Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8bb1f325-4b55-4137-b300-2737e589dd8f.roa
File:                     8bb1f325-4b55-4137-b300-2737e589dd8f.roa (raw, json)
Hash identifier:          8PpIcTtQG/eCTMgE9wKPbxIiex2MuWCp8O3VvvOgzmk=
Subject key identifier:   BA:88:3D:31:65:E1:04:B5:25:21:99:5A:75:65:50:F7:4D:A0:78:C7
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       5A550A63A794F7B012F291C7086DC2E1BD6BB683
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8bb1f325-4b55-4137-b300-2737e589dd8f.roa
Signing time:             Sun 16 Apr 2023 00:00:00 +0000
ROA not before:           Sun 16 Apr 2023 00:00:00 +0000
ROA not after:            Wed 19 Apr 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:55:0a:63:a7:94:f7:b0:12:f2:91:c7:08:6d:c2:e1:bd:6b:b6:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Apr 16 00:00:00 2023 GMT
            Not After : Apr 19 23:59:59 2023 GMT
        Subject: serialNumber=51c3c71f64502f15febacef207ac166d9d456788008206f4b4a698e7410ba8ba, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:cf:28:de:55:f9:af:02:c3:fb:72:38:63:3b:
                    eb:01:96:e3:ce:59:37:77:c7:fa:08:b3:59:14:88:
                    8b:ba:a5:71:fd:0f:2c:91:c6:d3:e1:54:30:76:cd:
                    cc:70:a7:97:22:03:a7:c9:24:da:3b:1c:57:5d:6e:
                    c4:c1:c0:78:77:4a:9c:e5:c6:b0:af:00:5d:87:ad:
                    05:14:10:3e:31:d6:51:65:05:55:a6:bf:d4:6b:87:
                    e8:ea:d8:30:77:05:ca:28:32:12:ea:36:2e:36:a9:
                    f8:c7:e6:58:5f:a7:91:25:bc:7b:e2:97:0b:32:95:
                    21:37:6b:94:59:4d:e8:a3:f0:e7:84:64:15:c5:bd:
                    bd:0c:93:0c:b2:d6:a6:98:1c:bb:98:ba:a3:e3:8f:
                    6a:0c:ce:19:93:54:60:b8:1e:f0:84:3c:3f:9a:a6:
                    43:e1:2d:5f:f6:25:35:0b:56:11:13:8a:db:22:00:
                    38:96:48:8e:4a:ee:a0:a7:7e:68:59:07:01:31:ca:
                    20:d4:4a:21:fc:d6:16:06:68:71:0d:93:8b:58:34:
                    33:ac:fa:3b:94:2a:67:66:0e:ca:2c:d9:c1:f1:76:
                    41:32:3c:8e:bd:85:25:4b:65:4a:d8:94:71:28:20:
                    1a:3b:21:44:01:c8:38:57:8c:75:f6:dc:d8:45:96:
                    34:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:88:3D:31:65:E1:04:B5:25:21:99:5A:75:65:50:F7:4D:A0:78:C7
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/8bb1f325-4b55-4137-b300-2737e589dd8f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:cb:83:26:65:9a:47:5d:d4:b0:0c:21:43:15:23:7c:82:81:
         1f:a9:18:16:16:9f:0c:cb:d6:c1:38:79:b5:89:64:f8:bd:55:
         01:97:b5:d7:f4:34:09:00:60:fc:5b:00:24:d3:bb:a4:3d:3c:
         a0:43:b9:ad:4e:3b:77:29:13:60:f7:8f:cd:4b:60:90:e6:51:
         3a:f4:95:21:99:e3:6d:d2:f3:41:03:28:53:6a:11:3b:75:bc:
         71:61:c4:14:20:4e:51:20:0c:25:42:51:dc:f2:77:80:04:42:
         c7:53:dc:f4:be:72:ba:0c:40:db:21:1d:0d:eb:d4:a4:c3:79:
         57:54:bb:98:0c:ae:22:30:b6:c1:d9:11:af:9b:c9:d3:64:ed:
         6e:0a:4f:91:b0:67:2d:12:c3:4c:e6:ae:56:ff:f5:c7:a3:fd:
         08:d3:88:42:2e:89:d5:dd:b2:fb:7a:8d:09:7b:03:90:95:d2:
         8f:d4:83:21:4b:b7:1c:b5:2b:e0:1e:fc:53:81:13:b4:c8:99:
         cc:5a:c9:fc:36:d3:b1:43:43:60:84:12:75:74:d8:3e:5d:90:
         c0:b7:8a:50:90:1e:2d:f9:2d:42:71:14:64:00:05:82:5e:58:
         85:b9:3e:db:a7:71:f3:96:4d:ea:be:5d:dd:c9:6e:1d:36:26:
         ef:44:4f:0c
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUWlUKY6eU97AS8pHHCG3C4b1rtoMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwNDE2MDAwMDAwWhcNMjMwNDE5MjM1OTU5
WjCBpTFJMEcGA1UEBRNANTFjM2M3MWY2NDUwMmYxNWZlYmFjZWYyMDdhYzE2NmQ5
ZDQ1Njc4ODAwODIwNmY0YjRhNjk4ZTc0MTBiYThiYTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKTPKN5V+a8Cw/tyOGM76wGW485ZN3fH+gizWRSIi7qlcf0PLJHG
0+FUMHbNzHCnlyIDp8kk2jscV11uxMHAeHdKnOXGsK8AXYetBRQQPjHWUWUFVaa/
1GuH6OrYMHcFyigyEuo2Ljap+MfmWF+nkSW8e+KXCzKVITdrlFlN6KPw54RkFcW9
vQyTDLLWppgcu5i6o+OPagzOGZNUYLge8IQ8P5qmQ+EtX/YlNQtWEROK2yIAOJZI
jkruoKd+aFkHATHKINRKIfzWFgZocQ2Ti1g0M6z6O5QqZ2YOyizZwfF2QTI8jr2F
JUtlStiUcSggGjshRAHIOFeMdfbc2EWWNAcCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBS6iD0xZeEEtSUhmVp1ZVD3TaB4xzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvOGJiMWYzMjUtNGI1NS00MTM3LWIzMDAtMjczN2U1ODlkZDhmLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGXLgyZlmkdd1LAM
IUMVI3yCgR+pGBYWnwzL1sE4ebWJZPi9VQGXtdf0NAkAYPxbACTTu6Q9PKBDua1O
O3cpE2D3j81LYJDmUTr0lSGZ423S80EDKFNqETt1vHFhxBQgTlEgDCVCUdzyd4AE
QsdT3PS+croMQNshHQ3r1KTDeVdUu5gMriIwtsHZEa+bydNk7W4KT5GwZy0Sw0zm
rlb/9cej/QjTiEIuidXdsvt6jQl7A5CV0o/UgyFLtxy1K+Ae/FOBE7TImcxayfw2
07FDQ2CEEnV02D5dkMC3ilCQHi35LUJxFGQABYJeWIW5PtuncfOWTeq+Xd3Jbh02
Ju9ETww=
-----END CERTIFICATE-----