fe:90:10:a6:56:f8:90:4b:aa:e2:79:5f:ef:41:f7:
                    b3:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:F3:75:B5:6E:90:2D:57:60:39:2C:E2:35:20:C1:4D:11:19:48:87
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/837d307a-aa55-4a06-b72e-a40092d23025.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:60:5c:81:ee:73:b1:e1:84:67:27:78:bd:88:da:d9:b2:93:
         48:02:73:ed:e2:8a:60:b2:ef:3b:fc:9e:94:da:8b:d2:e5:c6:
         5b:8c:79:14:6b:1d:2d:b7:86:db:97:bd:ce:a9:44:37:da:e9:
         5d:eb:45:61:46:5b:15:dd:b4:6e:8a:8b:60:58:db:c0:3f:bd:
         c5:e1:ad:fb:83:8d:0f:69:02:3a:f2:09:ba:5a:5e:6c:37:16:
         3d:2a:48:38:ab:63:ae:a9:88:5b:d5:a9:1a:fa:ad:53:19:db:
         d0:4c:17:e7:f7:94:71:e1:76:9a:bf:a8:2b:d6:ad:cc:45:61:
         bb:b4:15:29:f3:f9:7d:16:c5:a8:f4:ee:50:66:30:6a:5c:e6:
         f9:15:0c:b4:76:6d:da:17:51:44:19:ed:8c:71:37:7d:a7:e5:
         74:78:bf:1b:ba:cc:ea:06:73:b3:10:40:dc:c0:51:fb:f9:98:
         84:c0:35:39:85:98:dc:32:99:12:41:ac:00:15:b5:dd:04:76:
         7c:14:87:82:cc:8e:68:b1:b3:43:45:3f:dc:ac:52:40:1c:09:
         a9:0c:d9:9c:28:f4:02:79:08:d2:01:37:d3:11:62:21:3f:b0:
         dc:02:61:59:94:b6:be:b8:5e:bb:f5:20:14:82:00:53:44:c6:
         d7:65:d8:17
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUAnlyC2o1lurHxeGC6KoXay+1w54wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMzEzMDAwMDAwWhcNMjMwMzE2MjM1OTU5
WjCBpTFJMEcGA1UEBRNANTU4YTQ2NzE5YWFhNmMwNzYzMjkzNmFjY2VmNmYyNDFk
ZTBjNDZlZGRhMGJlOGJiMzBlNDBkZTA0MTUxYmVlZTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANuKGAbBb3T8CqTFV6dmct/fvLEsl4OUh6yr6eAsLFV0mOw+Mmws
vGLUA0MupHquIIx0ROzkf6jikALaC5PLB2Icl167idynU/RWZbDJVp8Sl9Oan9vL
MVaCqpTJPms7B/gw/ASVH3kUTJGCJWrCf7ekIIyEe2zxBCL6YMfHDqGU0NS1cP8W
DDPGsKKbZIi2dk4nS9UkxWsE8c34IaI9ak8I6mWhA+nb4vMhtlTVxLMxc5wrxFG9
ciboW7o9CkpvRqX+/JFBlimpuXAssDl+hEBDfgR8v0zlIZfz0C2RozkdVV2+GLkZ
Ogf2oylfRk9Y/pAQplb4kEuq4nlf70H3sxUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBRW83W1bpAtV2A5LOI1IMFNERlIhzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvODM3ZDMwN2EtYWE1NS00YTA2LWI3MmUtYTQwMDkyZDIzMDI1LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAlgXIHuc7HhhGcn
eL2I2tmyk0gCc+3iimCy7zv8npTai9LlxluMeRRrHS23htuXvc6pRDfa6V3rRWFG
WxXdtG6Ki2BY28A/vcXhrfuDjQ9pAjryCbpaXmw3Fj0qSDirY66piFvVqRr6rVMZ
29BMF+f3lHHhdpq/qCvWrcxFYbu0FSnz+X0Wxaj07lBmMGpc5vkVDLR2bdoXUUQZ
7YxxN32n5XR4vxu6zOoGc7MQQNzAUfv5mITANTmFmNwymRJBrAAVtd0EdnwUh4LM
jmixs0NFP9ysUkAcCakM2Zwo9AJ5CNIBN9MRYiE/sNwCYVmUtr64Xrv1IBSCAFNE
xtdl2Bc=
-----END CERTIFICATE-----